Forum Discussion

andy_12_5042's avatar
andy_12_5042
Icon for Nimbostratus rankNimbostratus
Dec 29, 2010

set ssl options in a client ssl profile

I have been trying to get this right but am missing something. The function will set the options check box but does not set the value? I had simialr issue with another function so I know it is because I am not giving the parameter correctly or something is wrong with the way I am defining values as another sequence. However, looking at the icontrol sdk, the options appear to be another list within a list. I have tried this lots of ways and just cant seem to get it right. Anyone have an idea what I am doing wrong? (I don't get any errors returned)

 

 

 

def set_ssl_option(self,option):

 

"""

 

"""

 

self.option=option

 

option_s=s.typefactory.create('LocalLB.ProfileSSLOptionSequence')

 

option_s.default_flag = 0

 

option_s.values=s.typefactory.create('LocalLB.SSLOptionSequence')

 

option_s.values.values=[self.option]

 

option_s_seq=[option_s]

 

s.set_ssl_option(profile_names=[self.name],options=[option_s])

 

 

 

 

 

s.set_ssl_option('SSL_OPTION_NETSCAPE_REUSE_CIPHER_CHANGE_BUG')

 

 

I got lucky on the last similar problem and figured it out by getting into the SDK. This one is not turning out so quickly. I am new to pycontrol/icontrol so maybe it is something simple that I am missing.

 

 

 

Thanks for any help

 

Andy

 

5 Replies

  • if I use a python interactive session and look at params, I can see what it is expecting:

     

     

    >>> s.set_ssl_option.params

     

    [(profile_names, u'Common.StringSequence'), (options, u'LocalLB.ProfileSSLOptionSequence')]

     

     

    So one would think that this would work , however it does not)

     

     

    def set_ssl_option(self,option):

     

    self.option=option

     

    option_s=s.typefactory.create('LocalLB.ProfileSSLOptionSequence')

     

    option_s.default_flag = 0

     

    option_s.values=[self.option]

     

    option_s_seq=[option_s]

     

    s.set_ssl_option(profile_names=[self.name],options=[option_s])

     

     

    This is what the sequence looks like:

     

     

    >>> option_s

     

    (LocalLB.ProfileSSLOptionSequence){

     

    _arrayType = ""

     

    _offset = ""

     

    _id = ""

     

    _href=""

     

    values[] =

     

    "SSL_OPTION_EPHEMERAL_RSA",

     

    default_flag = 0

     

    }

     

     

    but when I go to look at the options on my profile after trying to set, I get:

     

     

    [(LocalLB.ProfileSSLOption){

     

    values[] = empty

     

    default_flag = False

     

    }]

     

     

     

  • Andy: I think you want to create the profile SSL option, then stuff it into a list object to create your 'sequence':

    
    In [18]: opts = ssl.typefactory.create('LocalLB.ProfileSSLOption')
    
    In [19]: opts
    Out[19]:
    (LocalLB.ProfileSSLOption){
       values =
          (LocalLB.SSLOptionSequence){
             _arrayType = ""
             _offset = ""
             _id = ""
             _href = ""
             _arrayType = ""
          }
       default_flag = None
     }
    

    So something like this will work:

    
    opts = ssl.typefactory.create('LocalLB.ProfileSSLOption')
    option_list = ssl.typefactory.create('LocalLB.SSLOption')  This step is optional, but I wanted to show you that there's a type for the SSL option objects. It's simply an enum.
    opts.values = [option_list.SSL_OPTION_EPHEMERAL_RSA] Note that I wrap this up in a list, as specified in the SDK (had to look this up)
    ssl.set_ssl_option(['via-pycontrol'], options = [opts])
    
     Now, confirm it all:
     ssl.get_ssl_option(['via-pycontrol'])
    Out[39]:
    [(LocalLB.ProfileSSLOption){
       values[] =
          "SSL_OPTION_EPHEMERAL_RSA",
       default_flag = False
     }]
     Voila!
    

    HTH,

    -Matt

  • for some reason I cant get this to work. Even if I paste exactly what you have above I still get an empty option and it is not set....

     

     

    opts = s.typefactory.create('LocalLB.ProfileSSLOption')

     

    option_list = s.typefactory.create('LocalLB.SSLOption')

     

    opts.values = [option_list.SSL_OPTION_EPHEMERAL_RSA]

     

    opts.default_flag =0

     

    s.set_ssl_option(['test'], options = [opts])

     

     

    >>> s.get_ssl_option(['test'])

     

    [(LocalLB.ProfileSSLOption){

     

    values[] =

     

    default_flag = False

     

    }]

     

     

     

    What am I missing??

     

  • Wierd. I just created a dummy client ssl profile named 'test' and pasted in your code. Worked fine:

     

     

    
    In [100]: cpaste
    Pasting code; enter '--' alone on the line to stop.
    :opts = s.typefactory.create('LocalLB.ProfileSSLOption')
    :option_list = s.typefactory.create('LocalLB.SSLOption')
    :opts.values = [option_list.SSL_OPTION_EPHEMERAL_RSA]
    :opts.default_flag =0
    :s.set_ssl_option(['test'], options = [opts])
    :--
    In [101]: s.get_ssl_option(['test'])
    Out[101]:
    [(LocalLB.ProfileSSLOption){
       values[] =
          "SSL_OPTION_EPHEMERAL_RSA",
       default_flag = False
     }]
    

     

    I also confirmed it shows up in the UI as you'd expect. At this point I'd turn on debug on the BigIP as well as pycontrol to see what may be going on.

     

    -Matt
  • so here is what looks like this issue is.. I have many F5's and unfortunately I am stuck with some that are running 9.2x code, is archaic.... I have a few running newer 10.x .. So I decided to try and run the same code against the newer version and of course it works great. So on the F5's that are running the 9.2.x code, this call will not work properly.... I have been able to get all other calls to icontrol to work so this is the only problem one..... The funny thing is that my original code that I did not post here worked as well on version 10 LTM. So I guess I will have to cahlk this up to some difference in how the option is set???? not sure as I have been banging my head on this one for a couple days......