Forum Discussion

Nimbostratus

Apr 06, 2005

SSL cert verify TCL error?

I have the following iRule: when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0 ] } when HTTP_REQUEST { set stuff [X509::subject $cert ] if { [matchclas...

Nimbostratus

Apr 06, 2005

Ok so I realized my plan was flawed in that, as was pointed out to me above, a client will not present a cert on each and every http request. So, I began going down the road of tracking whether we have validated a cert using the session table. However, I seem to be doing something wrong just adding the session entry. The rule:

 
 when CLIENTSSL_CLIENTCERT { 
   set id [SSL::sessionid] 
   session add ssl $id [X509::verify_cert_error_string [SSL::verify_result]] 180 
 } 
 when HTTP_REQUEST {  
      if {[SSL::cert count] == 0} {      
          reject 
      } else { 
          set subject [X509::subject [SSL::cert 0 ]]  
          if { [matchclass $subject contains $::merlin] } {  
             use pool test-sun   
          }  
      }  
  }

..Generates the error:

Apr 6 12:01:39 tmm tmm[5569]: 01220001:3: TCL error: Rule test - Prerequisite operation not in progress (line 1) invoked from within "session add ssl $id [X509::verify_cert_error_string [SSL::verify_result]] 180"

..what is the prerequisite operation that is not in progress?

Forum Discussion

SSL cert verify TCL error?

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Capturing load sys config verify errors to a file

Verifying Local Traffic Policy and iRule Precedence

Verified Design: SSL Orchestrator with Cisco Firepower Virtual Edition-Part 1

Verifying Slack Requests with Mutual TLS