Forum Discussion
juergen_lampar1
Nimbostratus
Nimbostratusinsert http-header value from SSL Certificate extentions
Hi,
i need insert the email-address from CLient Certificate in the http-header to the real server.
my irule write only empty header:
when CLIENTSSL_CLIENTCERT {
set search_ext_attribute "email:"...
juergen_lampar1Nimbostratus
NimbostratusHi,
now is the irule running, but i have a other problem. Our Application need the http-header everytime, not only while new connect or ssl session ID changes. Have anyone a idea?
when CLIENTSSL_CLIENTCERT {
set search_cn_attribute "emailAddress="
set search_cn_length [string length $search_cn_attribute]
set cn_attribute ""
if {[SSL::cert count] > 0} {
set cert_subject [split [X509::subject [SSL::cert 0]] ","]
foreach subject_attribute $cert_subject {
if {$subject_attribute starts_with $search_cn_attribute} {
if {$cn_attribute eq ""} {
append cn_attribute "[findstr $subject_attribute $search_cn_attribute $search_cn_length]"
} else {
append cn_attribute ","
append cn_attribute "[findstr $subject_attribute $search_cn_attribute $search_cn_length]"
}
}
}
session add ssl [SSL::sessionid] $cn_attribute
} else {
}
}
when HTTP_REQUEST {
set header_cn_info "x-http-authinfo"
if {![info exists cn_attribute]} {
set cn_attribute ""
}
if {[HTTP::header exists $header_cn_info]} {
HTTP::header remove $header_cn_info
}
HTTP::header insert $header_cn_info [getfield $cn_attribute "," 1]
}
Ronald_van_der3Sounds like you have an issue with session handling in your application? I would recommend to fix this issue in the application instead of building a workaround (which can be 'mis'-used by other users) in LTM.
