On Thu, 2009-07-09 at 09:08 +0200, Mattias Öhrn wrote: > Hello, > > I have a problem related to the client certificate HTTP headers added by > pound. When the client certificate contains a subject or issuer DN with non > ASCII characters the corresponding header added by Pound (X-SSL-Subject or > X-SSL-Issuer) will get a value that contains invalid characters (e.g. 'Ö' is > encoded as 0x303, 0x226). I think this is incorrect according to RFC 2616. > > This has not been a problem until now when we're trying to migrate an > ASP.NET web service to Windows Communication Foundation (WCF). It turns out > that WCF is *very* strict about HTTP headers and if there is one invalid > header it is not possible to access any headers (and we need to retrieve the > certificate from the X-SSL-Certificate header). We don't need the > X-SSL-Subject or X-SSL-Issuer headers but I have not found any way of > choosing what headers should be added by Pound, as I understand it it's all > or nothing. We are using Pound 2.2.7 on CentOS but I've read the change log > for the latest version and could not find any related fixes. > > Any suggestions?
I suggest you check with the OpenSSL people - Pound uses the regular functions from that package to create the headers. As an aside, I am not really sure that these headers are illegal - RFC 2616 talks about "octets", which I think should allow for this. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-44-920 4904 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
