Forum Discussion
XS_68901
Nimbostratus
NimbostratusTCL error in X509:whole
Hello! Everyone.
Do you have any ideas to solve this error?
I try to write an iRule. like this.
============================================================
when CLIENTSSL...
nitass
Employee
Employeesol11479: If the session iRule command is used to add binary data to the session table, the data will be corrupted
http://support.f5.com/kb/en-us/solu...11479.html
[root@ve1023:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.65.152:https
ip protocol tcp
rules myrule
profiles {
http {}
myclientssl {
clientside
}
tcp {}
}
}
[root@ve1023:Active] config b profile myclientssl list
profile clientssl myclientssl {
defaults from clientssl
ca file "ca.crt"
peer cert mode require
}
[root@ve1023:Active] config b rule myrule list
rule myrule {
when CLIENTSSL_HANDSHAKE {
log local0. "sessionid = [SSL::sessionid]"
log local0. "client cert = [X509::whole [SSL::cert 0]]"
if {[session lookup ssl [SSL::sessionid]] eq ""} {
session add ssl [SSL::sessionid] [b64encode [SSL::cert 0]] 180
}
}
when HTTP_REQUEST {
log local0. "sessionid = [SSL::sessionid]"
if {[session lookup ssl [SSL::sessionid]] ne ""} {
log local0. "client cert = [X509::whole [b64decode [session lookup ssl [SSL::sessionid]]]]"
regsub -all "\n" [X509::whole [b64decode [session lookup ssl [SSL::sessionid]]]] "" client_cert_insert
log local0. "client_cert_insert = $client_cert_insert"
HTTP::header insert SSL_CLIENT_CERTIFICATE $client_cert_insert
}
}
}
[root@ve1023:Active] config curl -Ik https://172.28.65.152 --cert /var/tmp/temp/ca/client.crt --key /var/tmp/temp/ca/client.key
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2011 08:59:31 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 08 Nov 2011 12:54:37 GMT
ETag: "4183c9-30-ac7cfd40"
Accept-Ranges: bytes
Content-Length: 48
Connection: close
Content-Type: text/html; charset=UTF-8
[root@ve1023:Active] config cat /var/log/ltm
Nov 10 00:59:17 local/tmm info tmm[4766]: Rule myrule : sessionid = 854d7777d844dc1aa3756d51174e92cb3c13a7ce91d6e3dd471ae34dc2a528f3
Nov 10 00:59:17 local/tmm info tmm[4766]: Rule myrule : client cert = -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJ1czEL MAkGA1UECBMCd2ExEDAOBgNVBAcTB3NlYXR0bGUxDjAMBgNVBAoTBWY1bmV0MQsw CQYDVQQLEwJwczEVMBMGA1UEAxMMY2EuZjVuZXQuY29tMB4XDTExMTAxMDE0Mjkw NVoXDTEyMTAwOTE0MjkwNVowZDELMAkGA1UEBhMCdXMxCzAJBgNVBAgTAndhMRAw DgYDVQQHEwdzZWF0dGxlMQ4wDAYDVQQKEwVmNW5ldDELMAkGA1UECxMCcHMxGTAX BgNVBAMTEGNsaWVudC5mNW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQChVkX+nkUAijf3Wo66w28PqLwrc+72h9LNScP7lFJ7nUqPSdfMRvY+ oGh8kEwR/FZVbGmzcd947kZuE4PowVwY4ULUB46/2wcGsYLFar+BXALqOtOBnf1i tIYB4lQhDs0ptRYV3EAh5lIeVcLMIAjIMruGnBK4w9kTvyWhHcTppz7Rjk/kMQkX DfxPUogYJ6rBK/Y3WO8j/KuNhenT3yVWyJH2hqoQV9H9Hpq69JPc0EHIuRTSexXh bxeJrbQPfru9lftcsVW3AwUIfM9L7DRfYHpdrdE2A52nuEm6dZsabl3JYZH02JtG Suly1SnFsL/61t/kGjcN+5BETdt8pjSZAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJ YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud DgQWBBT/hZibzImAU/yPcC/BVXR612zSkTAfBgNVHSMEGDAWgBRR68sD4lIUjXWG HB0xNIFIvtpPOjANBgkqh
Nov 10 00:59:17 local/tmm info tmm[4766]: Rule myrule : sessionid = 854d7777d844dc1aa3756d51174e92cb3c13a7ce91d6e3dd471ae34dc2a528f3
Nov 10 00:59:17 local/tmm info tmm[4766]: Rule myrule : client cert = -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJ1czEL MAkGA1UECBMCd2ExEDAOBgNVBAcTB3NlYXR0bGUxDjAMBgNVBAoTBWY1bmV0MQsw CQYDVQQLEwJwczEVMBMGA1UEAxMMY2EuZjVuZXQuY29tMB4XDTExMTAxMDE0Mjkw NVoXDTEyMTAwOTE0MjkwNVowZDELMAkGA1UEBhMCdXMxCzAJBgNVBAgTAndhMRAw DgYDVQQHEwdzZWF0dGxlMQ4wDAYDVQQKEwVmNW5ldDELMAkGA1UECxMCcHMxGTAX BgNVBAMTEGNsaWVudC5mNW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQChVkX+nkUAijf3Wo66w28PqLwrc+72h9LNScP7lFJ7nUqPSdfMRvY+ oGh8kEwR/FZVbGmzcd947kZuE4PowVwY4ULUB46/2wcGsYLFar+BXALqOtOBnf1i tIYB4lQhDs0ptRYV3EAh5lIeVcLMIAjIMruGnBK4w9kTvyWhHcTppz7Rjk/kMQkX DfxPUogYJ6rBK/Y3WO8j/KuNhenT3yVWyJH2hqoQV9H9Hpq69JPc0EHIuRTSexXh bxeJrbQPfru9lftcsVW3AwUIfM9L7DRfYHpdrdE2A52nuEm6dZsabl3JYZH02JtG Suly1SnFsL/61t/kGjcN+5BETdt8pjSZAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJ YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud DgQWBBT/hZibzImAU/yPcC/BVXR612zSkTAfBgNVHSMEGDAWgBRR68sD4lIUjXWG HB0xNIFIvtpPOjANBgkqhkiG9w0B
Nov 10 00:59:17 local/tmm info tmm[4766]: Rule myrule : client_cert_insert = -----BEGIN CERTIFICATE-----MIIDujCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJ1czELMAkGA1UECBMCd2ExEDAOBgNVBAcTB3NlYXR0bGUxDjAMBgNVBAoTBWY1bmV0MQswCQYDVQQLEwJwczEVMBMGA1UEAxMMY2EuZjVuZXQuY29tMB4XDTExMTAxMDE0MjkwNVoXDTEyMTAwOTE0MjkwNVowZDELMAkGA1UEBhMCdXMxCzAJBgNVBAgTAndhMRAwDgYDVQQHEwdzZWF0dGxlMQ4wDAYDVQQKEwVmNW5ldDELMAkGA1UECxMCcHMxGTAXBgNVBAMTEGNsaWVudC5mNW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChVkX+nkUAijf3Wo66w28PqLwrc+72h9LNScP7lFJ7nUqPSdfMRvY+oGh8kEwR/FZVbGmzcd947kZuE4PowVwY4ULUB46/2wcGsYLFar+BXALqOtOBnf1itIYB4lQhDs0ptRYV3EAh5lIeVcLMIAjIMruGnBK4w9kTvyWhHcTppz7Rjk/kMQkXDfxPUogYJ6rBK/Y3WO8j/KuNhenT3yVWyJH2hqoQV9H9Hpq69JPc0EHIuRTSexXhbxeJrbQPfru9lftcsVW3AwUIfM9L7DRfYHpdrdE2A52nuEm6dZsabl3JYZH02JtGSuly1SnFsL/61t/kGjcN+5BETdt8pjSZAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT/hZibzImAU/yPcC/BVXR612zSkTAfBgNVHSMEGDAWgBRR68sD4lIUjXWGHB0xNIFIvtpPOjANBgkqhkiG9w0BAQUFAAOC