ltm rule command SSL authenticate

iRule(1)					  BIG-IP TMSH Manual					     iRule(1)

SSL::authenticate
       Overrides the current setting for authentication frequency or for the maximum depth of certificate chain
       traversal.

SYNOPSIS
       SSL::authenticate (once | always | (depth DEPTH))

DESCRIPTION
       Overrides the current setting for authentication frequency or for the maximum depth of certificate chain
       traversal.

       SSL::authenticate <"once" | "always">
	   Valid in a client-side context only, this command overrides the client-side SSL connectionXs current
       setting regarding authentication frequency.

       SSL::authenticate depth 
	   When the system evaluates the command in a client-side context, the command overrides the client-side SSL
       connectionXs current setting regarding maximum certificate chain traversal depth.
	   When the system evaluates the command in a server-side context, the command overrides the server-side SSL
       connectionXs current setting regarding maximum certificate chain traversal depth.

RETURN VALUE
VALID DURING
       ANY_EVENT

EXAMPLES
	when CLIENT_ACCEPTED {
	    set session_flag 0
	}
	when CLIENTSSL_HANDSHAKE {
	    if { [SSL::cert count] != 0 } {
		log "Client cert is OK; releasing HTTP request."
		HTTP::release
	    }
	}
	when HTTP_REQUEST {
	    if { [HTTP::uri] starts_with "/secure/" } {
		log "Certificate required for: [HTTP::uri]"
		if { [SSL::cert count] == 0} {
		    log "No cert found. Holding HTTP request until a client cert is presented..."
		HTTP::collect
		    set session_flag 1
		    SSL::authenticate always
		    SSL::authenticate depth 9
		    SSL::cert mode require
		    SSL::renegotiate
		}
	    }
	    else {
		log "No certificate needed for: [HTTP::uri]"
	    }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.

BIG-IP						      2020-06-23					     iRule(1)