SSL::handshake

Description

Halts or resumes SSL activity. This is useful for suspending SSL activity while authentication is in progress.

Syntax

SSL::handshake hold
SSL::handshake resume

SSL::handshake hold

  • Halts any SSL activity. Typically used when an authentication request is made.

SSL::handshake resume

  • Resumes any SSL activity that the system previously halted with the ‘’’SSL::handshake hold* command. Typically used when a successful authentication response has been returned.

Examples

when CLIENT_ACCEPTED {
  set auth_ldap_sid [AUTH::start pam default_ssl_cc_ldap]
  set auth_success 0
}
when CLIENTSSL_CLIENTCERT {
  AUTH::cert_credential $auth_ldap_sid [SSL::cert 0]
  AUTH::authenticate $auth_ldap_sid
  SSL::handshake hold
}
when AUTH_SUCCESS {
  if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
    set auth_success 1
    SSL::handshake resume
  }
}
when AUTH_WANTCREDENTIAL {
  if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
    reject
  }
}
when AUTH_ERROR {
  if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
    reject
  }
}
when AUTH_FAILURE {
  if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
    SSL::handshake resume
  }
}
when HTTP_REQUEST {
  if {$auth_success != 1} {
    HTTP::redirect "http://errorserver/certerror.html"
  }
}