irule code for "EDIS_Parsex509_and_send_in_HTTP_Headers when RULE_INIT { set debug 1 } when CLIENTSSL_CLIENTCERT { if { $::debug } { if { [SSL::cert count] >= 1 } { log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: new certificate offered [X509::subject [SSL::cert 0]] and verification result [X509::verify_cert_error_string [SSL::verify_result]]]" } else { log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: no certificate offered" } } session add ssl [SSL::sessionid] [list [SSL::cert 0] [X509::verify_cert_error_string [SSL::verify_result]]] 600 } when HTTP_REQUEST { if { $::debug } { if { [session lookup ssl [SSL::sessionid]] != "" } { log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: session table entry subject: [X509::subject [lindex [session lookup ssl [SSL::sessionid]] 0]]" } else { log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: no session table entry" } } if { [lindex [session lookup ssl [SSL::sessionid]] 1] eq "ok" } { HTTP::header insert SSLClientCertStatus [lindex [session lookup ssl [SSL::sessionid]] 1] HTTP::header insert SSLClientCertSN [X509::serial_number [lindex [session lookup ssl [SSL::sessionid]] 0]] HTTP::header insert SSLClientCertValidFrom [X509::not_valid_before [lindex [session lookup ssl [SSL::sessionid]] 0]] HTTP::header insert SSLClientCertValidUtil [X509::not_valid_after [lindex [session lookup ssl [SSL::sessionid]] 0]] HTTP::header insert EdisClientMachineName [X509::subject [lindex [session lookup ssl [SSL::sessionid]] 0]] HTTP::header insert SSLClientCertIssuer [X509::issuer [lindex [session lookup ssl [SSL::sessionid]] 0]] } else { if { $::debug } { log local0. "SSL ID [SSL::sessionid] from client [IP::client_addr]:[TCP::client_port]: cert error code is \"[session lookup ssl [SSL::sessionid]] 1]\"" } HTTP::redirect http://192.168.0.64/error.html } }