场景

Client <--SSL 双向认证--> Nginx <-- proxy_set_header X-Client-Cert $ssl_client_cert; --> Jetty

Nginx启用SSL双向认证，客户端证书通过X-Client-Cert头传给后端的Jetty。

X-Client-Cert头内容：

X-Client-Cert: -----BEGIN CERTIFICATE-----
        MIIEOzCCAyOgAwIBAgIRAOltdQNuHk6ksMKqBr+VvsQwDQYJKoZIhvcNAQELBQAw
        YjELMAkGA1UEBhMCQ04xGzAZBgNVBAoMEkxkMzY1LmNvbSBDby4sTHRkLjESMBAG
        A1UECwwJQ0EgQ2VudGVyMSIwIAYDVQQDDBlMZDM2NS5jb20gQ28uLEx0ZC4gRVRQ
        IENBMB4XDTE2MDUzMDE2MDAwMFoXDTE3MDUzMDE2MDAwMFowgckxCzAJBgNVBAYT
        AkNOMSQwIgYJKoZIhvcNAQkBFhV6aGFuZ3NoYW93ZWlAbGQzNjUuY24xPzA9BgNV
        BAoMNuiBlOWKqOaXtuS7o++8iOWMl+S6rO+8ieenkeaKgOWPkeWxleaciemZkOi0
        o+S7u+WFrOWPuDESMBAGA1UEBRMJMjEwNzEwMDAxMT8wPQYDVQQDDDbogZTliqjm
        l7bku6PvvIjljJfkuqzvvInnp5HmioDlj5HlsZXmnInpmZDotKPku7vlhazlj7gw
        ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7xfVKO2mgcXlnBkfASoCf
        6z4dp0z8BP30l9ons+gCbDssZdfvXCczVMZx2xabY29tvdEmjKYMqV2MycxW21jp
        1jACHA1AceldGBj99mvIPhCtFI3mop3+WJiQnmecft0HaFs5D5Nl0lbB6p7PJGSv
        yGcfyyp+JkcrgdXGEOMUQ732AmFSjYEWWQBU5dNLM1jAiVTLsedaRt5MlJJVfHkf
        VM/OeDYAAMaOWcmRUdmjem3W5maN1KGAM/4J1zixmwAGhAa7Xutg46ohDbipEPzf
        lBniZE5c7cT3XNxgV2zKmJ82XsPsbv5VRPtQSU4KRN3BMpLYeW75D5OzsvzKcCpb
        AgMBAAGjgYMwgYAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBLAwHwYDVR0j
        BBgwFoAURJutMef+ytVajhdV+fAda/Wlj8EwHQYDVR0OBBYEFIWzpOhXC4qawbi6
        UOorq01jWNE9MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkq
        hkiG9w0BAQsFAAOCAQEAj10pZsPevaQJOiJ9x45Wv3A0NfMa0sQUfKcHdh9iT2aB
        n14p29+RZ7jaFm1kHUWA5cfOLDgA9kX1Wx+YOSEpHeevPp6qpg9GXcvNLU6kDohY
        nB/HR2s2LEObXwwPb7ErZQjshFZYtPm+XTne1xoNRKGI5SX9yXuCuzrVUqa+7H0r
        RnqdTVZ/vMet/pA/bTybe0Z3SX0V3t+PjBdVEsOPxIsaYRPAAi7PWMfhW4n3fw/S
        mPlLiP1D/g50wA3bJG+KeZrpWqZu7PSa0D02XmflNmm6+tsjvdJpj2U8vt/CObTH
        N98hEp8rExIBg1ICD3KnkTTS3k+SXzv2b+BkPzPfJw==
        -----END CERTIFICATE-----

问题

将Jetty升级到9.3.x后，报400 Bad Request。

原因

Jetty9.3.x实现了RFC 7230规范。

RFC 7230相较RFC 2616的改变，参见这里。

其中有一条内容如下：

Header fields that span multiple lines ("line folding") are deprecated.  (Section 3.2.4)

就是说在RFC 7230以前，HTTP头内容允许占多行（从第2行起，以空格或tab开头）。

解决

设置Jetty9.3.x接受RFC 2616规范

$JETTY_BASE/start.d/http.ini

## HTTP Compliance: RFC7230, RFC2616, LEGACY
jetty.http.compliance=RFC2616

Jetty9.3.x的HTTP协议兼容问题

场景

问题

原因

解决

你可能感兴趣的:(Jetty9.3.x的HTTP协议兼容问题)