ScottG_82592
Feb 23, 2011Nimbostratus
Problem with findstr
Hello,
I am trying to extract some data from Client SSL Certificate. But I am having a problem when it is trying to pass the data. It is first part of the script it appears that it is passing the correct data but then it shows another field. Essentially what happens is this. The first part of the iRule executes without error. I can see the client offered certificate and extract out the necessary information. The issue comes when I attempt to pass that information from “when CLIENTSSL_CLIENTCERT” mode to “when HTTP_REQUEST” mode. It places the value of “CYC” (first field) into the memory, but when retrieves it, it’s always “KIT” (second field). I have no idea how the second value is the one passed.
RULE:
when CLIENTSSL_CLIENTCERT {
set client_cert [SSL::cert 0]
set subject [findstr [X509::subject $cert] "OU=" 3 ","]
session add ssl [SSL::sessionid] $subject 2
log local0. "Output1: $subject"
}
when HTTP_REQUEST {
set cert_x [session lookup ssl [SSL::sessionid]]
log local0. "Output2: $cert_x"
if {not[$cert_x contains "CYC"]}{
log local0. "Invalid Cert: [IP::client_addr] & $cert_x]"
HTTP::respond Bad Content { Invalid Certificate Error
Invalid Certificate Error
You used an invalid Certificate.
Please validate your certificate.
}
}
}
LOGGED OUTPUT:
Feb 8 19:56:34 tmm tmm[1743]: Cert_Extract_rule_rule : Output1: CYC
Feb 8 19:56:34 tmm tmm[1743]: Cert_Extract_rule_rule : Output2: KIT
Feb 8 19:56:34 tmm tmm[1743]: 01220001:3: TCL error: massl_550_productioncert_rule - invalid command name "KIT" while executing "$cert_x contains "CYC""
CAPTURE OF CLIENT OFFERED SSL CERT SUBJECT:
Feb 8 19:30:33 tmm tmm[1743]: Cert_Extract_rule_rule : Output2: 1.2.3.4 & CN=crash.scottsracing.com,OU=CYC,OU=KIT,OU=TESTY,O=Scotts Racing]