Forum Discussion
Maxim_Taskov_90
Nov 18, 2011Nimbostratus
Hoolio, nitass, this is what F5 Engineering Services delivered as a workaround but I can't make it compile yet, I am still tryng to figure out the logic:
when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] > 0}{
set allfield "[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]"
log local0. "$allfield"
if { $allfield contains "SSLClientCertSubject" } {
log local0. "matched SSLClientCertSubject"
set subject_dn [X509::subject [SSL::cert 0]]
} else {
log local0. "not matched SSLClientCertSubject"
set subject_dn ""
}
log local0. "Client Certificate Received: $subject_dn"
if {$subject_dn eq ""} {
log local0. "Client Certificate with blank subject was detected"
reject
} elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {
log local0. "Client Certificate Accepted: $subject_dn"
} else {
log local0. "Unauthorized Client Certificate was detected: $subject_dn"
reject
}
}
}
Can you see a sytax error anywhere or is it the logic that is flawed?