Modify http header to send carriage returns

Question

Hi all, 
&nbsp;  
&nbsp; we need to ensure that an application is getting a complete certificate in the http header. The only problem is that I also need the right format for the cert.  
&nbsp; This should be the format: 
&nbsp; ----Begin Certificate----- 
&nbsp; asdlkfjsdfjlksdjflksdjfklsdjf 
&nbsp; asldkjflskdjflasdjflksjflasjk 
&nbsp; asdlkfjsdfjlksdjflksdjfklsdjf 
&nbsp; asldkjflskdjflasdjflksjflasjk 
&nbsp; asdlkfjsdfjlksdjflksdjfklsdjf 
&nbsp; asldkjflskdjflasdjflksjflasjk 
&nbsp; asdlkfjsdfjlksdjflksdjfklsdjf 
&nbsp; asldkjflskdjflasdjflksjflasjk 
&nbsp; ------End of Certificate----- 
&nbsp;  
&nbsp; The F5 box is sending it in this format: 
&nbsp;  
&nbsp; ----Begin Certificate----- asdlkfjsdfjlksdjflksdjfklsdjf asldkjflskdjflasdjflksjflasjk asdlkfjsdfjlksdjflksdjfklsdjf asldkjflskdjflasdjflksjflasjk sdlkfjsdfjlksdjflksdjfklsdjf asldkjflskdjflasdjflksjflasjk asdlkfjsdfjlksdjflksdjfklsdjf asldkjflskdjflasdjflksjflasjk ------End of Certificate----- 
&nbsp;  
&nbsp; We tried to replace the space with cr but the Irule is not working. 
&nbsp; The iRule: 
&nbsp; when RULE_INIT { 
&nbsp;  
&nbsp;     Session timeout. Length of time (in seconds) to store the client cert in the session table. 
&nbsp;    set ::session_timeout 3600 
&nbsp;  
&nbsp;     SSL::sessionid returns 64 0's if the session ID doesn't exist, so set a to check for this 
&nbsp;    set ::null_sessionid [string repeat 0 64] 
&nbsp; } 
&nbsp; when CLIENTSSL_CLIENTCERT { 
&nbsp;   if { [SSL::cert count] &gt; 0 } { 
&nbsp;      Add the cert to the session table for use in subsequent HTTP requests.  Use the SSL session ID as the key. 
&nbsp;     log "SSL_shops CLIENTSSL_CLIENTCERT" 
&nbsp;     session add ssl [SSL::sessionid] [X509::whole [SSL::cert 0]] $::session_timeout 
&nbsp;   } 
&nbsp; } 
&nbsp;  
&nbsp; I need a solution to get the carriage returns in my header because I can´t rewrite the application in the backend and it needs the cert for authentication. 
&nbsp;  
&nbsp; best regards, 
&nbsp; aonsux

hooleylist · Answer

Hi aonsux, 
&nbsp;  
&nbsp; You cannot have raw carriage returns in an HTTP header value as this is the delimiter between headers.  You can URL encode the cert before storing it in the session table.  The web app should URL decode it before trying to parse the value. 
&nbsp;  
&nbsp; session add ssl [SSL::sessionid] [URI::encode [X509::whole [SSL::cert 0]]] $::session_timeout 
&nbsp;  
&nbsp; Adding the cert URI encoded to the session table takes more memory, but saves on having to do the encoding on each HTTP request using the same SSL session ID. 
&nbsp;  
&nbsp; If there are problems with URL encoding, you might try base64 encoding the value.  This assumes the app can be changed to base64 decode the header value. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Modify http header to send carriage returns

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

The return of DevCentral CodeShare.

iRule to modify a content-security-policy header

Modify SSL profiles via REST API

Modifying iCall from TMSH

modified domain cookies