Thanks, i'll try to use on-fly base64 convertation. /---/ */Best regards,/* /Eugene Istomin/
> Hello Eugene, > > On Fri, Oct 31, 2014 at 11:42:40AM +0200, Eugene Istomin wrote: > > Hello Willy, > > > > thanks to ssl_c_der! Can you implement ssl_c_pem like in nginx > > (ssl_client_raw_cert) ? > > From the information we got here, nginx seems to require an incorrect > header encoding that's explicitly forbidden by the HTTP standard > (cf rfc7230 #3.2.4), and that recipients are required to reject or > to fix. Thus if you have something like this which works in production, > it's very likely that your recipient already consumes a fixed version > of the header. Would you care to check how the recipient consumes that > field, and/or to test if it accepts the standard base64 representation ? > From what I'm seeing in questions on the net, it seems that a number of > consumers simply remove the begin/end lines, all spaces, then pass this > to openssl, so it's likely that the original representation should > already be in the expected format : > > http-request set-header x-ssl-cert %[ssl_c_der,base64] > > Regards, > Willy
