Sinan_WANG
May 12, 2010Nimbostratus
How to changer V9 iRule Insert Certificat Value in HTTP header to V10
Hi all
We update our LTM's version 9.4.7 to version 10.1.0
There have a iRule didn't worked. And I know in version 10, used table command to instead session.
I haved try to rewrite the iRule.
V9 iRule
=============================================================
when CLIENTSSL_CLIENTCERT {
session add [SSL::sessionid] [SSL::cert 0]
}
when HTTP_REQUEST {
set id [SSL::sessionid]
set cert [session lookup $id]
HTTP::header insert SSLCLIENTCERTSUBJECT [X509::subject $cert],[X509::issuer $cert],[X509::version $cert],[X509::serial_number $cert],[X509::not_valid_before $cert],[X509::not_valid_after $cert]
HTTP::header insert issuer [X509::issuer $cert]
HTTP::header insert versionnum [X509::version $cert]
HTTP::header insert serial [X509::serial_number $cert]
HTTP::header insert not_valid_before [X509::not_valid_before $cert]
HTTP::header insert not_valid_after [X509::not_valid_after $cert]
}
==============================================================
V10
==============================================================
when CLIENTSSL_CLIENTCERT {
table set [SSL::sessionid] [SSL::cert 0]
}
when HTTP_REQUEST {
set cert [table lookup [SSL::sessionid]]
HTTP::header insert SSLCLIENTCERTSUBJECT [X509::subject $cert],[X509::issuer $cert],[X509::version $cert],[X509::serial_number $cert],[X509::not_valid_before $cert],[X509::not_valid_after $cert]
HTTP::header insert issuer [X509::issuer $cert]
HTTP::header insert versionnum [X509::version $cert]
HTTP::header insert serial [X509::serial_number $cert]
HTTP::header insert not_valid_before [X509::not_valid_before $cert]
HTTP::header insert not_valid_after [X509::not_valid_after $cert]
}
==============================================================
But there have errer in the log.
local/tmm err tmm[26191]: 01220001:3: TCL error: insert_cert_to_header_2 - while executing "X509::subject $cert"
local/tmm7 err tmm7[26198]: 01220001:3: TCL error: insert_cert_to_header_2 - while executing "X509::subject $cert"
It's my irule right?
thanks.