Goran_Blomquis1
Mar 26, 2009Nimbostratus
Set ssl to require and pass cert when uri /manual
Hi devcentral
I try to write a I-rule that change ignore to require in SSLclient profile. I think Iḿ on the right track, but backend seems to be very slow and ask for cert all the time. I see in log that cert info are passed to backend when /manual is in URI.
when CLIENTSSL_HANDSHAKE {
if { [SSL::cert count] > 0 }{
set cur [SSL::sessionid]
set ask [session lookup ssl $cur]
if { $ask eq "" } {
session add ssl [SSL::sessionid] [SSL::cert 0]
HTTP::release
}
}
}
when HTTP_REQUEST {
set requestcertificatepage_uri [string tolower [HTTP::uri]]
log local5. "vilken uri [HTTP::uri]"
if {$requestcertificatepage_uri contains "/manual"} {
if {[SSL::cert count] == 0} {
HTTP::collect
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
set id [SSL::sessionid]
set the_cert [session lookup ssl $id]
if { $the_cert != ""} {
HTTP::header replace X-Client-Cert [b64encode $the_cert]
log local5. "putt clientcert in header [b64encode $the_cert]"
}
}
}
}
Have a greate day