From: Eric Wong <e@80x24.org>
To: Mishael A Sibiryakov <death@junki.org>
Cc: unicorn-public@bogomips.org
Subject: Re: [PATCH] Add some tolerance (RFC2616 sec. 19.3)
Date: Thu, 20 Oct 2016 17:55:54 +0000 [thread overview]
Message-ID: <20161020175554.GA15564@starla> (raw)
In-Reply-To: <1476954332.1736.156.camel@junki.org>
Mishael A Sibiryakov <death@junki.org> wrote:
> Hi all.
>
> We're implementing client certificate authentication with nginx and
> unicorn.
>
> Nginx configured in the following way:
>
> proxy_set_header X-SSL-Client-Cert $ssl_client_cert;
>
> When client submits certificate and nginx passes it to the unicorn,
> unicorn responds with 400 (Bad Request). This caused because nginx
> doesn't use "\r\n" they using just "\n" and multilne headers is failed
> to parse (I've added test).
>
> Accorording to RFC2616 section 19.3:
> https://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.3
>
> "The line terminator for message-header fields is the sequence CRLF.
> However, we recommend that applications, when parsing such headers,
> recognize a single LF as a line terminator and ignore the leading CR."
>
> CRLF changed to ("\r\n" | "\n")
Thanks for that useful explanation. Aside from the unnecessary,
"Hi all,", that is an informative commit message which justifies
the usefulness of that patch.
> Github commit https://github.com/uno4ki/unicorn/commit/ed127b66e162aaf1
> 76de05720f6be758f8b41b1f
Unfortunately, the commit message in your git repo is lacking.
I've used the text at the top of your email.
> PS: Googling "nginx unicorn ssl_client_cert" shows the problem.
>
> ---
> ext/unicorn_http/unicorn_http_common.rl | 2 +-
> test/unit/test_http_parser.rb | 16 ++++++++++++++++
> 2 files changed, 17 insertions(+), 1 deletion(-)
Eeep, Evolution does some strange things with formatting
whitespaces. It looks like instructions for making it nicer are
in the Linux kernel:
https://bogomips.org/mirrors/linux.git/plain/Documentation/email-clients.txt?h=v4.8
<snip>
> + def test_multiline_header_0d0a
> + parser = HttpParser.new
> + parser.buf << "GET / HTTP/1.0\r\nX-Multiline-Header: foo
> bar\r\n\tcha cha\r\n\tzha zha\r\n\r\n"
I expect code to be wrapped at 80 lines or less. Fixed locally.
(I need big fonts, even 80 is a compromise, I really prefer 64)
Anyways, pushed to the "rfc2616-sec19.3" branch.
I've also uploaded a prerelease 5.1.0.4.gd5fbb to RubyGems
for folks without Ragel.
gem install --pre unicorn -v 5.1.0.4.gd5fbb
Anything else? Expect a 5.2.0 release in a few days or so.
Thanks.
next prev parent reply other threads:[~2016-10-20 17:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-20 9:05 [PATCH] Add some tolerance (RFC2616 sec. 19.3) Mishael A Sibiryakov
2016-10-20 17:55 ` Eric Wong [this message]
2016-10-20 20:25 ` Mishael A Sibiryakov
2016-10-20 20:50 ` Eric Wong
2016-10-20 21:03 ` Mishael A Sibiryakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://yhbt.net/unicorn/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161020175554.GA15564@starla \
--to=e@80x24.org \
--cc=death@junki.org \
--cc=unicorn-public@bogomips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).