[Mongrel] Mongrel HTTP Header Problem

Michael Parkin michaelparkin at gmail.com
Wed Oct 11 11:06:34 EDT 2006


I've recently been trying to setup Mongrel behind Pound so that I can
do mutual SSL authentication. I've had a few problems with Pound
(documented at [1]), but now have it working correctly.

However, I think there is a problem with Mongrel and how it deals with
the headers Pound adds to the HTTP header block. One of the extra
headers Pound adds is 'X-SSL-certificate' - the full multi-line client
certificate in PEM format. As the certificate is spread over multiple
lines like this:

X-SSL-certificate: -----BEGIN CERTIFICATE-----

...with a carriage return between each line Mongrel, it seems, cannot
handle the line breaks in the header and with this header present
returns an internal server error '500'.

Looking at RFC 2616 it seems that whitespace such as this _is_ allowed
in the header block. Section 4.2 says "Header fields can be extended
over multiple lines by preceding each extra line with at least one SP
or HT" - which is exactly what Pound does. Therefore, I think the
problem may be with Mongrel.

I've tested this by doing the following:

1) Sniffed the whole HTTP message sent from Pound -> Mongrel using
tcpmon. (Fails - returns 'internal server error' / 500).

2) Replaying the message into Mongrel directly using telnet, cutting
out the X-SSL-certificate header. Mongrel responds correctly (200).

3) Added in my own arbitary header with a carriage return in it.
Mongrel again returns 500.

I turned on debugging with the '-B' option hoping there would be
something in the log files, but they're empty.

Can anyone else confirm that caarriage returns in HTTP headers is a
problem for Mongrel?

Many thanks,


[1] http://www.apsis.ch/pound/pound_list/archive/2006/2006-10/1159900707000

More information about the Mongrel-users mailing list