The get-client-cert function gets the authenticated client certificate from the SSL3 session. It can apply to all HTTP methods, or only to those that match a specified pattern. It only works when SSL is enabled on the server.
If the certificate is present or obtained from the SSL3 session, the function returns REQ_NOACTION and allows the request to proceed. Otherwise, it returns REQ_ABORTED and sets the protocol status to 403 forbidden, causing the request to fail.
The following table describes parameters for the get-client-cert function.
Table 7–24 get-client-cert Parameters
Parameter |
Description |
---|---|
(Optional) Controls whether to actually get the certificate, or just test for its presence.
The default value is 0. |
|
(Optional) Controls whether failure to get a client certificate will abort the HTTP request.
The default value is 1. |
|
(Optional) Specifies a wildcard pattern for the HTTP methods for which the function will be applied. If method is absent, the function is applied to all requests. |
|
bucket |
(Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter. |
# Get the client certificate from the session. # If a certificate is not already associated with the session, request one. # The request fails if the client does not present a #valid certificate. PathCheck fn="get-client-cert" dorequest="1"