iRule Optimization w/ Certificates?

The iRule below functions and performs as it should. I have been told that what I have below may not be efficient or optimized. I am looking to see if anyone can make some suggestions on how to better optimize. I would also like to know if session persistence and timeout are being maintained as they should. This iRule performs client side cert authentication only when a certain URI is sent. Upon successfull login, header information from the cert is passed to the receiving application. The code below was pieced together from other iRules on DevCentral.

 

 

when CLIENTSSL_CLIENTCERT {

 

set cert [SSL::cert 0]

 

HTTP::release

 

if { [SSL::cert count] < 1 } {

 

reject

 

}

 

}

 

 

when HTTP_REQUEST {

 

set v1 [URI::query [HTTP::uri] "p"]

 

if { ($v1 contains "ESAT") || ($v1 contains "311") } then {

 

if { [SSL::cert count] <= 0 } {

 

HTTP::collect

 

SSL::session invalidate

 

SSL::authenticate always

 

SSL::authenticate depth 9

 

SSL::cert mode request

 

SSL::renegotiate

 

}

 

}

 

}

 

 

when HTTP_REQUEST_SEND {

 

clientside {

 

if { [SSL::cert count] > 0 } {

 

HTTP::header insert "X-SSL-Session-ID"[SSL::sessionid]

 

HTTP::header insert "X-SSL-Client-Cert-Status"[X509::verify_cert_error_string [SSL::verify_result]]

 

HTTP::header insert "SSL_CLIENT_S_DN"[X509::subject [SSL::cert 0]]

 

HTTP::header insert "SSL_CLIENT_I_DN"[X509::issuer [SSL::cert 0]]

 

}

 

}

 

}