Forum Discussion

DethMetal_Jeff's avatar
DethMetal_Jeff
Icon for Altostratus rankAltostratus
Aug 04, 2020

Pass client cert based on POST data

I'm trying to pass along cleint cert information to my backedn server in an http header based on HTTP POST data sent to the login servlet. I've written the below iRule which, in short does the follo...
BIG-IP
devops
iRules
  • DethMetal_Jeff's avatar
    DethMetal_Jeff
    Aug 04, 2020

    Just to update anyone else who is looking to do the same thing. I inserted an HTTP::collect at line 111 after the SSL::renegotiate and this appears to force the iRule to hold the http data instead of invoking the implict release at the end of HTTP_REQUEST_DATA. So now it hits the CLIENTSSL_CLIENTCERT event and the HTTP::release is called there. Since I'm setting SSL::cert mode require this should always result in either the handshake failing or the HTTP::release being called from CLIENTSSL_CERT.

     

Gym's avatar
Gym
Icon for Cirrus rankCirrus
Aug 04, 2020

Why not set the client SSL profile to always request a cert (not require), and then you would already have it to hand for those cases where it's needed, without forcing a renegotiation?