Dirk_Laan_18877
Nov 20, 2006Nimbostratus
if no cert rule
Hello,
We've created the following irule for checking the cert
If the cert is present everything works ok
But if the client has no cert the rule http redirect does not work
anyone ideas
It drives me crazy to get this working
when CLIENTSSL_CLIENTCERT {
set ssl_cert [SSL::cert 0]
set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]]
set ssl_stuff [list $ssl_cert $ssl_errstr]
session add ssl [SSL::sessionid] $ssl_stuff 180
log local0. "ClientSSl_Clienthandshake status: $ssl_errstr"
}
when HTTP_REQUEST {
set ssl_stuff [session lookup ssl [SSL::sessionid]]
set clcert [lindex $ssl_stuff 0]
set ssl_errstr [lindex $ssl_stuff 1]
set ssl_client_cert [lindex $ssl_stuff 2]
if { $ssl_errstr equals "ok" } {
log local0. "De ok-status is: $ssl_errstr"
pool portal-apps
HTTP::header remove "If-Modified-Since"
} elseif { $ssl_errstr equals "" } {
log local0. "no cert"
HTTP::redirect "https://xxxxxx/errors/cert_error.htm"
} else {
HTTP::redirect "https://xxxxx/errors/nocert.htm"
log local0. "cert error or wrong cert: $ssl_errstr"
}
}