Problem with findstr

Hello, I am trying to extract some data from Client SSL Certificate. But I am having a problem when it is trying to pass the data. It is first part of the script it appears that it is passing the correct data but then it shows another field. Essentially what happens is this. The first part of the iRule executes without error. I can see the client offered certificate and extract out the necessary information. The issue comes when I attempt to pass that information from “when CLIENTSSL_CLIENTCERT” mode to “when HTTP_REQUEST” mode. It places the value of “CYC” (first field) into the memory, but when retrieves it, it’s always “KIT” (second field). I have no idea how the second value is the one passed.

 

 

 

 

RULE:

 

 

when CLIENTSSL_CLIENTCERT {

 

set client_cert [SSL::cert 0]

 

set subject [findstr [X509::subject $cert] "OU=" 3 ","]

 

session add ssl [SSL::sessionid] $subject 2

 

log local0. "Output1: $subject"

 

}

 

when HTTP_REQUEST {

 

set cert_x [session lookup ssl [SSL::sessionid]]

 

log local0. "Output2: $cert_x"

 

if {not[$cert_x contains "CYC"]}{

 

log local0. "Invalid Cert: [IP::client_addr] & $cert_x]"

 

HTTP::respond Bad Content { Invalid Certificate Error

 

Invalid Certificate Error

 

You used an invalid Certificate.

 

 

Please validate your certificate.

 

}

 

}

 

}

 

 

 

LOGGED OUTPUT:

 

Feb 8 19:56:34 tmm tmm[1743]: Cert_Extract_rule_rule : Output1: CYC

 

Feb 8 19:56:34 tmm tmm[1743]: Cert_Extract_rule_rule : Output2: KIT

 

Feb 8 19:56:34 tmm tmm[1743]: 01220001:3: TCL error: massl_550_productioncert_rule - invalid command name "KIT" while executing "$cert_x contains "CYC""

 

 

CAPTURE OF CLIENT OFFERED SSL CERT SUBJECT:

 

Feb 8 19:30:33 tmm tmm[1743]: Cert_Extract_rule_rule : Output2: 1.2.3.4 & CN=crash.scottsracing.com,OU=CYC,OU=KIT,OU=TESTY,O=Scotts Racing]