Mike_Maher
Nimbostratus
NimbostratusIssue with iRule going from v10.2 to v11.2
I have the following iRule installed in production to pass certificate authentication from a client to the server on the back end. It is working just fine today on the v10.2 ASMs, however in my test environment I am having issues on my v11.2 device, if I fail traffic over to a v10.2 it works just fine.
If anyone has any insight as to what might be wrong with this iRule going into v11.2 I would appreciate any help I can get.
when CLIENT_ACCEPTED {
set first_time 0
set released 0
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/Trust" } {
if { [SSL::cert count] <= 0 } {
HTTP::collect
SSL::session invalidate
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode request
SSL::renegotiate
} else {
set c_cert [SSL::cert 0]
}
}
}
when CLIENTSSL_CLIENTCERT {
if { [SSL::cert count] < 1 } {
reject
} else {
set c_cert [SSL::cert 0]
HTTP::release
set released 1
}
}
when CLIENTSSL_HANDSHAKE {
if { [SSL::cert count] < 1 } {
if { $first_time == 0 } {
set released 0
set first_time 1
} else {
set released 0
reject
}
} else {
if { $released != 1 } {
set c_cert [SSL::cert 0]
HTTP::release
set released 0
}
}
}
when HTTP_REQUEST_SEND {
clientside {
if { [info exists c_cert] } {
HTTP::header insert X-Client-Cert [b64encode $c_cert]
}
}
}
