Hille_de_Graaf_
Sep 15, 2006Nimbostratus
SSL ClientCert check
We are trying to build an iRule to check if an SSL client cert is valid, and I used the iRule from Wikis (list below), but when I try to connect the /var/log/ltm gives me the following error:
Sep 15 13:44:46 tmm tmm[723]: 01220001:3: TCL error: Rule pok - Prerequisite operation not in progress (line 1) invoked from within "session add ssl [SSL::sessionid] $ssl_stuff 180"
Sep 15 13:44:46 tmm tmm[723]: 01220001:3: TCL error: Rule pok - Prerequisite operation not in progress (line 6) invoked from within "session lookup ssl [SSL::sessionid]"
What is wrong about this iRule?
I'am running version 9.1.2 on a 3400LTM
Below the iRule from Wikis
when CLIENTSSL_CLIENTCERT {
set ssl_stuff [list anything1 anything2]
set ssl_cert [SSL::cert 0]
set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]]
lset ssl_stuff 0 $ssl_cert
lset ssl_stuff 1 $ssl_errstr
session add ssl [SSL::sessionid] $ssl_stuff 180
}
when HTTP_REQUEST {
set ssl_stuff2 [session lookup ssl [SSL::sessionid]]
set ssl_cert2 [lindex $ssl_stuff2 0]
set ssl_errstr2 [lindex $ssl_stuff2 1]
if { $ssl_errstr2 eq "ok" } {
HTTP::header insert SSLClientCertStatus $ssl_errstr2
HTTP::header insert SSLClientCertSN [X509::serial_number $ssl_cert2]
} else {
HTTP::redirect http://192.168.0.64/error.html
}
}