Forum Discussion

Zero_86762's avatar
Zero_86762
Icon for Nimbostratus rankNimbostratus
Nov 07, 2012

TLS Server Name Indication iRule giving me error message

I needed to implement this rule that I was able to find at: https://devcentral.f5.com/tutorials/tech-tips/multiple-certs-one-vip-tls-server-name-indication-via-irules

 

Altough it looks strait forward, the iRule is erroring out and I'm not sure why. I would really appriciate some guidence.

 

Here is the error message I'm getting:

 

 

 

line 114: [wrong args] [set ssl_profile [class match -value ]string tolower $tls_servername[ equals tls_servername]]

 

line 114: [wrong args] [class match -value ]

 

line 114: [undefined procedure: equals] [equals tls_servername]

 

line 115: [wrong args] [set tls_pool [class match -value ]string tolower $tls_servername[ equals tls_servername_pool]]

 

line 115: [wrong args] [class match -value ]

 

I tried to create a real basic setup to troubleshoot, here is what I have:

 

 

 

 

class tls_servername {

 

{

 

"test.active1.com" { "zoom.cert1.local" }

 

"test.active2.com" { "zoom.cert2.remote" }

 

}

 

}

 

class tls_servername_pool {

 

{

 

"test.active1.com" { "Apache_v1_80" }

 

"test.active2.com" { "Apache_v2_80" }

 

}

 

}

 

 

 

My 2 pools:

 

pool Apache_v1_80 {

 

monitor all http

 

members 192.168.1.55:28501 {}

 

}

 

pool Apache_v2_80 {

 

monitor all http

 

members 192.168.1.55:28501 {}

 

}

 

 

 

 

 

 

 

 

2 Replies

  • Interesting. The iRule has a syntax error and some of the square brackets are backwards. The line should be:

     

     

    [class match -value [string tolower $tls_servername] equals tls_servername]

     

     

    I should also mention that SNI is included in v11 without requiring an iRule.

     

  • Thanks Kevin, that did the trick. Now I can test this out. I also let Colin Walker, who posted the tech tip know.