Bug#897042: pound: Enable sending the certificate in a single header line

[Claudio Nieder]

Hi,

a few weeks ago pound 2.8 was released, where single line headers is the 
default. Upgrading to 2.8 is a way to fix this issue.

claudio
-- 
Claudio Nieder, Ruhestrasse 7, CH-8045 Zürich, Tel +4179 357 6743, 
www.claudio.ch

Bug#897042: pound: Enable sending the certificate in a single header line

[Claudio Nieder]

Package: pound
Version: 2.7-1.3

When pound listens on an https connection it will forward client certificate in 
the X-SSL-certificate header. By default it will transfer the certificate in 
multiple lines as was allowed historically in http.

RFC7230 deprecates this behaviour and more and more http servers reject 
requests with such headers and return a 400 Bad Request error message.

As discussed in the pound mailing list 
(http://www.apsis.ch/pound/pound_list/archive/2018/2018-04/1524178583000#1524337674000)
 pound is capable to send the X-SSL-certificate in a single line and thus 
conform to the RFC by compiling it using the --enable-cert1l option on 
configure. But one must specify this option, it is not the default.

To conform to RFC7230 the pound package should be rebuilt using the 
—enable-cert1l option when doing the configure step.

Thank you very much,
claudio
-- 
Claudio Nieder, Ruhestrasse 7, CH-8045 Zürich, Tel +4179 357 6743, 
www.claudio.ch