Forum Discussion
hooleylist
Sep 23, 2012Cirrostratus
If the client resumes an existing SSL session, they wouldn't hit the CLIENTSSL_CLIENTCERT event as they don't present the cert for that connection. You could change your check in HTTP_REQUEST to verify the variable exists and is set to 1:
when HTTP_REQUEST {
if { [info exists client_cert_ok] and $client_cert_ok == 1 }{
Allow request
} else {
HTTP::respond 403 content "Bad client certificate!"
}
}
Aaron