Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Change x509 log - now certificates are only logged once per hour.

Browse source 
Add parsing of several more types to SAN extension.

Make error messages of x509 file analyzer more useful.

Fix file ID generation.

You apparently have to be very careful which EndOfFile function of
the file analysis framework you call... otherwhise it might try
to close another file id. This took me quite a while to find.

addresses BIT-953, BIT-760, BIT-1150
This commit is contained in:
Bernhard Amann 2014-03-13 00:05:48 -07:00
parent 7eb6b5133e
commit 0d50b8b04f
10 changed files with 242 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/file_analysis/Manager.h
View file

@ -108,7 +108,7 @@ public:
* cached and passed back in to a subsequent function call in order
* to avoid costly file handle lookups (which have to go through
* the \c get_file_handle script-layer event). An empty string
* indicates the associate file is not going to be analyzed further.
* indicates the associated file is not going to be analyzed further.
*/
std::string DataIn(const u_char* data, uint64 len, analyzer::Tag tag,
Connection* conn, bool is_orig,