Forum Discussion

JCMATTOS_41723's avatar
JCMATTOS_41723
Icon for Nimbostratus rankNimbostratus
Nov 01, 2011

CN list for x509::subject?

We have a current irule CN list that works great, and would like to somehow lowercase the X509::subject characters to eliminate case sensitive subjects? Not sure if thats possible but I tried somethi...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Nov 02, 2011
e.g. 

[root@iris:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.17.33:https
   ip protocol tcp
   rules myrule
   profiles {
      myclientssl {
         clientside
      }
      tcp {}
   }
}
[root@iris:Active] config  b rule myrule list
rule myrule {
   when CLIENTSSL_CLIENTCERT {
        log local0. "[X509::subject [SSL::cert 0]]"
        log local0. "[string tolower [X509::subject [SSL::cert 0]]]"
}
}

[root@iris:Active] config  curl -Ik https://172.28.17.33/ --cert /var/tmp/ca/client.crt --key /var/tmp/ca/client.key
HTTP/1.1 200 OK
Date: Wed, 02 Nov 2011 03:56:20 GMT
Server: Apache/2.0.59 (rPath)
Last-Modified: Sat, 11 Jun 2011 00:31:47 GMT
ETag: "667a-67-cfb682c0"
Accept-Ranges: bytes
Content-Length: 103
Vary: Accept-Encoding
Set-Cookie: testcookie=helloworld
Content-Type: text/html; charset=UTF-8

[root@iris:Active] config  cat /var/log/ltm
Nov  2 20:46:10 local/tmm info tmm[1609]: Rule myrule : CN=client.f5net.com,OU=ps,O=f5net,L=seattle,ST=wa,C=us
Nov  2 20:46:10 local/tmm info tmm[1609]: Rule myrule : cn=client.f5net.com,ou=ps,o=f5net,l=seattle,st=wa,c=us