Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
In both cases, product must not include whitespace (and if comment is included, it must appear within parentheses).
The easiest way to fix this would be to compose the last part with "OpenSSL/" plus the second word from the OPENSSL_VERSION_TEXT constant (i.e., OpenSSL/1.0.0-fips in the above case).
In r773, a custom
User-Agentstring was added for curl requests (https://shibboleth.atlassian.net/browse/SSPCPP-297#icft=SSPCPP-297).There's a slight violation of the spec for this header - currently the code produces strings such as
shibboleth/2.5.3 OpenSAML/2.5.3 XMLTooling/1.5.3 XML-Security-C/1.7.2 Xerces-C/3.1.1 log4shib/1.0.8 libcurl/7.30.0 OpenSSL 1.0.0-fips 29 Mar 2010where the OpenSSL part does not really comply with the syntax from RFC 2616:
User-Agent = "User-Agent" ":" 1*( product | comment ) product = token ["/" product-version] product-version = tokenor RFC 7231, respectively:
User-Agent = product *( RWS ( product / comment ) ) product = token ["/" product-version] product-version = tokenIn both cases,
productmust not include whitespace (and ifcommentis included, it must appear within parentheses).The easiest way to fix this would be to compose the last part with "OpenSSL/" plus the second word from the OPENSSL_VERSION_TEXT constant (i.e.,
OpenSSL/1.0.0-fipsin the above case).