efge commented on a change in pull request #406:
URL: https://github.com/apache/tomcat/pull/406#discussion_r588412956
##########
File path: java/org/apache/catalina/valves/SSLValve.java
##########
@@ -137,7 +149,13 @@ public void invoke(Request request, Response response)
throws IOException, Servl
* separate lines, the CertificateFactory is tolerant of any
* additional whitespace.
*/
- String headerValue = mygetHeader(request, sslClientCertHeader);
+ String headerValue;
+ String headerEscapedValue = mygetHeader(request,
sslClientEscapedCertHeader);
+ if (headerEscapedValue != null) {
+ headerValue = URLDecoder.decode(headerEscapedValue, "ISO-8859-1");
Review comment:
Thanks yes I'm aware of what `URLDecoder` does but in this instance it
was "good enough" given that we're decoding an ad hoc encoding done by Nginx
that is a subset of what `URLDecoder` can decode. Also I had searched in the
Tomcat codebase for a utility to do this but didn't find anything.
I searched again deeper and finally found `UDecoder`/`UEncoder` which seem
very old and have weird calling conventions but do the job.
Regarding the charset I was using ISO-8859-1 because that's what's used a
few lines below when converting the cert to a byte array, but I can use UTF-8
if you prefer. Again this is for an ad hoc Nginx encoding that encodes an ASCII
cert anyway so the end result is the same.
The PR has been updated with these changes.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
