Forum Discussion
Albert__Tase_70
Nimbostratus
Nimbostratusssl cer pass through rule
I am getting the following error messages with the irule below :
Wed Dec 9 13:26:24 EST 2009 tmm tmm[1608] 01220001 TCL error: client_cer_pass_thre_2 CLIENTSSL_CLIENTCERT - while executing X509::serial_number $cert
when CLIENTSSL_CLIENTCERT {
set cert [SSL::cert 0]
set sn [X509::serial_number $cert]
set subject [X509::subject $cert]
set issuer [X509::issuer $cert]
set version [X509::version $cert]
session add uie [SSL::sessionid] [list $sn $issuer $subject $version] 1800
}
when HTTP_REQUEST {
set values [session lookup uie [SSL::sessionid] ]
if { [lindex $values 0] != "" } {
HTTP::header insert XClientSSL_Serial [lindex $values 0]
log local0. "Inserting Serial [lindex $values 0]"
HTTP::header insert XClientSSL_Issuer [lindex $values 1]
log local0. "Inserting Issuer [lindex $values 1]"
HTTP::header insert XClientSSL_Subject [lindex $values 2]
log local0. "Inserting Subject [lindex $values 2]"
HTTP::header insert XVersion [lindex $values 3]
log local0. "Inserting Version [lindex $values 3]"
}
}
Can some one please help I am trying to pass th ecert information through to the server.
Thanks
hoolioCirrostratus
Hi Al,
I'd guess the client isn't actually presenting a cert and so there isn't valid output from the first X509 command. Can you log the string length of $cert when the error occurs? Or if you're not able to reproduce the error at will, you could add logic to prevent the issue from happening:when CLIENTSSL_CLIENTCERT { Check if the cert output isn't null if {[SSL::cert 0] ne ""}{ set cert [SSL::cert 0] set sn [X509::serial_number $cert] set subject [X509::subject $cert] set issuer [X509::issuer $cert] set version [X509::version $cert] session add uie [SSL::sessionid] [list $sn $issuer $subject $version] 1800 } }
Aaron