Anthony_Gerace_
Oct 12, 2006Historic F5 Account
ClientSSL_clientCert variables not avail in HTTP_Request
Hi All,
I am working on an iRule that inserts the client certificate issuer and subject fields as a header for a terminated application. The following rule passes syntax checking, thou I see the logged output from the clientssl event, the log statement from the http_request even shows the certData variable as being null. Any reason why I can't access local variable created in clientssl_clientcert event.
Thanks for your help.
Anthony
when CLIENTSSL_CLIENTCERT {
set certData "[X509::issuer [SSL::cert 0]], [X509::subject [SSL::cert 0]]"
log local0. "CertData is $certData"
}
when HTTP_REQUEST {
log local0. "CertData is $certData"
if { [string length $certData] > 2 } {
HTTP::header insert x-fvb2bs-client-cert $certData
log local0. "Client [IP::remote_addr] had certificate $certData"}
pool fvb2bs-443-p-mko
}
Excerpt from ltm logfile:
Oct 12 09:26:39 tmm tmm[11163]: Rule fvb2bs-cert-fields-ag : CertData is /C=US/O=FMR Corp./OU=PKI Test CA, /C=US/O=FMR Corp./OU=Applications/OU=B2B/CN=fvb2bs-test-client-access.fmr.com
Oct 12 09:26:41 tmm tmm[11163]: 01220001:3: TCL error: Rule fvb2bs-cert-fields-ag - can't read "certData": no such variable while executing "log local0. "CertData is $certData""