Look at this code, it manage certificate client auth and display the CN of the user.
As you can see, HTTP_REQUEST event is not evaluated after Client cert auth.
when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] < 1}{
reject
} else {
HTTP::release
array set subject [ split [string map {"\\," "," " , " "|" ", " "|" " ," "|" "," "|" "\\=" "=" " = " "|" "= " "|" " =" "|" "=" "|"} [X509::subject [SSL::cert 0]]] "|"];
}
}
when HTTP_REQUEST {
Check authentication mode selected in previous HTTP_REQUEST event
if { [SSL::cert count] == 0 } {
if there is no client certificate hold the HTTP request till the SSL re-negotiation is done.
HTTP::collect
SSL::session invalidate
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
set request_headers [HTTP::request]
} else {
This code is not evaluated during the first request asking for authentication
log local0. "Subject : $subject(CN)"
HTTP::respond 200 content "
Authenticated
You are authenticated successfuly : $subject(CN)
" noserver
}
}
when HTTP_REQUEST_RELEASE {
if { [info exists subject] } {
log local0. "Subject : $subject(CN)"
HTTP::respond 200 content "
Authenticated
You are authenticated successfuly : $subject(CN)
" noserver
}
}
Nimbostratus
