gestorm_105037
Jan 04, 2012Nimbostratus
iRule SSL handshake doesn't run in 10.2.0
I have many problems with my irule.
I have a BIG-IP in version 9.4.8 and the irule must connect to virtual server in https, there are profile ssl client wich generate a first certificat will keep in cache. On Internet Explorer we must choose 2 times the certificate.
I performed an upgrade of my Big-IP in version 10.2.0 but the problem is the same. We tested the irule in version 10.2.0 and the irule doesn't run with SSL handshake, there are failure and TCL error.
below the irule used:
"
when CLIENTSSL_HANDSHAKE
{
set cur [SSL::sessionid]
set ask [session lookup ssl $cur]
if { $ask eq "" } {
session add ssl [SSL::sessionid] [SSL::cert 0]
}
}
when HTTP_REQUEST {
set id [SSL::sessionid]
set the_cert [session lookup ssl $id]
if { $the_cert != ""}
{ HTTP::header insert SSL_CLIENT_CERT [X509::whole $the_cert]
}
log local0.info "Request GET [HTTP::uri]\n"
log local0.info "Connection : [IP::remote_addr] -> [IP::local_addr] with method : [HTTP::method] and URI : [HTTP::uri] / X-Forwarded-For : [HTTP::header X-Forwarded-For] / SSL Certificate : [HTTP::header SSL_CLIENT_CERT]"
}
when HTTP_RESPONSE {
if {[HTTP::is_redirect]}{
Rewrite the Location header from http to https
HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header value Location]]
log local0.info "F5 Redirect to [HTTP::header Location]"
}
log local0.info "APACHE Response : [HTTP::status], Location : [HTTP::header Location]\n"
}
"
If you already had this kind of problem please can you help me.
Thanks for your help,