uni
Mar 24, 2006Altostratus
What is [SSL:cert count] a count of?
When I use the rule and clientssl profile below, the log show [SSL::cert count] as 2, and CLIENTSSL_CLIENTCERT is executed twice. Is this because my CA file in
client cert ca "the-ca-bundle.crt"
contains two certificates, and the client verifies against them sequentially until one matches?
What would be really nice is some doco on some of these commands. In particular the session command. Can someone point me to a source for this? The wiki seems to have a place-holder for every topic I want to know about.
Thanks.
-
when CLIENTSSL_CLIENTCERT {
log "ssl cert count = [SSL::cert count]"
}
profile clientssl the_clientssl_profile {
...
client cert ca "the-ca-bundle.crt"
...
}
Mar 24 23:58:30 tmm tmm[27979]: 01220002:6: Rule DHS_FSF_https : ssl cert count = 2
Mar 24 23:58:34 tmm tmm[27979]: 01220002:6: Rule DHS_FSF_https : ssl cert count = 2