Forum Discussion
Rob_Wismans_179
Feb 22, 2018Nimbostratus
when CLIENT_ACCEPTED {
if { $static::debug == 2 } { log local0. "CIP: Client connected from [IP::client_addr]:[TCP::client_port]" }
}
when CLIENTSSL_CLIENTCERT {
if { $static::debug == 2 } {
Check if client presented a cert after it was requested/required
if { [SSL::cert count] > 0 } {
Loop through each cert and log the cert subject, issuer and serial number
for { set i 0 } { $i < [SSL::cert count] } { incr i } {
log local0. "CIP: [IP::client_addr]:[TCP::client_port]: cert $i; subject=[X509::subject [SSL::cert $i]];\
[X509::issuer [SSL::cert $i]]; cert_serial=[X509::serial_number [SSL::cert $i]];"
}
} else {
log local0. "CIP: [IP::client_addr]:[TCP::client_port]: No client cert found!"
}
}
}