Alignment between standard Virtual Server SSL verification and iRule events
Setup uses a client SSL profile applied on the VS - it specifies that a client certificate as required.
A CA bundle is specified to establish trust, and a CRL to confirm revocation status.
An attached iRule needs to inspect and base actions on the details of the client certificate (actions may drop connection).
My query is to understand what the status actually is once the CLIENTSSL_CLIENTCERT event is triggered.
Does this simply indicate that a certificate has been received, or will the main processing have also performed CA & CRL checking at this point?
i.e. does the event simply mean a client certificate is now available (but maybe isn't trusted or could be revoked), or does it mean that a client certificate has been received and is already verified (CA & CRL OK)?
If it is simply that a certificate is available but hasn't been verified then what event should actually be used in an iRule to work with the certificate after it is validated?
The steps that the iRule will perform will attempt to verify some other aspects of the client certificate, and drop the connection should these fail - so I presume this should really be done before the CLIENTSSL_HANDSHAKE event?