Rev | Line | |
---|
[1240] | 1 | irule code for "EDIS_Parsex509_and_send_in_HTTP_Headers
|
---|
| 2 |
|
---|
| 3 |
|
---|
| 4 |
|
---|
| 5 |
|
---|
| 6 | when RULE_INIT {
|
---|
| 7 |
|
---|
| 8 | set debug 1
|
---|
| 9 |
|
---|
| 10 | }
|
---|
| 11 |
|
---|
| 12 |
|
---|
| 13 |
|
---|
| 14 | when CLIENTSSL_CLIENTCERT {
|
---|
| 15 |
|
---|
| 16 | if { $::debug } {
|
---|
| 17 |
|
---|
| 18 | if { [SSL::cert count] >= 1 } {
|
---|
| 19 |
|
---|
| 20 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: new certificate offered [X509::subject [SSL::cert 0]] and verification result [X509::verify_cert_error_string [SSL::verify_result]]]"
|
---|
| 21 |
|
---|
| 22 | } else {
|
---|
| 23 |
|
---|
| 24 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: no certificate offered"
|
---|
| 25 |
|
---|
| 26 | }
|
---|
| 27 |
|
---|
| 28 | }
|
---|
| 29 |
|
---|
| 30 | session add ssl [SSL::sessionid] [list [SSL::cert 0] [X509::verify_cert_error_string [SSL::verify_result]]] 600 }
|
---|
| 31 |
|
---|
| 32 |
|
---|
| 33 |
|
---|
| 34 | when HTTP_REQUEST {
|
---|
| 35 |
|
---|
| 36 | if { $::debug } {
|
---|
| 37 |
|
---|
| 38 | if { [session lookup ssl [SSL::sessionid]] != "" } {
|
---|
| 39 |
|
---|
| 40 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: session table entry subject: [X509::subject [lindex [session lookup ssl [SSL::sessionid]] 0]]"
|
---|
| 41 |
|
---|
| 42 | } else {
|
---|
| 43 |
|
---|
| 44 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: no session table entry"
|
---|
| 45 |
|
---|
| 46 | }
|
---|
| 47 |
|
---|
| 48 | }
|
---|
| 49 |
|
---|
| 50 | if { [lindex [session lookup ssl [SSL::sessionid]] 1] eq "ok" } {
|
---|
| 51 |
|
---|
| 52 | HTTP::header insert SSLClientCertStatus [lindex [session lookup ssl [SSL::sessionid]] 1]
|
---|
| 53 |
|
---|
| 54 | HTTP::header insert SSLClientCertSN [X509::serial_number [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
| 55 |
|
---|
| 56 | HTTP::header insert SSLClientCertValidFrom [X509::not_valid_before [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
| 57 |
|
---|
| 58 | HTTP::header insert SSLClientCertValidUtil [X509::not_valid_after [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
| 59 |
|
---|
| 60 | HTTP::header insert EdisClientMachineName [X509::subject [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
| 61 |
|
---|
| 62 | HTTP::header insert SSLClientCertIssuer [X509::issuer [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
| 63 |
|
---|
| 64 | } else {
|
---|
| 65 |
|
---|
| 66 | if { $::debug } { log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: cert error code is \"[session lookup ssl [SSL::sessionid]] 1]\"" }
|
---|
| 67 |
|
---|
| 68 | HTTP::redirect http://192.168.0.64/error.html
|
---|
| 69 |
|
---|
| 70 | }
|
---|
| 71 |
|
---|
| 72 | }
|
---|
| 73 |
|
---|
Note:
See
TracBrowser
for help on using the repository browser.