Zdenda
May 14, 2014Cirrus
Remove "line breaks" from information added into HTTP header
Hi all, I use iRule to extract info about client SSL certificate and add it into HTTP header sent to server. I had to update it a bit because info about SSL certificate was not in PEM format.
Now it looks like this:
when CLIENTSSL_CLIENTCERT {
log local0.info "SSL cert count: [SSL::cert count]"
log local0.info "SSL cert used: [SSL::cert 0]"
set cert [SSL::cert 0]
set cert_whole [X509::whole $cert]
set subject [X509::subject $cert]
set issuer [X509::issuer $cert]
set nva [X509::not_valid_after $cert]
set sn [X509::serial_number $cert]
set chash [X509::hash $cert]
set nvb [X509::not_valid_before $cert]
session add uie [SSL::sessionid] [list $cert_whole $subject $issuer $nva $sn $chash $nvb] 1800
}
when HTTP_REQUEST {
log local0.info "session lookup: [session lookup uie [SSL::sessionid]]"
if { [SSL::cert count] < 1 } {
SSL::authenticate once
SSL::authenticate depth 9
SSL::cert mode request
SSL::renegotiate
} else {
set values [session lookup uie [SSL::sessionid] ]
if { [lindex $values 0] != "" } {
HTTP::header insert Client-Auth "Valid cert"
log local0. "Inserting Client-Auth Valid cert"
HTTP::header insert X-SSL-DN [lindex $values 1]
log local0. "Inserting X-SSL-DN [lindex $values 1]"
HTTP::header insert X-SSL-Issuer [lindex $values 2]
log local0. "Inserting X-SSL-Issuer [lindex $values 2]"
HTTP::header insert X-SSL-Hash [lindex $values 5]
log local0. "Inserting X-SSL-Hash [lindex $values 5]"
HTTP::header insert X-SSL-Not-Before [lindex $values 6]
log local0. "Inserting X-SSL-Not-Before [lindex $values 6]"
HTTP::header insert X-SSL-Not-After [lindex $values 3]
log local0. "Inserting X-SSL-Not-After [lindex $values 3]"
HTTP::header insert X-SSL-SN [lindex $values 4]
log local0. "Inserting X-SSL-SN [lindex $values 4]"
HTTP::header insert X-SSL-Certificate [lindex $values 0]
log local0. "Inserting X-SSL-Certificate [lindex $values 0]"
}
}
}
Problem is with whole PEM certificate added into HTTP header, it is stored with linebreaks (like standard cert in PEM format you receive from CA), but I need it to be in one line only. Do you know about any way how to remove all line breaks from SSL cert in PEM code?
Thanks, Zdenek