Forum Discussion
hooleylist
Feb 22, 2010Cirrostratus
The issue with that approach is that you cannot send an HTTP response from the HTTP_REQUEST_SEND event. When I ran into that issue, F5 development created a hotfix to allow sending an HTTP response from the CLIENTSSL_HANDSHAKE event:
CR125264 - HTTP::respond should be allowed in CLIENTSSL_HANDSHAKE (fix ncluded in 9.4.8HF3)
Also, you're resetting the connection in CLIENTSSL_CLIENTCERT if the client doesn't present a cert. To handle this more gracefully and send an HTTP response in that case, you need another fix included in 9.4.8HF3:
CR111646: Connections are no longer rejected when clients fail to send a certificate to a virtual server with a clientssl profile configured to "request" one.
Aaron