Forum Discussion
NimbostratusTLS Server Name Indication iRule giving me error message
I needed to implement this rule that I was able to find at: https://devcentral.f5.com/tutorials/tech-tips/multiple-certs-one-vip-tls-server-name-indication-via-irules
Altough it looks strait forward, the iRule is erroring out and I'm not sure why. I would really appriciate some guidence.
Here is the error message I'm getting:
line 114: [wrong args] [set ssl_profile [class match -value ]string tolower $tls_servername[ equals tls_servername]]
line 114: [wrong args] [class match -value ]
line 114: [undefined procedure: equals] [equals tls_servername]
line 115: [wrong args] [set tls_pool [class match -value ]string tolower $tls_servername[ equals tls_servername_pool]]
line 115: [wrong args] [class match -value ]
I tried to create a real basic setup to troubleshoot, here is what I have:
class tls_servername {
{
"test.active1.com" { "zoom.cert1.local" }
"test.active2.com" { "zoom.cert2.remote" }
}
}
class tls_servername_pool {
{
"test.active1.com" { "Apache_v1_80" }
"test.active2.com" { "Apache_v2_80" }
}
}
My 2 pools:
pool Apache_v1_80 {
monitor all http
members 192.168.1.55:28501 {}
}
pool Apache_v2_80 {
monitor all http
members 192.168.1.55:28501 {}
}
2 Replies
- Kevin_Stewart
Employee
Interesting. The iRule has a syntax error and some of the square brackets are backwards. The line should be:
[class match -value [string tolower $tls_servername] equals tls_servername]
I should also mention that SNI is included in v11 without requiring an iRule. 
Zero_86762Thanks Kevin, that did the trick. Now I can test this out. I also let Colin Walker, who posted the tech tip know.
