Forum Discussion

Albert__Tase_70's avatar
Albert__Tase_70
Icon for Nimbostratus rankNimbostratus
Dec 09, 2009

ssl cer pass through rule

I am getting the following error messages with the irule below :     Wed Dec 9 13:26:24 EST 2009 tmm tmm[1608] 01220001 TCL error: client_cer_pass_thre_2 CLIENTSSL_CLIENTCERT - while ex...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 09, 2009
Hi Al,

I'd guess the client isn't actually presenting a cert and so there isn't valid output from the first X509 command. Can you log the string length of $cert when the error occurs? Or if you're not able to reproduce the error at will, you could add logic to prevent the issue from happening: 

 
 when CLIENTSSL_CLIENTCERT { 
  
     Check if the cert output isn't null 
    if {[SSL::cert 0] ne ""}{ 
  
       set cert [SSL::cert 0] 
       set sn [X509::serial_number $cert] 
       set subject [X509::subject $cert] 
       set issuer [X509::issuer $cert] 
       set version [X509::version $cert] 
       session add uie [SSL::sessionid] [list $sn $issuer $subject $version] 1800 
    } 
 }

Aaron