SSL::handshake¶
Description¶
Halts or resumes SSL activity. This is useful for suspending SSL
activity while authentication is in progress.
Syntax¶
SSL::handshake hold
SSL::handshake resume
SSL::handshake resume¶
- Resumes any SSL activity that the system previously halted with the ‘’’SSL::handshake hold* command. Typically used when a successful authentication response has been returned.
Examples¶
when CLIENT_ACCEPTED {
set auth_ldap_sid [AUTH::start pam default_ssl_cc_ldap]
set auth_success 0
}
when CLIENTSSL_CLIENTCERT {
AUTH::cert_credential $auth_ldap_sid [SSL::cert 0]
AUTH::authenticate $auth_ldap_sid
SSL::handshake hold
}
when AUTH_SUCCESS {
if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
set auth_success 1
SSL::handshake resume
}
}
when AUTH_WANTCREDENTIAL {
if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
reject
}
}
when AUTH_ERROR {
if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
reject
}
}
when AUTH_FAILURE {
if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
SSL::handshake resume
}
}
when HTTP_REQUEST {
if {$auth_success != 1} {
HTTP::redirect "http://errorserver/certerror.html"
}
}