chfrchfr_325824
Jul 14, 2017Nimbostratus
Revoked Cert in CRL not logging
I have a authentication profile CRLDP server set that uses an LDAP instance to check the client cert presented against the LDAP CRL. This works fine and revoked certificates do not successfully handshake. However I don't seem to get any logs of a revoked certificate being presented.
I thought I may need an iRule to accomplish this but after playing around with X509::verify_cert_error_string and SSL::verify_result I'm stuck. I keep getting an OpenSSL verify value of 0 X509_V_OK when I expect at least one to be 23 X509_V_ERR_CERT_REVOKED
Has anyone got an iRule that successfully logs this info?
PS.I'd prefer not to abandon the authentication profile in favour of an Access Policy profile.
Thanks