What is [SSL:cert count] a count of?

Question

When I use the rule and clientssl profile below, the log show [SSL::cert count] as 2, and CLIENTSSL_CLIENTCERT is executed twice. Is this because my CA file in &nbsp;
&nbsp;    client cert ca "the-ca-bundle.crt"&nbsp;
&nbsp;contains two certificates, and the client verifies against them sequentially until one matches?&nbsp;
&nbsp;What would be really nice is some doco on some of these commands. In particular the session command. Can someone point me to a source for this? The wiki seems to have a place-holder for every topic I want to know about.&nbsp;
&nbsp;Thanks.
&nbsp;-&nbsp;
&nbsp;when CLIENTSSL_CLIENTCERT {
&nbsp;    log "ssl cert count = [SSL::cert count]"
&nbsp;}&nbsp;
&nbsp;profile clientssl the_clientssl_profile {
&nbsp;   ...
&nbsp;   client cert ca "the-ca-bundle.crt"
&nbsp;   ...
&nbsp;}&nbsp;&nbsp;
&nbsp;Mar 24 23:58:30 tmm tmm[27979]: 01220002:6: Rule DHS_FSF_https : ssl cert count = 2
&nbsp;Mar 24 23:58:34 tmm tmm[27979]: 01220002:6: Rule DHS_FSF_https : ssl cert count = 2&nbsp;&nbsp;

uni · Answer

Thanks Colin for your reply.&nbsp;
&nbsp;Regarding further documentation, I'm really curious as to what the "session" command does. I have seen it used in several examples, particularly when referencing client certificate information. From these examples though, I could not work out what "session" was doing, nor why it was being used.

Forum Discussion

What is [SSL:cert count] a count of?

1 Reply

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

APM sesions count per partition

The table Command: Counting

get_statistics method failing when trying to get current connection counts

F5 ASM | count violation

TMSH equivalent command for virtual count