Forum Discussion
NimbostratusIs anybody can correct this irule syntaxe. Thanks
when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0}{ set client_cert [SSL::cert 0] set CLIENT “[ join [string trim [string map { “—–BEGIN CERTIFICATE—–” “” “—–END CERTIFICATE—–” “”} [X509::whole $client_cert ] ] ] “” ]” } else { log local0. “no cert found during clientssl_clientcert” } } when HTTP_REQUEST { if { [SSL::cert count] > 0 } { set CLIENT “[ join [string trim [string map { “—–BEGIN CERTIFICATE—–” “” “—–END CERTIFICATE—–” “”} [X509::whole $client_cert ] ] ] “” ]” HTTP::header insert “NSClientCert” “—–BEGIN CERTIFICATE—– $CLIENT —–END CERTIFICATE—–” } }
2 Replies
Michael_JenkinsCirrostratus
Try this. You had some encoding issues it seems, and were missing a
:]when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0}{ set client_cert [SSL::cert 0] set CLIENT "[join [string trim [string map {"--BEGIN CERTIFICATE--" "" "--END CERTIFICATE--" ""} [X509::whole $client_cert]]] ""]" } else { log local0. "no cert found during clientssl_clientcert" } } when HTTP_REQUEST { if { [SSL::cert count] > 0 } { set CLIENT "[join [string trim [string map {"--BEGIN CERTIFICATE--" "" "--END CERTIFICATE--" ""} [X509::whole $client_cert]]] ""]" HTTP::header insert "NSClientCert" "—–BEGIN CERTIFICATE—– $CLIENT —–END CERTIFICATE—–" } }
JnonI realize this is an old thread, but I tried following this today, and wondered why the need to remove then add back in the BEGIN and END certificate rather than just do something like:
HTTP::header insert "NSClientCert" [string trim [X509::whole [X509::whole [SSL::cert 0]]] to replace set CLIENT "[join [string trim [string map {"--BEGIN CERTIFICATE--" "" "--END CERTIFICATE--" ""} [X509::whole $client_cert]]] ""]" HTTP::header insert "NSClientCert" "—–BEGIN CERTIFICATE—– $CLIENT —–END CERTIFICATE—–"I believe if you validate the [SSL::cert 0] at CLIENTSSL_CLIENTCERT, you don't need to add the insert header at the ClIENTSSL_CLIENTCERT and at HTTP_REQUEST, it seems redundant
