Forum Discussion

Ron_Kim_110696's avatar
Ron_Kim_110696
Icon for Nimbostratus rankNimbostratus
Jan 11, 2007

iRule example to extract specific X509 information: SOL5171

I can't get this iRule to work.   The variable $sn in the HTTP_REQUEST section does not have a value.   It is working in the CLIENTSSL_CLIENTCERT section.     Variables do not seem t...
application delivery
dev
devops
iRules
kolejarz's avatar
kolejarz
Icon for Nimbostratus rankNimbostratus
Nov 07, 2007
There is a sample irule from F5 support:


when CLIENTSSL_CLIENTCERT {
HTTP::release
if { [SSL::cert count] < 1 } {
reject
}
}
when HTTP_REQUEST {
if { [matchclass [HTTP::uri] starts_with $::requires_client_cert] } {
if { [SSL::cert count] <= 0 } {
HTTP::collect
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
}
}
when HTTP_REQUEST_SEND {
clientside {
if { [SSL::cert count] > 0 } {
HTTP::header insert "X-SSL-Session-ID"          [SSL::sessionid]
HTTP::header insert "X-SSL-Client-Cert-Status"  [X509::verify_cert_error_string [SSL::verify_result]]
HTTP::header insert "X-SSL-Client-Cert-Subject" [X509::subject [SSL::cert 0]]
HTTP::header insert "X-SSL-Client-Cert-Issuer"  [X509::issuer [SSL::cert 0]]
}
}
}