Forum Discussion

Historic F5 Account

Nov 17, 2004

Verify Valid Client Certificate

Have a current 4.x config as follows: proxy 10.10.10.6:443 unit 1 { target virtual 127.0.201.6:80 clientssl enable clientssl key test.key clients...

Historic F5 Account

Jan 28, 2005

Do you happen to know off hand how the customer tested their rule? In my tests, SSL::verify_result is never updated to include the OCSP responder’s response, so any cert that chains up to a trusted client cert CA comes back with a result of “ok”, even if it has been revoked by the OCSP responder. The only way to capture the OCSP responder’s response and use it to make a load balancing decision in HTTP_REQUEST seems to be to use the modified auth rule to store a flag that lets us know whether AUTH_SUCCESS or AUTH_FAILURE happened.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)