Forum Discussion
Rob_Wismans_179
Feb 22, 2018Nimbostratus
when CLIENTSSL_HANDSHAKE {
if { $static::debug == 2 } { log local0. "CIP: Handshake event triggered" }
set cert_subject [X509::subject [SSL::cert 0]]
if { $static::debug == 2 } { log local0. "CIP: Start processing certificate $cert_subject" }
By default reject the certificate
set reject 1
set auth ""
Lookup the subject in the datagrouplist and return as a list with name and value paired
set matches [class match -element -all $cert_subject contains /CIP/CIP-Client_Cert-Test02]
if { $static::debug == 2 } { log local0. "CIP: Found [llength $matches] matches in datagroup, Value Of: $matches" }
Check for valid result from lookup
if { [llength $matches] != 0 } {
set auth [lindex $matches 1]
if { $static::debug == 2 } { log local0. "CIP: Matching client certificate (DN: $cert_subject, SN: [X509::serial_number [SSL::cert 0]], Auth: $auth)" }
set reject 0
}
}