Selecting Server SSL in iRule and iApp
Hi, I know that this is not usual situation to modify anything in iApp objects. Anyway I did it for some test purposes and something took me off guard. Setup: iApp with Client SSL Server SSL iRule with code like that: set profile "SSL::profile ${ssls}" if { [PROFILE::exists serverssl] == 1} { Trying to set profile specified by ssls var if { [catch {eval $profile}] } { Setting profile failed - most probably profile with name specified by ssls var does not exixst catch {eval $disable} Client connection should be rejected reject is triggering LB_FAILED and HTTP respond can be used reject } else { Hide these commands from the iRule parser (in case no serverssl profile is applied) set enable "SSL::enable serverside" if { [catch {eval $enable}] }{ reject } } } Profile specified in [catch {eval $profile}] is from /Common/ folder Profile attached to VS is of course from /Common/iapp_name/ folder Even if there is no error in log and everything looks like success when SERVERSSL_CLIENTHELLO_SEND is triggered (used to set SNI) Server SSL profile reported by [PROFILE::serverssl name] is the one attached to VS. When no iApp based VS is used profile switching works without issue. I wonder if this is because new Server SSL should be in the same folder as iApp attached profile, so not in /Common/ but in /Common/iapp_name/? Piotr