Re: Denying client certificates

Mon, 09 Oct 2017 00:42:07 -0700 

Hello!
acl revoked_cert ssl_c_sha1 -m bin FC481501DB98290C5E9B22530D2CA73EB36E76C5 

matches the bad certificate.

Thank you _a lot_, Lukas, for the example and for the link to the porper 
documentation section!


To summarize, to block the client I declare


  acl revoked_cert ssl_c_sha1 -m bin 
FC481501DB98290C5E9B22530D2CA73EB36E76C5

  tcp-request content reject if revoked_cert

and not


  acl revoked_cert ssl_c_sha1 -m bin 
FC481501DB98290C5E9B22530D2CA73EB36E76C5

  tcp-request session reject if revoked_cert

as I wrote before.

Thank you again

.marcoc























					Reply via email to