Forum Discussion
Jeremy_Church_3
Apr 06, 2017Cirrus
Hello,
The command
not only shows the result of the client certificate verification, but can also be used to change the result.SSL::verify_result
when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] > 0} {
if {[SSL::verify_result] == 0} {
at this point, the client was already determined to be valid.
if {"your check is false"} {
certificate does not match, respond like we don't trust them
SSL::verify_result 20
}
}
}
}
I recommend using the command in the
CLIENTSSL_CLIENTCERT
event. This should result in an actual SSL alert response.
The
page provides several possible error responses.SSL::verify_result