For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rob_Wismans_179's avatar
Rob_Wismans_179
Icon for Nimbostratus rankNimbostratus
Feb 22, 2018

Bypass Client Certificate authentication

Hello,   I have an existing working irule that handles client authentication.   The Client SSL Profile is set to request a client certificate.   My question: How to bypass this existing cli...
application delivery
iRules
LTM
Rob_Wismans_179's avatar
Rob_Wismans_179
Icon for Nimbostratus rankNimbostratus
Feb 22, 2018
when CLIENTSSL_HANDSHAKE {

                    if { $static::debug == 2  } { log local0. "CIP: Handshake event triggered" }
               set cert_subject [X509::subject [SSL::cert 0]]
                    if { $static::debug == 2  } { log local0. "CIP: Start processing certificate $cert_subject" }

                By default reject the certificate
               set reject 1
               set auth ""

                Lookup the subject in the datagrouplist and return as a list with name and value paired
               set matches [class match -element -all $cert_subject contains /CIP/CIP-Client_Cert-Test02]
                    if { $static::debug == 2  } { log local0. "CIP: Found [llength $matches] matches in datagroup, Value Of: $matches" }

                Check for valid result from lookup
               if { [llength $matches] != 0 } {



                              set auth [lindex $matches 1]
                              if { $static::debug == 2  } { log local0. "CIP: Matching client certificate (DN: $cert_subject, SN: [X509::serial_number [SSL::cert 0]], Auth: $auth)" }

                              set reject 0
               }
}