RobW
Apr 01, 2008Nimbostratus
X509 subject reorder and subsitution
I have a pool of servers with an application that expect to be presented with the X509 subject in the following manner.
Alteon/Nortel -
X-SSL: peersubject="/C=TZ/O=T.Z. Corp/OU=PoP/OU=PKI/OU=CONTRACTOR/CN=LN.FN.027060322604"
We are currently migrating to the LTMS
The iRule I currently have presents the X509 subject in the following manner.
X-SSL: CN=LN.FN.027060322604,OU=CONTRACTOR,OU=PKI,OU=PoP,O=T.Z. Corp,C=TZ
when CLIENTSSL_CLIENTCERT {
set cert [SSL::cert 0]
session add ssl [SSL::sessionid] $cert 600
}
when HTTP_REQUEST {
set client_cert [session lookup ssl [SSL::sessionid]]
if { $client_cert eq ""} {
SSL::renegotiate
} else {
HTTP::header insert X-SSL [X509::subject $client_cert]
}
}
I have been asked to reformat the data sting, X509 subject, to match
what the Alteons sent.
X-SSL: peersubject="/C=TZ/O=T.Z. Corp/OU=PoP/OU=PKI/OU=CONTRACTOR/CN=LN.FN.027060322604"
My attemps to split and reoder the data have failed. Any help is appreciated.
list elements 0 1 2 3 4 5 need to be reorder 5 4 3 2 1 0 and then I need to insert forward slash as a seperator.
when CLIENTSSL_CLIENTCERT {
set cert [ SSL::cert 0 ]
session add ssl [ SSL::sessionid ] $cert 600
}
when HTTP_REQUEST {
set client_cert [ split [ session lookup ssl [ SSL::sessionid ] ] "," ]
set client_cert_subject [ lindex $client_cert ]
set peersubject "peersubject="
set X509_subject [lindex [ split $client_cert "," ] 5 4 3 2 1 0]
if { $client_cert eq ""} {
SSL::renegotiate
} else {
HTTP::header insert X-SSL [ X509::subject $peersubject"$client_cert" ]
}
}
Ultimate iRule goal X-SSL: peersubject="/C=TZ/O=T.Z. Corp/OU=PoP/OU=PKI/OU=CONTRACTOR/CN=LN.FN.027060322604
-Rob