For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Zdenda's avatar
Zdenda
Icon for Cirrus rankCirrus
May 14, 2014

Remove "line breaks" from information added into HTTP header

Hi all, I use iRule to extract info about client SSL certificate and add it into HTTP header sent to server. I had to update it a bit because info about SSL certificate was not in PEM format.

 

Now it looks like this:

 

when CLIENTSSL_CLIENTCERT {
  log local0.info "SSL cert count: [SSL::cert count]"
  log local0.info "SSL cert used: [SSL::cert 0]"
  set cert [SSL::cert 0]
  set cert_whole [X509::whole $cert]
  set subject [X509::subject $cert]
  set issuer [X509::issuer $cert]
  set nva [X509::not_valid_after $cert]
  set sn [X509::serial_number $cert]
  set chash [X509::hash $cert]
  set nvb [X509::not_valid_before $cert]
  session add uie [SSL::sessionid] [list $cert_whole $subject $issuer $nva $sn $chash $nvb] 1800
}

when HTTP_REQUEST {
  log local0.info "session lookup: [session lookup uie [SSL::sessionid]]"
  if { [SSL::cert count] < 1 } {
    SSL::authenticate once
    SSL::authenticate depth 9
    SSL::cert mode request
    SSL::renegotiate
  } else {
    set values [session lookup uie [SSL::sessionid] ]
    if { [lindex $values 0] != "" } {
      HTTP::header insert Client-Auth "Valid cert"
      log local0. "Inserting Client-Auth Valid cert"

      HTTP::header insert X-SSL-DN [lindex $values 1]
      log local0. "Inserting X-SSL-DN [lindex $values 1]"

      HTTP::header insert X-SSL-Issuer [lindex $values 2]
      log local0. "Inserting X-SSL-Issuer [lindex $values 2]"

      HTTP::header insert X-SSL-Hash [lindex $values 5]
      log local0. "Inserting X-SSL-Hash [lindex $values 5]"

      HTTP::header insert X-SSL-Not-Before [lindex $values 6]
      log local0. "Inserting X-SSL-Not-Before [lindex $values 6]"

      HTTP::header insert X-SSL-Not-After [lindex $values 3]
      log local0. "Inserting X-SSL-Not-After [lindex $values 3]"

      HTTP::header insert X-SSL-SN [lindex $values 4]
      log local0. "Inserting X-SSL-SN [lindex $values 4]"

      HTTP::header insert X-SSL-Certificate [lindex $values 0]
      log local0. "Inserting X-SSL-Certificate [lindex $values 0]"
    }
  }
}

Problem is with whole PEM certificate added into HTTP header, it is stored with linebreaks (like standard cert in PEM format you receive from CA), but I need it to be in one line only. Do you know about any way how to remove all line breaks from SSL cert in PEM code?

 

Thanks, Zdenek

 

application delivery
devops
iRules

1 Reply