Forum Discussion

Hille_de_Graaf_'s avatar
Hille_de_Graaf_
Icon for Nimbostratus rankNimbostratus
Oct 24, 2007

bypass a CRL with an invalid date

Hi,     We are using client certificates and a CRL (Certificate Revocation List) to check wether the client certificate is revocated.   Every night we are loading a new CRL from our provider ...
application delivery
dev
devops
iRules
Hille_de_Graaf_'s avatar
Hille_de_Graaf_
Icon for Nimbostratus rankNimbostratus
May 26, 2009
Hi,

 

 

We removed the following part from the iRule:

 

 

} elseif { [lindex $values 1] equals "CRL has expired" } {

 

log local0. "CRL date is not valid, but you may continue"

 

HTTP::header insert ClientSSL_subject [lindex $values 2]

 

HTTP::header insert ClientSSL_serial [lindex $values 3]

 

pool portal-pool

 

 

As it seems that the CRL updates (and dates) are stable.