Forum Discussion

TIm_Maestas's avatar
TIm_Maestas
Icon for Nimbostratus rankNimbostratus
Apr 06, 2005

SSL cert verify TCL error?

I have the following iRule:     when CLIENTSSL_HANDSHAKE {   set cert [SSL::cert 0 ]   }   when HTTP_REQUEST {   set stuff [X509::subject $cert ]   if { [matchclas...
application delivery
dev
devops
iRules
TIm_Maestas's avatar
TIm_Maestas
Icon for Nimbostratus rankNimbostratus
Apr 06, 2005
Ok so I realized my plan was flawed in that, as was pointed out to me above, a client will not present a cert on each and every http request. So, I began going down the road of tracking whether we have validated a cert using the session table. However, I seem to be doing something wrong just adding the session entry. The rule: 

 
 when CLIENTSSL_CLIENTCERT { 
   set id [SSL::sessionid] 
   session add ssl $id [X509::verify_cert_error_string [SSL::verify_result]] 180 
 } 
 when HTTP_REQUEST {  
      if {[SSL::cert count] == 0} {      
          reject 
      } else { 
          set subject [X509::subject [SSL::cert 0 ]]  
          if { [matchclass $subject contains $::merlin] } {  
             use pool test-sun   
          }  
      }  
  }

..Generates the error:

Apr 6 12:01:39 tmm tmm[5569]: 01220001:3: TCL error: Rule test - Prerequisite operation not in progress (line 1) invoked from within "session add ssl $id [X509::verify_cert_error_string [SSL::verify_result]] 180"

..what is the prerequisite operation that is not in progress?