What is this iRule doing?
I am apparently losing my mind. So without giving my understanding for the following iRule, can someone wiser than I explain what this iRule is doing? when CLIENTSSL_HANDSHAKE { if {[SSL::cert count] > 0} { log local0. "X509 Certificate present" set subject_dn [X509::subject [SSL::cert 0]] set cert_hash [string toupper [X509::hash [SSL::cert 0]]] set serial_dn [X509::serial_number [SSL::cert 0]] set cSSLSubject [findstr $subject_dn "CN=" 0 ","] log local0. "Subject = $cSSLSubject, Hash = $cert_hash, Serial = $serial_dn" set Expected_hash [string toupper [class lookup $cSSLSubject authGroup]] if { $Expected_hash != $cert_hash } { log local0. "Thumbprint mismatch. Expected Hash = $Expected_hash, Hash received = $cert_hash (Subject = $cSSLSubject, Serial = $serial_dn)" reject } else { log local0. "Thumbprint match. Expected Hash = $Expected_hash, Hash received = $cert_hash (Subject = $cSSLSubject, Serial = $serial_dn)" } } else { log local0. "X509 Certificate not present" reject } } The data group looks like this (edited) and there are a number of entries for different people: CN=hello.example.com := 44:cc:00:44:22:66:ff:dd:cc:88:cc:11:33:00:99:dd:cc:88:88:bb