erros in ltm log
Hi,
BigIp Version 10.x
I,ve everyday a lot of errors in the ltm log.
Errors like this:
May 30 19:22:59 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 19:27:49 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 19:28:25 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 19:39:36 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 20:26:54 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 20:52:09 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 20:52:10 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 21:13:23 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 21:13:38 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - wrong args: should be "session lookup ssl " while executing "session lookup ssl [SSL::sessionid]"
May 30 21:15:23 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - while executing "X509::subject $cert"
May 30 21:15:32 local/tmm err tmm[5277]: 01220001:3: TCL error: ssl_client_rule - wrong args: should be "session lookup ssl " while executing "session lookup ssl [SSL::sessionid]"
Irule used:
when CLIENTSSL_CLIENTCERT {
set cert [SSL::cert 0]
set status [X509::verify_cert_error_string [SSL::verify_result]]
set subject [X509::subject $cert]
set serial [X509::serial_number $cert]
set values [list $cert $status $subject $serial]
session add ssl [SSL::sessionid] $values 1800
}
when HTTP_REQUEST {
set values [session lookup ssl [SSL::sessionid]]
if { [lindex $values 1] equals "ok" } {"
HTTP::header insert ClientSSL_subject [lindex $values 2]
HTTP::header insert ClientSSL_serial [lindex $values 3]
pool dakota
HTTP::header remove "If-Modified-Since"
} elseif { [lindex $values 1] equals "" } {
HTTP::redirect "https://sslerro.xx.xx/errors/nocert.htm"
SSL::session invalidate
} else {
HTTP::redirect "https://sslerror.xx.xx/errors/cert_error.htm"
SSL::session invalidate
}
}
I know something has changed within version 10 (https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote_10_1_0_ltm.html)
SSL::cert iRule commands (CR116806)
Any ideas to avoid the errors in the ltml log?
Dirk