Hello Eugene, On Fri, Oct 31, 2014 at 11:42:40AM +0200, Eugene Istomin wrote: > Hello Willy, > > thanks to ssl_c_der! Can you implement ssl_c_pem like in nginx > (ssl_client_raw_cert) ?
>From the information we got here, nginx seems to require an incorrect header encoding that's explicitly forbidden by the HTTP standard (cf rfc7230 #3.2.4), and that recipients are required to reject or to fix. Thus if you have something like this which works in production, it's very likely that your recipient already consumes a fixed version of the header. Would you care to check how the recipient consumes that field, and/or to test if it accepts the standard base64 representation ? >From what I'm seeing in questions on the net, it seems that a number of consumers simply remove the begin/end lines, all spaces, then pass this to openssl, so it's likely that the original representation should already be in the expected format : http-request set-header x-ssl-cert %[ssl_c_der,base64] Regards, Willy
