Last Modified: Jan 23, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1
Opened: Jan 14, 2025 Severity: 3-Major
Even though TMM is not out of memory, SSL::verify_result returns 17 (X509_V_ERR_OUT_OF_MEM)
Invalid result
When SSL::verify_result is used in an irule like the following: when CLIENTSSL_CLIENTCERT { log local0. "SSL::cert 0 - [SSL::cert 0]" log local0. "SSL::verify_result - [SSL::verify_result]" } when HTTP_REQUEST { log local0. "SSL::cert 0 - [SSL::cert 0]" log local0. "SSL::verify_result - [SSL::verify_result]" } And the client does not have a certificate In this case 50 should be returned instead by SSL::verify_result The verify result will properly return 50 within the CLIENTSSL_CLIENTCERT event, but will return 17 within the HTTP_REQUEST event. If SSL::cert 0 is removed in the HTTP_REQUEST event, then verify_result will properly return 50
Avoid using SSL::verify_result in HTTP_REQUEST or do not include SSL::cert 0 in the HTTP_REQUEST
None