Forum Discussion
ackaljn
Apr 10, 2019Nimbostratus
I've noticed the session.ssl.cert.valid variable values seem backwards. Pulled from a currently connected session that went through a On-Demand Cert Auth:
session.ssl.cert.exist=1
session.ssl.cert.valid=0
session.ssl.cert.whole contains the entire cert, it should exist if the client presents a cert.
I looked at the default successful branch rule for On-Demand Cert Auth and its "expr { [mcget {session.ssl.cert.valid}] == "0" }"