SSL::authenticate¶
Description¶
Overrides the current setting for authentication frequency or for the
maximum depth of certificate chain traversal.
Syntax¶
SSL::authenticate <"once" | "always">
SSL::authenticate depth <number>
SSL::authenticate <”once” | “always”>¶
- Valid in a client-side context only, this command overrides the client-side SSL connection’s current setting regarding authentication frequency.
SSL::authenticate depth <number>¶
- When the system evaluates the command in a client-side context, the command overrides the client-side SSL connection’s current setting regarding maximum certificate chain traversal depth.
- When the system evaluates the command in a server-side context, the command overrides the server-side SSL connection’s current setting regarding maximum certificate chain traversal depth.
Examples¶
when CLIENT_ACCEPTED {
set session_flag 0
}
when CLIENTSSL_HANDSHAKE {
if { [SSL::cert count] != 0 } {
log "Client cert is OK; releasing HTTP request."
HTTP::release
}
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/secure/" } {
log "Certificate required for: [HTTP::uri]"
if { [SSL::cert count] == 0} {
log "No cert found. Holding HTTP request until a client cert is presented..."
HTTP::collect
set session_flag 1
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
}
else {
log "No certificate needed for: [HTTP::uri]"
}
}