DataScript: avi.ssl.client-cert-verify-error

DataScript

</tbody> </table>
Function avi.ssl.client_cert_verify_error()
Description This API can be used to get the result of the client certificate authentication and CRL checks.
Events VS_DATASCRIPT_EVT_SSL_HANDSHAKE_DONE
VS_DATASCRIPT_EVT_HTTP_REQ
VS_DATASCRIPT_EVT_HTTP_REQ_DATA
Parameters None
Returns This API returns two values:
  1. First return value of:
    • 0 - indicates client did not present a certificate
    • 1 - indicates client's certificate is valid
    • 2 - indicates client's certificate is invalid
  2. Second return value is for a specific error code, if first return value is 2. Refer to the OpenSSL verify documentation to understand the specific meaning of these error codes returned by SSL stack.
  3. </ul> </td> </tr>
Example

if avi.ssl.server_name() == "secure.example.com" then 
 avi.ssl.set_pki_profile(avi.CLIENT_VERIFY_REQUEST, "pkiprofile-ca", avi.AUTHENTICATE_ONLY_ONCE)
 avi.ssl.renegotiate()
 verify_err, error_code = avi.ssl.client_cert_verify_error()
 if verify_err == 0 or (verify_err == 2 and error_code~= 0) then
 avi.http.close_connection() end
end