Forum Discussion
Let me explain a bit more:
b class CLASS-1 '{
{
"CN=XXXXXX,"
}
}'
b class CLASS-2 '{
{
"CN=YYYYY,"
}
}'
This works:
when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] > 0}{
if { ! [class match [substr [X509::subject [SSL::cert 0]] 3 ","] equals CLASS-1 ] } {
log local0. "Client dropped :[substr [X509::subject [SSL::cert 0]] 3 ","]"
drop
}
}
}
However when trying to add CLASS-2 as a OR condition I get a TCL error(below iRule):
when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] > 0}{
set X509_subject [X509::subject [SSL::cert 0]]
if { { ! [class match [substr $X509_subject 3 ","] equals CLASS-1] } || {!([class match [substr $X509_subject 3 ","] equals CLASS-2] } } {
log local0. "Client dropped :[substr [X509::subject [SSL::cert 0]] 3 ","]"
drop
}
}
}
Apr 5 15:07:55 local/tmm3 err tmm3[6610]: 01220001:3: TCL error: test-iRule - expected boolean value but got " ! [class match [substr $X509_subject 3 ","] equal" while executing "if { { ! [class match [substr $X509_subject 3 ","] equals CLASS-1 ] } || {!([class match [substr $X509_subject 3 ","] equals CLASS-2..."