Forum Discussion

am_gli_287451's avatar
am_gli_287451
Icon for Nimbostratus rankNimbostratus
Feb 28, 2018

Writing Client-Cert info into Header - irule with strange behavior

Hi, I have an inherited a BIG-IP and I'm facing a problem with an irule that is implemented there. The important part is this: when HTTP_REQUEST priority 200 { ... create HTTP head...
application delivery
iRules
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Mar 11, 2018

I already had such issue. there might be another issue, if CN contains a comma (with backslash before), split command may cause an issue. I used following code to convert comma to | except if comma is backslashed:

 

array set dnparts [split [string map [list "\\," "," " , " "|" " ," "|" ", " "|"] $dn] "|="]

this command already create the array.

 

your code become:

 

when HTTP_REQUEST priority 200 {
    ...
     create HTTP headers with ssl cert infos
    set dn [ X509::issuer $cert ]
     Split DN into Parts
    array set dnparts [split [string map [list "\\," "," " , " "|" " ," "|" ", " "|"] $dn] "|="]

     Insert the neccessary headers from the DN
    HTTP::header insert "SSL_CLIENT_I_DN"           "\"$dn\""
    foreach field [array names dnparts] {
        HTTP::header insert "SSL_CLIENT_I_DN_$field" "\"$dnparts($field)\""
    }
}