Options
insert the client SSL certificate into a header
![[Deleted User]](https://w2.vanillicon.com/v2/2e87888bd9b51a94a6457c8f7f609a9c.svg)
in aFleX
Posted by brunov
How can I use aflex to capture the client ssl Certificate and insert in into an HTTP header. This can be used by the server to validate certain information about the client.
Pre-requisite:
• You must have 2.6.1-P2 ([X509::whole $session_data] is only available from that release forward)
Code:
Thank you Dimitri for help on getting the aflex code and testing
How can I use aflex to capture the client ssl Certificate and insert in into an HTTP header. This can be used by the server to validate certain information about the client.
Pre-requisite:
• You must have 2.6.1-P2 ([X509::whole $session_data] is only available from that release forward)
Code:
when CLIENTSSL_HANDSHAKE {
# Check if there is a client cert
if {[SSL::cert count] > 0} {
# Insert the client cert in the "session ssl" table for 600 seconds
set clientcert [SSL::cert 0]
session add ssl [SSL::sessionid] $clientcert 600
log "Client [IP::client_addr] port [TCP::client_port] - Added new session ssl entry for SessionID[SSL::sessionid]"
}
}
when HTTP_REQUEST {
# Check for each request the client SSL SessionID
if {[SSL::sessionid] ne ""} {
set session_data [session lookup ssl [SSL::sessionid]]
# Insert the client cert in the header clientcert (without "BEGIN" and "END" and space + \n \r)
HTTP::header insert "lws" clientcert [string map -nocase {" " "" \n "" \r ""} [findstr [X509::whole $session_data] "-----BEGIN CERTIFICATE-----" 28 "-----END CERTIFICATE-----"]]
log "inserted header = $certnospace"
}
}
Thank you Dimitri for help on getting the aflex code and testing
0