SSL:client_cert()

Returns the status of client-certificate-verify, whether or not it is enabled.

Syntax

SSL:client_cert();

Arguments

N/A

Events

Applicable in the following events:

• CLIENTSSL_HANDSHAKE

• SERVERSSL_HANDSHAKE

• CLIENTSSL_RENEGOTIATE

• SERVERSSL_RENEGOTIATE

Example

when CLIENTSSL_HANDSHAKE{
debug("client handshake\n")
cc=SSL:client_cert();
debug("Client cert: %s \n",cc);
}

Result:

1. If not verify certificate is not set:

   Debug output:

   client handshake

   Client cert: false

2. If enabled verify in client-ssl-profile:

   config system certificate certificate_verify
     edit "verify"
       config  group_member
         edit 2
           set ca-certificate ca6
         next
       end
     next
   end
   config load-balance client-ssl-profile
     edit "csp"
       set client-certificate-verify verify
     next
   end
   debug output:
   client handshake
   Client cert: true

Supported Version

FortiADC version 5.0.x and later.