CirrostratusHi IRONMAN,
when CLIENTSSL_CLIENTCERT priority 100 {
if {[SSL::cert count] > 0} {
set clientCert [X509::whole [SSL::cert 0]]
set clientCertSubject [X509::subject [SSL::cert 0]]
set clientCertHash [X509::hash [SSL::cert 0]]
foreach field [ split $clientCertSubject ","] {
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
}
}
}
when HTTP_REQUEST {
if {([info exists clientCert]) && ($clientCert ne "")} {
HTTP::header insert X-SSL-Client-Cert $clientCert
}
if {([info exists clientCommonName]) && ($clientCommonName ne "")} {
HTTP::header insert X-SSL-Client-CN $clientCommonName
}
if {([info exists clientCertHash]) && ($clientCertHash ne "")} {
HTTP::header insert X-SSL-Client-SHA1 $clientCertHash
}
}
CirrostratusPlease let me know, should i add below for set the $clientCertHash value from SSL?
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
You should use it for clientCommonName (X-SSL-Client-CN)
# for X-SSL-Client-CN
set clientCertSubject [X509::subject [SSL::cert 0]]
foreach field [ split $clientCertSubject ","] {
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
}# for X-SSL-Client-SHA1
set clientCertHash [X509::hash [SSL::cert 0]]Thanks Eaa,
So i get thumbprint value inserted as a header with below action.