Tarmo_Oja_95406
Mar 29, 2005Nimbostratus
session {add|delete} ssl question
I found this code from Code Share.
rule c_cert_session {
when RULE_INIT {
set ::key [AES::key 128]
log local0. "the key is: $::key"
}
when CLIENTSSL_CLIENTCERT {
session add ssl [SSL::sessionid] [X509::verify_cert_error_string [SSL::verify_result]] 180
}
when HTTP_REQUEST {
set id [SSL::sessionid]
set y [session lookup ssl $id]
if { $y ne "" } {
set z [b64encode [AES::encrypt $::key $y]]
log local0. "z is: $z"
session delete ssl $id
} elseif { [HTTP::cookie exists ClientZ]} {
HTTP::header insert ClientCert [AES::decrypt $::key [b64decode [HTTP::cookie ClientZ]]]
log local0. "Inserting HTTP header ClientCert: [AES::decrypt $::key [b64decode [HTTP::cookie ClientZ]]]"
} else {
set z [b64encode [AES::encrypt $::key none]]
log local0. "no session, no cookie. z is: $z"
}
}
when HTTP_RESPONSE {
if { [info exists z ]} {
log local0. "in http response Z is: $z"
HTTP::header insert "Set-Cookie ClientZ=$z"
}
}
}
Questions:
a) why is session deleted in HTTP_REQUEST?
b) what is whole syntax for session {...} ssl command?
c) how to make sure that client has smart card still in reader during whole session?