Line | |
---|
1 | irule code for "EDIS_Parsex509_and_send_in_HTTP_Headers
|
---|
2 |
|
---|
3 |
|
---|
4 |
|
---|
5 |
|
---|
6 | when RULE_INIT {
|
---|
7 |
|
---|
8 | set debug 1
|
---|
9 |
|
---|
10 | }
|
---|
11 |
|
---|
12 |
|
---|
13 |
|
---|
14 | when CLIENTSSL_CLIENTCERT {
|
---|
15 |
|
---|
16 | if { $::debug } {
|
---|
17 |
|
---|
18 | if { [SSL::cert count] >= 1 } {
|
---|
19 |
|
---|
20 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: new certificate offered [X509::subject [SSL::cert 0]] and verification result [X509::verify_cert_error_string [SSL::verify_result]]]"
|
---|
21 |
|
---|
22 | } else {
|
---|
23 |
|
---|
24 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: no certificate offered"
|
---|
25 |
|
---|
26 | }
|
---|
27 |
|
---|
28 | }
|
---|
29 |
|
---|
30 | session add ssl [SSL::sessionid] [list [SSL::cert 0] [X509::verify_cert_error_string [SSL::verify_result]]] 600 }
|
---|
31 |
|
---|
32 |
|
---|
33 |
|
---|
34 | when HTTP_REQUEST {
|
---|
35 |
|
---|
36 | if { $::debug } {
|
---|
37 |
|
---|
38 | if { [session lookup ssl [SSL::sessionid]] != "" } {
|
---|
39 |
|
---|
40 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: session table entry subject: [X509::subject [lindex [session lookup ssl [SSL::sessionid]] 0]]"
|
---|
41 |
|
---|
42 | } else {
|
---|
43 |
|
---|
44 | log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: no session table entry"
|
---|
45 |
|
---|
46 | }
|
---|
47 |
|
---|
48 | }
|
---|
49 |
|
---|
50 | if { [lindex [session lookup ssl [SSL::sessionid]] 1] eq "ok" } {
|
---|
51 |
|
---|
52 | HTTP::header insert SSLClientCertStatus [lindex [session lookup ssl [SSL::sessionid]] 1]
|
---|
53 |
|
---|
54 | HTTP::header insert SSLClientCertSN [X509::serial_number [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
55 |
|
---|
56 | HTTP::header insert SSLClientCertValidFrom [X509::not_valid_before [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
57 |
|
---|
58 | HTTP::header insert SSLClientCertValidUtil [X509::not_valid_after [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
59 |
|
---|
60 | HTTP::header insert EdisClientMachineName [X509::subject [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
61 |
|
---|
62 | HTTP::header insert SSLClientCertIssuer [X509::issuer [lindex [session lookup ssl [SSL::sessionid]] 0]]
|
---|
63 |
|
---|
64 | } else {
|
---|
65 |
|
---|
66 | if { $::debug } { log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: cert error code is \"[session lookup ssl [SSL::sessionid]] 1]\"" }
|
---|
67 |
|
---|
68 | HTTP::redirect http://192.168.0.64/error.html
|
---|
69 |
|
---|
70 | }
|
---|
71 |
|
---|
72 | }
|
---|
73 |
|
---|
Note:
See
TracBrowser
for help on using the repository browser.