For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jason_Jernigan_'s avatar
Jason_Jernigan_
Icon for Nimbostratus rankNimbostratus
Mar 06, 2006

Client SSL Insert

I've got a site using client SSL cert inserted to the header for authentication with the backend web server. The irule is as follows.     when CLIENTSSL_CLIENTCERT {   if { [SSL::cert cou...
application delivery
dev
devops
iRules
Jason_Jernigan_'s avatar
Jason_Jernigan_
Icon for Nimbostratus rankNimbostratus
Mar 06, 2006
Ok I changed the code to this:

 

 

when CLIENTSSL_CLIENTCERT {

 

log "begining"

 

log "ssl cert count = + [SSL::cert count]"

 

if { [SSL::cert count] > 0 } {

 

session add ssl [SSL::sessionid] [X509::cert_fields [SSL::cert 0] [SSL::verify_result] whole] 450

 

log "session ID: + [SSL::sessionid] + [X509::cert_fields [SSL::cert 0] [SSL::verify_result] whole]"

 

log "certfields lookup = [session lookup ssl {[SSL::sessionid] any}]"

 

}

 

}

 

 

when HTTP_REQUEST {

 

log "http_request sessionid= + [SSL::sessionid]"

 

set certfields [session lookup ssl {[SSL::sessionid] any}]

 

log "certfields before if + $certfields"

 

if { $certfields != "" } {

 

HTTP::header insert $certfields

 

}

 

log "Ending"

 

}

 

 

But it appears that something is off becuase now none of the lookups are working. Including the log statement immediatly following the session add. Your help is greatly appreciated. Please see logs attached.

 

Thanks,

 

Jason