DataScript: avi.ssl.client_cert_verify_mode

DataScript

Function avi.ssl.get_client_cert_verify_mode()
Description This DataScript function is used to get the client certificate authentication mode
Events VS_DATASCRIPT_EVT_SSL_HANDSHAKE_DONE
VS_DATASCRIPT_EVT_HTTP_REQ
VS_DATASCRIPT_EVT_HTTP_REQ_DATA
Parameters None
Returns This DataScript function returns one of the following values
  • 0 indicates the client certificate authentication is either not enabled or disabled.
  • 1 indicates that the client certificate authentication is in REQUIRE mode
  • 2 indicates that the client certificate authentication is in REQUEST mode with the PKI profile
  • 3 indicates that the client certificate authentication is in REQUEST mode without PKI profile
Example

if avi.ssl.server_name() == "secure.example.com" && avi.ssl.get_client_cert_verify_mode() == 0 then
     avi.ssl.set_pki_profile(avi.CLIENT_VERIFY_REQUIRE, "pkiprofile-ca", avi.AUTHENTICATE_ONLY_ONCE)
     avi.ssl.renegotiate()
end