For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

James_Thomson's avatar
James_Thomson
Icon for Employee rankEmployee
Dec 13, 2004

Inserting client certificate information into HTTP headers

To accomplish this, from reading the manual, it looks like I want to be using this:     SSL::modssl_sessionid_headers   and then   HTTP::header insert_modssl_fields     ...
application delivery
dev
devops
iRules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Dec 13, 2004
It depends on the information you want to insert.

If you just want the SessionId, then you can use something like the following: 

 
 when HTTP_REQUEST { 
    HTTP::header insert [SSL::modssl_sessionid_headers] 
 }

If you are interested in more of the certificate information, then you will need to additionally use some of the X509:: commands. For example, you may want to do something like the following: 

 
 when CLIENTSSL_HANDSHAKE { 
    set my_cert_0 [SSL::cert 0] 
    set my_verify_result [SSL::verify_result] 
 } 
 when HTTP_REQUEST { 
    HTTP::header insert [X509::cert_fields $my_cert_0 $my_verify_result versionnum serial sigalg issuer validity subject subpubkey hash] 
 }

You can, of course, use a smaller subset of the X509::cert_fields.