| Line | |
|---|
| 1 | irule code for "EDIS_Parsex509_and_send_in_HTTP_Headers
|
|---|
| 2 |
|
|---|
| 3 |
|
|---|
| 4 |
|
|---|
| 5 |
|
|---|
| 6 | when RULE_INIT {
|
|---|
| 7 |
|
|---|
| 8 | set debug 1
|
|---|
| 9 |
|
|---|
| 10 | }
|
|---|
| 11 |
|
|---|
| 12 |
|
|---|
| 13 |
|
|---|
| 14 | when CLIENTSSL_CLIENTCERT {
|
|---|
| 15 |
|
|---|
| 16 | if { $::debug } {
|
|---|
| 17 |
|
|---|
| 18 | if { [SSL::cert count] >= 1 } {
|
|---|
| 19 |
|
|---|
| 20 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: new certificate offered [X509::subject [SSL::cert 0]] and verification result [X509::verify_cert_error_string [SSL::verify_result]]]"
|
|---|
| 21 |
|
|---|
| 22 | } else {
|
|---|
| 23 |
|
|---|
| 24 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: no certificate offered"
|
|---|
| 25 |
|
|---|
| 26 | }
|
|---|
| 27 |
|
|---|
| 28 | }
|
|---|
| 29 |
|
|---|
| 30 | session add ssl [SSL::sessionid] [list [SSL::cert 0] [X509::verify_cert_error_string [SSL::verify_result]]] 600 }
|
|---|
| 31 |
|
|---|
| 32 |
|
|---|
| 33 |
|
|---|
| 34 | when HTTP_REQUEST {
|
|---|
| 35 |
|
|---|
| 36 | if { $::debug } {
|
|---|
| 37 |
|
|---|
| 38 | if { [session lookup ssl [SSL::sessionid]] != "" } {
|
|---|
| 39 |
|
|---|
| 40 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: session table entry subject: [X509::subject [lindex [session lookup ssl [SSL::sessionid]] 0]]"
|
|---|
| 41 |
|
|---|
| 42 | } else {
|
|---|
| 43 |
|
|---|
| 44 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: no session table entry"
|
|---|
| 45 |
|
|---|
| 46 | }
|
|---|
| 47 |
|
|---|
| 48 | }
|
|---|
| 49 |
|
|---|
| 50 | if { [lindex [session lookup ssl [SSL::sessionid]] 1] eq "ok" } {
|
|---|
| 51 |
|
|---|
| 52 | HTTP::header insert SSLClientCertStatus [lindex [session lookup ssl [SSL::sessionid]] 1]
|
|---|
| 53 |
|
|---|
| 54 | HTTP::header insert SSLClientCertSN [X509::serial_number [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
|---|
| 55 |
|
|---|
| 56 | HTTP::header insert SSLClientCertValidFrom [X509::not_valid_before [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
|---|
| 57 |
|
|---|
| 58 | HTTP::header insert SSLClientCertValidUtil [X509::not_valid_after [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
|---|
| 59 |
|
|---|
| 60 | HTTP::header insert EdisClientMachineName [X509::subject [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
|---|
| 61 |
|
|---|
| 62 | HTTP::header insert SSLClientCertIssuer [X509::issuer [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
|---|
| 63 |
|
|---|
| 64 | } else {
|
|---|
| 65 |
|
|---|
| 66 | if { $::debug } { log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: cert error code is \"[session lookup ssl [SSL::sessionid]] 1]\"" }
|
|---|
| 67 |
|
|---|
| 68 | HTTP::redirect http://192.168.0.64/error.html
|
|---|
| 69 |
|
|---|
| 70 | }
|
|---|
| 71 |
|
|---|
| 72 | }
|
|---|
| 73 |
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
