From e5a589dbfe5fc4392543ac3ee1e1fb1da74380d5 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Mon, 16 Sep 2013 09:14:36 -0700
Subject: [PATCH 01/18] Very basic file-analyzer for x509 certificates. Mostly
 ripped from the ssl-analyzer and the topic/bernhard/x509 branch.

Simply prints information about the encountered certificates (I have
not yet my mind up, what I will log...).

Next step: extensions...
---
 scripts/base/files/x509/__load__.bro          |   1 +
 scripts/base/files/x509/main.bro              |  14 +
 scripts/base/init-bare.bro                    |  20 ++
 scripts/base/init-default.bro                 |   2 +-
 scripts/base/protocols/ssl/__load__.bro       |   1 +
 scripts/base/protocols/ssl/files.bro          |  48 +++
 src/analyzer/protocol/ssl/ssl-analyzer.pac    |   8 +
 src/file_analysis/analyzer/CMakeLists.txt     |   1 +
 .../analyzer/x509/CMakeLists.txt              |  10 +
 src/file_analysis/analyzer/x509/Plugin.cc     |  10 +
 src/file_analysis/analyzer/x509/X509.cc       | 295 ++++++++++++++++++
 src/file_analysis/analyzer/x509/X509.h        |  38 +++
 src/file_analysis/analyzer/x509/events.bif    |   1 +
 src/file_analysis/analyzer/x509/types.bif     |   1 +
 14 files changed, 449 insertions(+), 1 deletion(-)
 create mode 100644 scripts/base/files/x509/__load__.bro
 create mode 100644 scripts/base/files/x509/main.bro
 create mode 100644 scripts/base/protocols/ssl/files.bro
 create mode 100644 src/file_analysis/analyzer/x509/CMakeLists.txt
 create mode 100644 src/file_analysis/analyzer/x509/Plugin.cc
 create mode 100644 src/file_analysis/analyzer/x509/X509.cc
 create mode 100644 src/file_analysis/analyzer/x509/X509.h
 create mode 100644 src/file_analysis/analyzer/x509/events.bif
 create mode 100644 src/file_analysis/analyzer/x509/types.bif

diff --git a/scripts/base/files/x509/__load__.bro b/scripts/base/files/x509/__load__.bro
new file mode 100644
index 0000000000..a10fe855df
--- /dev/null
+++ b/scripts/base/files/x509/__load__.bro
@@ -0,0 +1 @@
+@load ./main
diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
new file mode 100644
index 0000000000..205b8fbd25
--- /dev/null
+++ b/scripts/base/files/x509/main.bro
@@ -0,0 +1,14 @@
+
+@load base/frameworks/files
+
+module X509;
+
+export {
+	redef enum Log::ID += { LOG };
+}
+
+event x509_cert(f: fa_file, cert: X509::Certificate)
+	{
+	print cert;
+	}
+
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index fe3b84a93b..5d7914dc6b 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2721,6 +2721,26 @@ export {
 	};
 }
 
+module X509;
+export {
+	type X509::Certificate: record {
+		version: count;	##< Version number.
+		serial: string;	##< Serial number.
+		subject: string;	##< Subject.
+		issuer: string;	##< Issuer.
+		not_valid_before: time;	##< Timestamp before when certificate is not valid.
+		not_valid_after: time;	##< Timestamp after when certificate is not valid.
+		key_alg: string; ##< name of the key algorithm
+		sig_alg: string; ##< name of the signature algorithm
+		key_type: string &optional; ##< key-type, if key parseable by openssl (either rsa, dsa or ec)
+		key_length: count &optional; ##< key-length in bits  
+		exponent: string &optional; ##< exponent, if RSA-certificate
+		curve: string &optional; ##< curve, if EC-certificate
+		ca: bool &optional; ##< indicates the CA value in the X509v3 BasicConstraints extension
+		path_len: count &optional; ##< indicates the path_length value in the X509v3 BasicConstraints extension
+	};
+}
+		
 module SOCKS;
 export {
 	## This record is for a SOCKS client or server to provide either a
diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index 202f8eaaab..c0fb29f081 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -57,6 +57,6 @@
 @load base/files/hash
 @load base/files/extract
 @load base/files/unified2
-
+@load base/files/x509
 
 @load base/misc/find-checksum-offloading
diff --git a/scripts/base/protocols/ssl/__load__.bro b/scripts/base/protocols/ssl/__load__.bro
index 5a8590f234..42287fb039 100644
--- a/scripts/base/protocols/ssl/__load__.bro
+++ b/scripts/base/protocols/ssl/__load__.bro
@@ -1,5 +1,6 @@
 @load ./consts
 @load ./main
 @load ./mozilla-ca-list
+@load ./files
 
 @load-sigs ./dpd.sig
diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro
new file mode 100644
index 0000000000..7582a428ae
--- /dev/null
+++ b/scripts/base/protocols/ssl/files.bro
@@ -0,0 +1,48 @@
+@load ./main
+@load base/utils/conn-ids
+@load base/frameworks/files
+
+module SSL;
+
+export {
+	redef record Info += {
+		## An ordered vector of file unique IDs which contains
+		## all the certificates sent over the connection
+		fuids: vector of string &log &default=string_vec();
+	};
+
+	## Default file handle provider for SSL.
+	global get_file_handle: function(c: connection, is_orig: bool): string;
+
+	## Default file describer for SSL.
+	global describe_file: function(f: fa_file): string;
+}
+
+function get_file_handle(c: connection, is_orig: bool): string
+	{
+	return cat(Analyzer::ANALYZER_SMTP, c$start_time);
+	}
+
+function describe_file(f: fa_file): string
+	{
+	# This shouldn't be needed, but just in case...
+	if ( f$source != "SSL" )
+		return "";
+
+	return "";
+	}
+
+event bro_init() &priority=5
+	{
+	Files::register_protocol(Analyzer::ANALYZER_SSL, 
+	                         [$get_file_handle = SSL::get_file_handle,
+	                          $describe        = SSL::describe_file]);
+	}
+
+event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
+	{
+	if ( c?$ssl )
+		c$ssl$fuids[|c$ssl$fuids|] = f$id;
+
+	Files::add_analyzer(f, Files::ANALYZER_X509);
+	}
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 3d9564eaab..4cd7599ef7 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -10,6 +10,8 @@
 
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
+
+#include "file_analysis/Manager.h"
 %}
 
 
@@ -253,6 +255,11 @@ refine connection SSL_Conn += {
 				{
 				const bytestring& cert = (*certificates)[i];
 				const uint8* data = cert.data();
+				
+				file_mgr->DataIn(reinterpret_cast<const u_char*>(data), cert.length(), 
+						bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), false);
+				file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn());
+
 				X509* pTemp = d2i_X509_binpac(NULL, &data, cert.length());
 				if ( ! pTemp )
 					{
@@ -261,6 +268,7 @@ refine connection SSL_Conn += {
 					return false;
 					}
 
+
 				RecordVal* pX509Cert = new RecordVal(x509_type);
 				char tmp[256];
 				BIO *bio = BIO_new(BIO_s_mem());
diff --git a/src/file_analysis/analyzer/CMakeLists.txt b/src/file_analysis/analyzer/CMakeLists.txt
index 1e19b7bd11..ede63dbd1b 100644
--- a/src/file_analysis/analyzer/CMakeLists.txt
+++ b/src/file_analysis/analyzer/CMakeLists.txt
@@ -2,3 +2,4 @@ add_subdirectory(data_event)
 add_subdirectory(extract)
 add_subdirectory(hash)
 add_subdirectory(unified2)
+add_subdirectory(x509)
diff --git a/src/file_analysis/analyzer/x509/CMakeLists.txt b/src/file_analysis/analyzer/x509/CMakeLists.txt
new file mode 100644
index 0000000000..759a01b55c
--- /dev/null
+++ b/src/file_analysis/analyzer/x509/CMakeLists.txt
@@ -0,0 +1,10 @@
+
+include(BroPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
+                           ${CMAKE_CURRENT_BINARY_DIR})
+
+bro_plugin_begin(Bro X509)
+bro_plugin_cc(X509.cc Plugin.cc ../../Analyzer.cc)
+bro_plugin_bif(events.bif types.bif)
+bro_plugin_end()
diff --git a/src/file_analysis/analyzer/x509/Plugin.cc b/src/file_analysis/analyzer/x509/Plugin.cc
new file mode 100644
index 0000000000..1e76e3fdb7
--- /dev/null
+++ b/src/file_analysis/analyzer/x509/Plugin.cc
@@ -0,0 +1,10 @@
+#include "plugin/Plugin.h"
+
+#include "X509.h"
+
+BRO_PLUGIN_BEGIN(Bro, X509)
+	BRO_PLUGIN_DESCRIPTION("Parse X509 Certificate");
+	BRO_PLUGIN_FILE_ANALYZER("X509", X509);
+	BRO_PLUGIN_BIF_FILE(events);
+	BRO_PLUGIN_BIF_FILE(types);	
+BRO_PLUGIN_END
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
new file mode 100644
index 0000000000..78d746ac9b
--- /dev/null
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -0,0 +1,295 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include <string>
+
+#include "X509.h"
+#include "Event.h"
+
+#include "events.bif.h"
+#include "types.bif.h"
+
+#include "file_analysis/Manager.h"
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/asn1.h>
+#include <openssl/opensslconf.h>
+
+using namespace file_analysis;
+
+file_analysis::X509::X509(RecordVal* args, file_analysis::File* file)
+    : file_analysis::Analyzer(file_mgr->GetComponentTag("X509"), args, file)
+	{
+	cert_data.clear();
+	}
+
+bool file_analysis::X509::DeliverStream(const u_char* data, uint64 len)
+	{
+	// just add it to the data we have so far, since we cannot do anything else anyways...
+	cert_data.append(reinterpret_cast<const char*>(data), len);
+	return true;
+	}
+
+bool file_analysis::X509::Undelivered(uint64 offset, uint64 len)
+	{
+	return false;
+	}
+
+bool file_analysis::X509::EndOfFile()
+	{
+	// ok, now we can try to parse the certificate with openssl. Should
+	// be rather straightforward...
+	const unsigned char* cert_char = reinterpret_cast<const unsigned char*>(cert_data.data());
+	::X509* ssl_cert = d2i_X509(NULL, &cert_char, cert_data.size());
+	if ( !ssl_cert )
+		{
+		reporter->Error("Could not parse X509 certificate");
+		return false;
+		}
+
+	char buf[256]; // we need a buffer for some of the openssl functions
+	memset(buf, 0, 256);	
+	
+	RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate);
+	BIO *bio = BIO_new(BIO_s_mem());
+
+	pX509Cert->Assign(0, new Val((uint64) X509_get_version(ssl_cert), TYPE_COUNT));
+	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
+	int len = BIO_read(bio, &(*buf), sizeof buf);
+	pX509Cert->Assign(1, new StringVal(len, buf));
+
+	X509_NAME_print_ex(bio, X509_get_subject_name(ssl_cert), 0, XN_FLAG_RFC2253);
+	len = BIO_gets(bio, &(*buf), sizeof buf);
+	pX509Cert->Assign(2, new StringVal(len, buf));
+	X509_NAME_print_ex(bio, X509_get_issuer_name(ssl_cert), 0, XN_FLAG_RFC2253);
+	len = BIO_gets(bio, &(*buf), sizeof buf);
+	pX509Cert->Assign(3, new StringVal(len, buf));
+	BIO_free(bio);
+
+	pX509Cert->Assign(4, new Val(get_time_from_asn1(X509_get_notBefore(ssl_cert)), TYPE_TIME));
+	pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notAfter(ssl_cert)), TYPE_TIME));
+
+	// we only read 255 bytes because byte 256 is always 0.
+	// if the string is longer than 255, that will be our null-termination,
+	// otherwhise i2t does null-terminate.
+	if ( ! i2t_ASN1_OBJECT(buf, 255, ssl_cert->cert_info->key->algor->algorithm) ) 
+		buf[0] = 0;
+	pX509Cert->Assign(6, new StringVal(buf));
+
+	if ( ! i2t_ASN1_OBJECT(buf, 255, ssl_cert->sig_alg->algorithm) ) 
+		buf[0] = 0;
+	pX509Cert->Assign(7, new StringVal(buf));
+
+	// Things we can do when we have the key...
+	EVP_PKEY *pkey = X509_extract_key(ssl_cert);
+	if ( pkey != NULL ) 
+		{
+		if ( pkey->type == EVP_PKEY_DSA ) 
+			{
+			pX509Cert->Assign(8, new StringVal("dsa"));
+			}
+		else if ( pkey->type == EVP_PKEY_RSA ) 
+			{
+			pX509Cert->Assign(8, new StringVal("rsa"));
+			char *exponent = BN_bn2dec(pkey->pkey.rsa->e);
+			if ( exponent != NULL ) 
+				{
+				pX509Cert->Assign(10, new StringVal(exponent));
+				OPENSSL_free(exponent);
+				exponent = NULL;
+				}
+			}
+#ifndef OPENSSL_NO_EC
+		else if ( pkey->type == EVP_PKEY_EC )
+			{
+			pX509Cert->Assign(8, new StringVal("dsa"));
+			pX509Cert->Assign(11, key_curve(pkey));
+			}
+#endif
+
+		unsigned int length = key_length(pkey);
+		if ( length > 0 ) 
+			pX509Cert->Assign(9, new Val(length, TYPE_COUNT));
+		}
+
+	val_list* vl = new val_list();
+	vl->append(GetFile()->GetVal()->Ref());
+	vl->append(pX509Cert);
+
+	mgr.QueueEvent(x509_cert, vl);
+	
+	return false;
+	}
+
+StringVal* file_analysis::X509::key_curve(EVP_PKEY *key)
+	{
+	assert(key != NULL);
+
+#ifdef OPENSSL_NO_EC
+	// well, we do not have EC-Support...
+	return NULL;
+#else 
+	if ( key->type != EVP_PKEY_EC ) {
+		// no EC-key - no curve name
+		return NULL;
+	}
+
+	const EC_GROUP *group;
+	int nid;
+	if ( (group = EC_KEY_get0_group(key->pkey.ec)) == NULL) 
+		// I guess we could not parse this
+		return NULL;
+
+	nid = EC_GROUP_get_curve_name(group);
+	if ( nid == 0 ) 
+		// and an invalid nid...
+		return NULL;
+
+	const char * curve_name = OBJ_nid2sn(nid);
+	if ( curve_name == NULL ) 
+		return NULL;
+
+	return new StringVal(curve_name);
+#endif
+	}
+
+unsigned int file_analysis::X509::key_length(EVP_PKEY *key) 
+	{
+	assert(key != NULL);
+	unsigned int length;
+
+	switch(key->type) {
+    	case EVP_PKEY_RSA:
+      		length = BN_num_bits(key->pkey.rsa->n);
+      		break;
+    	case EVP_PKEY_DSA:
+      		length = BN_num_bits(key->pkey.dsa->p);
+      		break;
+#ifndef OPENSSL_NO_EC
+		case EVP_PKEY_EC:
+		{
+		const EC_GROUP *group;       
+		BIGNUM* ec_order;
+		ec_order = BN_new();
+		if ( !ec_order ) 
+			// could not malloc bignum?
+			return 0;
+
+		if ( (group = EC_KEY_get0_group(key->pkey.ec)) == NULL) 
+			// unknown ex-group
+			return 0;
+
+		if (!EC_GROUP_get_order(group, ec_order, NULL)) 
+			// could not get ec-group-order
+			return 0;
+
+		length = BN_num_bits(ec_order);
+		BN_free(ec_order);
+		break;
+		}
+#endif
+	default:
+		return 0; // unknown public key type
+	}
+
+	return length;
+	}
+
+double file_analysis::X509::get_time_from_asn1(const ASN1_TIME * atime)
+	{
+	time_t lResult = 0;
+
+	char lBuffer[24];
+	char * pBuffer = lBuffer;
+
+	size_t lTimeLength = atime->length;
+	char * pString = (char *) atime->data;
+
+	if ( atime->type == V_ASN1_UTCTIME )
+		{
+		if ( lTimeLength < 11 || lTimeLength > 17 )
+			return 0;
+
+		memcpy(pBuffer, pString, 10);
+		pBuffer += 10;
+		pString += 10;
+		}
+	else
+		{
+		if ( lTimeLength < 13 )
+			return 0;
+
+		memcpy(pBuffer, pString, 12);
+		pBuffer += 12;
+		pString += 12;
+		}
+
+	if ((*pString == 'Z') || (*pString == '-') || (*pString == '+'))
+		{
+		*(pBuffer++) = '0';
+		*(pBuffer++) = '0';
+		}
+	else
+		{
+		*(pBuffer++) = *(pString++);
+		*(pBuffer++) = *(pString++);
+
+		// Skip any fractional seconds...
+		if (*pString == '.')
+			{
+			pString++;
+			while ((*pString >= '0') && (*pString <= '9'))
+				pString++;
+			}
+		}
+
+	*(pBuffer++) = 'Z';
+	*(pBuffer++) = '\0';
+
+	time_t lSecondsFromUTC;
+
+	if ( *pString == 'Z' )
+		lSecondsFromUTC = 0;
+
+	else
+		{
+		if ((*pString != '+') && (pString[5] != '-'))
+			return 0;
+
+		lSecondsFromUTC = ((pString[1]-'0') * 10 + (pString[2]-'0')) * 60;
+		lSecondsFromUTC += (pString[3]-'0') * 10 + (pString[4]-'0');
+
+		if (*pString == '-')
+			lSecondsFromUTC = -lSecondsFromUTC;
+		}
+
+	tm lTime;
+	lTime.tm_sec  = ((lBuffer[10] - '0') * 10) + (lBuffer[11] - '0');
+	lTime.tm_min  = ((lBuffer[8] - '0') * 10) + (lBuffer[9] - '0');
+	lTime.tm_hour = ((lBuffer[6] - '0') * 10) + (lBuffer[7] - '0');
+	lTime.tm_mday = ((lBuffer[4] - '0') * 10) + (lBuffer[5] - '0');
+	lTime.tm_mon  = (((lBuffer[2] - '0') * 10) + (lBuffer[3] - '0')) - 1;
+	lTime.tm_year = ((lBuffer[0] - '0') * 10) + (lBuffer[1] - '0');
+
+	if ( lTime.tm_year < 50 )
+		lTime.tm_year += 100; // RFC 2459
+
+	lTime.tm_wday = 0;
+	lTime.tm_yday = 0;
+	lTime.tm_isdst = 0;  // No DST adjustment requested
+
+	lResult = mktime(&lTime);
+
+	if ( lResult )
+		{
+		if ( 0 != lTime.tm_isdst )
+			lResult -= 3600;  // mktime may adjust for DST  (OS dependent)
+
+		lResult += lSecondsFromUTC;
+		}
+	else
+		lResult = 0;
+
+	return lResult;
+}
+
diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h
new file mode 100644
index 0000000000..ce74190b69
--- /dev/null
+++ b/src/file_analysis/analyzer/x509/X509.h
@@ -0,0 +1,38 @@
+#ifndef FILE_ANALYSIS_X509_H
+#define FILE_ANALYSIS_X509_H
+
+#include <string>
+
+#include "Val.h"
+#include "../File.h"
+#include "Analyzer.h"
+
+#include <openssl/asn1.h>
+
+namespace file_analysis {
+
+class X509 : public file_analysis::Analyzer {
+public:
+	//~X509();
+
+	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
+		{ return new X509(args, file); }
+
+	virtual bool DeliverStream(const u_char* data, uint64 len);
+	virtual bool Undelivered(uint64 offset, uint64 len);	
+	virtual bool EndOfFile();
+
+protected:
+	X509(RecordVal* args, File* file);
+
+private:
+	static double get_time_from_asn1(const ASN1_TIME * atime);
+	static StringVal* key_curve(EVP_PKEY *key);
+	static unsigned int key_length(EVP_PKEY *key);
+
+	std::string cert_data;
+};
+
+}
+
+#endif
diff --git a/src/file_analysis/analyzer/x509/events.bif b/src/file_analysis/analyzer/x509/events.bif
new file mode 100644
index 0000000000..3c3049559d
--- /dev/null
+++ b/src/file_analysis/analyzer/x509/events.bif
@@ -0,0 +1 @@
+event x509_cert%(f: fa_file, cert: X509::Certificate%);
diff --git a/src/file_analysis/analyzer/x509/types.bif b/src/file_analysis/analyzer/x509/types.bif
new file mode 100644
index 0000000000..9e4fd48420
--- /dev/null
+++ b/src/file_analysis/analyzer/x509/types.bif
@@ -0,0 +1 @@
+type X509::Certificate: record;

From df552ca87d842ca66a9bd234f0feea2ac8174929 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 19 Sep 2013 14:35:11 -0700
Subject: [PATCH 02/18] parse out extension. One event for general extensions
 (just returns the openssl-parsed string-value), one event for
 basicconstraints (is a certificate a CA or not) and one event for
 subject-alternative-names (only DNS parts).

---
 scripts/base/files/x509/main.bro           |  15 ++
 scripts/base/init-bare.bro                 |  22 ++-
 src/analyzer/protocol/ssl/SSL.h            |   2 +-
 src/analyzer/protocol/ssl/events.bif       |   2 +-
 src/analyzer/protocol/ssl/ssl-analyzer.pac |  28 ----
 src/file_analysis/analyzer/x509/X509.cc    | 153 ++++++++++++++++++++-
 src/file_analysis/analyzer/x509/X509.h     |   6 +
 src/file_analysis/analyzer/x509/events.bif |   3 +
 src/file_analysis/analyzer/x509/types.bif  |   4 +
 9 files changed, 202 insertions(+), 33 deletions(-)

diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index 205b8fbd25..458a389934 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -12,3 +12,18 @@ event x509_cert(f: fa_file, cert: X509::Certificate)
 	print cert;
 	}
 
+event x509_extension(f: fa_file, ext: X509::Extension)
+{
+print ext;
+}
+
+event x509_ext_basic_constraints(f: fa_file, ext: X509::BasicConstraints)
+{
+print ext;
+}
+
+event x509_ext_subject_alternative_name(f: fa_file, ext: X509::SubjectAlternativeName) 
+{
+print ext;
+}
+
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 5d7914dc6b..c8e2e52b8a 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2736,9 +2736,27 @@ export {
 		key_length: count &optional; ##< key-length in bits  
 		exponent: string &optional; ##< exponent, if RSA-certificate
 		curve: string &optional; ##< curve, if EC-certificate
-		ca: bool &optional; ##< indicates the CA value in the X509v3 BasicConstraints extension
-		path_len: count &optional; ##< indicates the path_length value in the X509v3 BasicConstraints extension
+		#ca: bool &optional; ##< indicates the CA value in the X509v3 BasicConstraints extension
+		#path_len: count &optional; ##< indicates the path_length value in the X509v3 BasicConstraints extension
 	};
+
+	type X509::Extension: record {
+		name: string; ##< long name of extension. oid if name not known
+		short_name: string &optional; ##< short name of extension if known.
+		oid: string; ##< oid of extension
+		critical: bool; ##< true if extension is critical
+		value: string; ##< extension content parsed to string for known extensions. Raw data otherwise.
+	};
+
+	type X509::BasicConstraints: record {
+		ca: bool; ##< CA flag set?
+		path_len: count &optional;
+	};
+	
+	type X509::SubjectAlternativeName: record {
+		names: vector of string;
+	};
+
 }
 		
 module SOCKS;
diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h
index 6423d1b155..5749066780 100644
--- a/src/analyzer/protocol/ssl/SSL.h
+++ b/src/analyzer/protocol/ssl/SSL.h
@@ -28,7 +28,7 @@ public:
 		{
 		return ( ssl_client_hello || ssl_server_hello ||
 			ssl_established || ssl_extension || ssl_alert ||
-			x509_certificate || x509_extension || x509_error );
+			x509_certificate || x509_error );
 		}
 
 protected:
diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif
index 3d0c7e9d6a..b7586561fc 100644
--- a/src/analyzer/protocol/ssl/events.bif
+++ b/src/analyzer/protocol/ssl/events.bif
@@ -176,7 +176,7 @@ event x509_certificate%(c: connection, is_orig: bool, cert: X509, chain_idx: cou
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension
 ##    ssl_server_hello x509_certificate x509_error  x509_verify
-event x509_extension%(c: connection, is_orig: bool, data: string%);
+#event x509_extension%(c: connection, is_orig: bool, data: string%);
 
 ## Generated when errors occur during parsing an X509 certificate.
 ##
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 4cd7599ef7..43e2ac5c73 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -296,34 +296,6 @@ refine connection SSL_Conn += {
 							i, certificates->size(),
 							der_cert);
 
-				// Are there any X509 extensions?
-				//printf("Number of x509 extensions: %d\n", X509_get_ext_count(pTemp));
-				if ( x509_extension && X509_get_ext_count(pTemp) > 0 )
-					{
-					int num_ext = X509_get_ext_count(pTemp);
-					for ( int k = 0; k < num_ext; ++k )
-						{
-						unsigned char *pBuffer = 0;
-						int length = 0;
-
-						X509_EXTENSION* ex = X509_get_ext(pTemp, k);
-						if (ex)
-							{
-							ASN1_STRING *pString = X509_EXTENSION_get_data(ex);
-							length = ASN1_STRING_to_UTF8(&pBuffer, pString);
-							//i2t_ASN1_OBJECT(&pBuffer, length, obj)
-							// printf("extension length: %d\n", length);
-							// -1 indicates an error.
-							if ( length >= 0 )
-								{
-								StringVal* value = new StringVal(length, (char*)pBuffer);
-								BifEvent::generate_x509_extension(bro_analyzer(),
-											bro_analyzer()->Conn(), ${rec.is_orig}, value);
-								}
-							OPENSSL_free(pBuffer);
-							}
-						}
-					}
 				X509_free(pTemp);
 				}
 			}
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 78d746ac9b..3d7871be9a 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -47,6 +47,27 @@ bool file_analysis::X509::EndOfFile()
 		return false;
 		}
 
+	ParseCertificate(ssl_cert);
+
+	// after parsing the certificate - parse the extensions...
+
+	int num_ext = X509_get_ext_count(ssl_cert);
+	for ( int k = 0; k < num_ext; ++k ) 
+		{
+		X509_EXTENSION* ex = X509_get_ext(ssl_cert, k);
+		if ( !ex )
+			continue;
+
+		ParseExtension(ex);
+		}
+	
+	X509_free(ssl_cert);
+
+	return false;
+	}
+
+void file_analysis::X509::ParseCertificate(::X509* ssl_cert) 
+	{
 	char buf[256]; // we need a buffer for some of the openssl functions
 	memset(buf, 0, 256);	
 	
@@ -117,8 +138,138 @@ bool file_analysis::X509::EndOfFile()
 	vl->append(pX509Cert);
 
 	mgr.QueueEvent(x509_cert, vl);
+	}
+
+void file_analysis::X509::ParseExtension(X509_EXTENSION* ex) 
+	{
+	char name[256];
+	char oid[256];
+
+	ASN1_OBJECT* ext_asn = X509_EXTENSION_get_object(ex);
+	const char* short_name = OBJ_nid2sn(OBJ_obj2nid(ext_asn));
+
+	OBJ_obj2txt(name, 255, ext_asn, 0);
+	OBJ_obj2txt(oid, 255, ext_asn, 1);
+
+	int critical = 0;
+	if ( X509_EXTENSION_get_critical(ex) != 0 )
+		critical = 1;
+
+	BIO *bio = BIO_new(BIO_s_mem());
+	if(!X509V3_EXT_print(bio, ex, 0, 0))
+		M_ASN1_OCTET_STRING_print(bio,ex->value);
 	
-	return false;
+	BIO_flush(bio);
+	int length = BIO_pending(bio);
+	char *buffer = new char[length];
+	BIO_read(bio, (void*)buffer, length);
+	StringVal* ext_val = new StringVal(length, buffer);
+	delete(buffer);
+	BIO_free_all(bio);
+
+	RecordVal* pX509Ext = new RecordVal(BifType::Record::X509::Extension);						
+	pX509Ext->Assign(0, new StringVal(name));
+	if ( short_name and strlen(short_name) > 0 ) 
+		pX509Ext->Assign(1, new StringVal(short_name));
+	pX509Ext->Assign(2, new StringVal(oid));
+	pX509Ext->Assign(3, new Val(critical, TYPE_BOOL));
+	pX509Ext->Assign(4, ext_val);
+	
+	// send off generic extension event
+	//
+	// and then look if we have a specialized event for the extension we just
+	// parsed. And if we have it, we send the specialized event on top of the
+	// generic event that we just had. I know, that is... kind of not nice, 
+	// but I am not sure if there is a better way to do it...
+	val_list* vl = new val_list();
+	vl->append(GetFile()->GetVal()->Ref());
+	vl->append(pX509Ext);
+
+	mgr.QueueEvent(x509_extension, vl);
+
+
+	// look if we have a specialized handler for this event...
+	if ( OBJ_obj2nid(ext_asn) == NID_basic_constraints ) 
+		ParseBasicConstraints(ex);
+	else if ( OBJ_obj2nid(ext_asn) == NID_subject_alt_name )
+		ParseSAN(ex);
+
+	
+
+	}
+void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) 
+	{
+	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_basic_constraints);
+	
+	RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints);
+	BASIC_CONSTRAINTS *constr = (BASIC_CONSTRAINTS *) X509V3_EXT_d2i(ex);
+	if ( !constr ) 
+		{
+		reporter->Error("Certificate with invalid BasicConstraint");
+		}
+	else 	
+		{
+		pBasicConstraint->Assign(0, new Val(constr->ca ? 1 : 0, TYPE_BOOL));
+		if ( constr->pathlen ) {
+			pBasicConstraint->Assign(1, new Val((int32_t) ASN1_INTEGER_get(constr->pathlen), TYPE_COUNT));
+		}
+		val_list* vl = new val_list();
+		vl->append(GetFile()->GetVal()->Ref());
+		vl->append(pBasicConstraint);
+
+		mgr.QueueEvent(x509_ext_basic_constraints, vl);
+
+		}
+		
+	}
+
+void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) 
+	{
+	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_subject_alt_name);
+
+	GENERAL_NAMES *altname = (GENERAL_NAMES*)X509V3_EXT_d2i(ext);
+	if ( !altname )
+		{
+		reporter->Error("could not parse subject alternative names");
+		return;
+		}
+
+	VectorVal* names = new VectorVal(internal_type("string_vec")->AsVectorType());
+
+	int j = 0;
+	for ( int i = 0; i < sk_GENERAL_NAME_num(altname); i++ ) 
+		{
+		GENERAL_NAME *gen = sk_GENERAL_NAME_value(altname, i);
+		assert(gen);
+
+		if ( gen->type == GEN_DNS )
+			{
+			if (ASN1_STRING_type(gen->d.ia5) != V_ASN1_IA5STRING) 
+				{
+				reporter->Error("DNS-field does not contain an IA5String");
+				continue;
+				}
+			const char* name = (const char*) ASN1_STRING_data(gen->d.ia5);
+			StringVal* bs = new StringVal(name);
+			names->Assign(j, bs);
+			j++;
+			}
+		else 
+			{
+			// we should perhaps sometime parse out ip-addresses
+			reporter->Error("Subject alternative name contained non-dns fields");
+			continue;
+			}
+		}
+
+		RecordVal* pSan = new RecordVal(BifType::Record::X509::SubjectAlternativeName);
+		pSan->Assign(0, names);
+
+		val_list* vl = new val_list();
+		vl->append(GetFile()->GetVal()->Ref());
+		vl->append(pSan);
+
+		mgr.QueueEvent(x509_ext_basic_constraints, vl);
 	}
 
 StringVal* file_analysis::X509::key_curve(EVP_PKEY *key)
diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h
index ce74190b69..cc0131afac 100644
--- a/src/file_analysis/analyzer/x509/X509.h
+++ b/src/file_analysis/analyzer/x509/X509.h
@@ -7,6 +7,7 @@
 #include "../File.h"
 #include "Analyzer.h"
 
+#include <openssl/x509.h>
 #include <openssl/asn1.h>
 
 namespace file_analysis {
@@ -30,6 +31,11 @@ private:
 	static StringVal* key_curve(EVP_PKEY *key);
 	static unsigned int key_length(EVP_PKEY *key);
 
+	void ParseCertificate(::X509* ssl_cert);
+	void ParseExtension(X509_EXTENSION* ex);
+	void ParseBasicConstraints(X509_EXTENSION* ex);
+	void ParseSAN(X509_EXTENSION* ex);
+
 	std::string cert_data;
 };
 
diff --git a/src/file_analysis/analyzer/x509/events.bif b/src/file_analysis/analyzer/x509/events.bif
index 3c3049559d..148d09ec00 100644
--- a/src/file_analysis/analyzer/x509/events.bif
+++ b/src/file_analysis/analyzer/x509/events.bif
@@ -1 +1,4 @@
 event x509_cert%(f: fa_file, cert: X509::Certificate%);
+event x509_extension%(f: fa_file, ext: X509::Extension%);
+event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%);
+event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternativeName%);
diff --git a/src/file_analysis/analyzer/x509/types.bif b/src/file_analysis/analyzer/x509/types.bif
index 9e4fd48420..49a915c7fc 100644
--- a/src/file_analysis/analyzer/x509/types.bif
+++ b/src/file_analysis/analyzer/x509/types.bif
@@ -1 +1,5 @@
 type X509::Certificate: record;
+type X509::Extension: record;
+type X509::BasicConstraints: record;
+type X509::SubjectAlternativeName: record;
+

From 2b87499fd96ea28cf66f999ffd97b94f5596a7b2 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Tue, 1 Oct 2013 16:20:55 -0700
Subject: [PATCH 03/18] rip out x509 code from ssl analyzer. Note that since at
 the moment the file analyzer does not yet re-populate the info record that
 means quite a lot of information is simply not available.

---
 scripts/base/protocols/ssl/main.bro        |  43 -------
 src/analyzer/protocol/ssl/CMakeLists.txt   |   1 -
 src/analyzer/protocol/ssl/Plugin.cc        |   1 -
 src/analyzer/protocol/ssl/SSL.h            |   3 +-
 src/analyzer/protocol/ssl/events.bif       |  73 +-----------
 src/analyzer/protocol/ssl/functions.bif    | 132 ---------------------
 src/analyzer/protocol/ssl/ssl-analyzer.pac |  57 +--------
 7 files changed, 12 insertions(+), 298 deletions(-)
 delete mode 100644 src/analyzer/protocol/ssl/functions.bif

diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index 2381b356e4..1b487ef4bf 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -168,49 +168,6 @@ event ssl_server_hello(c: connection, version: count, possible_ts: time, session
 	c$ssl$cipher = cipher_desc[cipher];
 	}
 
-event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string) &priority=5
-	{
-	set_session(c);
-
-	# We aren't doing anything with client certificates yet.
-	if ( is_orig )
-		{
-		if ( chain_idx == 0 )
-			{
-			# Save the primary cert.
-			c$ssl$client_cert = der_cert;
-
-			# Also save other certificate information about the primary cert.
-			c$ssl$client_subject = cert$subject;
-			c$ssl$client_issuer_subject = cert$issuer;
-			}
-		else
-			{
-			# Otherwise, add it to the cert validation chain.
-			c$ssl$client_cert_chain[|c$ssl$client_cert_chain|] = der_cert;
-			}
-		}
-	else
-		{
-		if ( chain_idx == 0 )
-			{
-			# Save the primary cert.
-			c$ssl$cert = der_cert;
-
-			# Also save other certificate information about the primary cert.
-			c$ssl$subject = cert$subject;
-			c$ssl$issuer_subject = cert$issuer;
-			c$ssl$not_valid_before = cert$not_valid_before;
-			c$ssl$not_valid_after = cert$not_valid_after;
-			}
-		else
-			{
-			# Otherwise, add it to the cert validation chain.
-			c$ssl$cert_chain[|c$ssl$cert_chain|] = der_cert;
-			}
-		}
-	}
-
 event ssl_extension(c: connection, is_orig: bool, code: count, val: string) &priority=5
 	{
 	set_session(c);
diff --git a/src/analyzer/protocol/ssl/CMakeLists.txt b/src/analyzer/protocol/ssl/CMakeLists.txt
index f1838e5f3b..2591c5dfec 100644
--- a/src/analyzer/protocol/ssl/CMakeLists.txt
+++ b/src/analyzer/protocol/ssl/CMakeLists.txt
@@ -6,6 +6,5 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI
 bro_plugin_begin(Bro SSL)
 bro_plugin_cc(SSL.cc Plugin.cc)
 bro_plugin_bif(events.bif)
-bro_plugin_bif(functions.bif)
 bro_plugin_pac(ssl.pac ssl-analyzer.pac ssl-protocol.pac ssl-defs.pac)
 bro_plugin_end()
diff --git a/src/analyzer/protocol/ssl/Plugin.cc b/src/analyzer/protocol/ssl/Plugin.cc
index c63be864f8..c1783b357d 100644
--- a/src/analyzer/protocol/ssl/Plugin.cc
+++ b/src/analyzer/protocol/ssl/Plugin.cc
@@ -7,5 +7,4 @@ BRO_PLUGIN_BEGIN(Bro, SSL)
 	BRO_PLUGIN_DESCRIPTION("SSL analyzer");
 	BRO_PLUGIN_ANALYZER("SSL", ssl::SSL_Analyzer);
 	BRO_PLUGIN_BIF_FILE(events);
-	BRO_PLUGIN_BIF_FILE(functions);
 BRO_PLUGIN_END
diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h
index 5749066780..f674d64fed 100644
--- a/src/analyzer/protocol/ssl/SSL.h
+++ b/src/analyzer/protocol/ssl/SSL.h
@@ -27,8 +27,7 @@ public:
 	static bool Available()
 		{
 		return ( ssl_client_hello || ssl_server_hello ||
-			ssl_established || ssl_extension || ssl_alert ||
-			x509_certificate || x509_error );
+			ssl_established || ssl_extension || ssl_alert );
 		}
 
 protected:
diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif
index b7586561fc..aff5f4798c 100644
--- a/src/analyzer/protocol/ssl/events.bif
+++ b/src/analyzer/protocol/ssl/events.bif
@@ -22,7 +22,7 @@
 ##          :bro:id:`SSL::cipher_desc` table maps them to descriptive names.
 ##
 ## .. bro:see:: ssl_alert  ssl_established ssl_extension ssl_server_hello
-##    ssl_session_ticket_handshake x509_certificate x509_error x509_extension
+##    ssl_session_ticket_handshake
 event ssl_client_hello%(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set%);
 
 ## Generated for an SSL/TLS server's initial *hello* message. SSL/TLS sessions
@@ -52,7 +52,7 @@ event ssl_client_hello%(c: connection, version: count, possible_ts: time, sessio
 ##              standardized as part of the SSL/TLS protocol.
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension
-##    ssl_session_ticket_handshake x509_certificate x509_error x509_extension
+##    ssl_session_ticket_handshake
 event ssl_server_hello%(c: connection, version: count, possible_ts: time, session_id: string, cipher: count, comp_method: count%);
 
 ## Generated for SSL/TLS extensions seen in an initial handshake.  SSL/TLS
@@ -71,7 +71,7 @@ event ssl_server_hello%(c: connection, version: count, possible_ts: time, sessio
 ## val: The raw extension value that was sent in the message.
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello
-##    ssl_session_ticket_handshake x509_certificate x509_error x509_extension
+##    ssl_session_ticket_handshake
 event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%);
 
 ## Generated at the end of an SSL/TLS handshake. SSL/TLS sessions start with
@@ -86,7 +86,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%);
 ## c: The connection.
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello  ssl_extension ssl_server_hello
-##    ssl_session_ticket_handshake x509_certificate x509_error x509_extension
+##    ssl_session_ticket_handshake
 event ssl_established%(c: connection%);
 
 ## Generated for SSL/TLS alert records. SSL/TLS sessions start with an
@@ -109,7 +109,7 @@ event ssl_established%(c: connection%);
 ##       defined as part of the SSL/TLS protocol.
 ##
 ## .. bro:see::  ssl_client_hello ssl_established ssl_extension ssl_server_hello
-##    ssl_session_ticket_handshake x509_certificate x509_error x509_extension
+##    ssl_session_ticket_handshake
 event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%);
 
 ## Generated for SSL/TLS handshake messages that are a part of the
@@ -130,66 +130,5 @@ event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%);
 ## ticket: The raw ticket data.
 ##
 ## .. bro:see::  ssl_client_hello ssl_established ssl_extension ssl_server_hello
-##    x509_certificate x509_error x509_extension ssl_alert
+##    ssl_alert
 event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ticket: string%);
-
-## Generated for X509 certificates seen in SSL/TLS connections. During the
-## initial SSL/TLS handshake, certificates are exchanged in the clear. Bro
-## raises this event for each certificate seen (including both a site's primary
-## cert, and further certs sent as part of the validation chain).
-##
-## See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
-## about the X.509 format.
-##
-## c: The connection.
-##
-## is_orig: True if event is raised for originator side of the connection.
-##
-## cert: The parsed certificate.
-##
-## chain_idx: The index in the validation chain that this cert has. Index zero
-##            indicates an endpoint's primary cert, while higher indices
-##            indicate the place in the validation chain (which has length
-##            *chain_len*).
-##
-## chain_len: The total length of the validation chain that this cert is part
-##            of.
-##
-## der_cert: The complete cert encoded in `DER
-##           <http://en.wikipedia.org/wiki/Distinguished_Encoding_Rules>`__
-##           format.
-##
-## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension
-##    ssl_server_hello  x509_error x509_extension x509_verify
-event x509_certificate%(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string%);
-
-## Generated for X509 extensions seen in a certificate.
-##
-## See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
-## about the X.509 format.
-##
-## c: The connection.
-##
-## is_orig: True if event is raised for originator side of the connection.
-##
-## data: The raw data associated with the extension.
-##
-## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension
-##    ssl_server_hello x509_certificate x509_error  x509_verify
-#event x509_extension%(c: connection, is_orig: bool, data: string%);
-
-## Generated when errors occur during parsing an X509 certificate.
-##
-## See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
-## about the X.509 format.
-##
-## c: The connection.
-##
-## is_orig: True if event is raised for originator side of the connection.
-##
-## err: An error code describing what went wrong. :bro:id:`SSL::x509_errors`
-##      maps error codes to a textual description.
-##
-## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension
-##    ssl_server_hello x509_certificate  x509_extension x509_err2str x509_verify
-event x509_error%(c: connection, is_orig: bool, err: count%);
diff --git a/src/analyzer/protocol/ssl/functions.bif b/src/analyzer/protocol/ssl/functions.bif
deleted file mode 100644
index f2d4861007..0000000000
--- a/src/analyzer/protocol/ssl/functions.bif
+++ /dev/null
@@ -1,132 +0,0 @@
-
-%%{
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/x509_vfy.h>
-
-// This is the indexed map of X509 certificate stores.
-static map<Val*, X509_STORE*> x509_stores;
-
-// ### NOTE: while d2i_X509 does not take a const u_char** pointer,
-// here we assume d2i_X509 does not write to <data>, so it is safe to
-// convert data to a non-const pointer.  Could some X509 guru verify
-// this?
-
-X509* d2i_X509_(X509** px, const u_char** in, int len)
-	{
-#ifdef OPENSSL_D2I_X509_USES_CONST_CHAR
-	  return d2i_X509(px, in, len);
-#else
-	  return d2i_X509(px, (u_char**)in, len);
-#endif
-	}
-
-%%}
-
-
-## Verifies a certificate.
-##
-## der_cert: The X.509 certificate in DER format.
-##
-## cert_stack: Specifies a certificate chain to validate against, with index 0
-##             typically being the root CA. Bro uses the Mozilla root CA list
-##             by default.
-##
-## root_certs: A list of additional root certificates that extends
-##             *cert_stack*.
-##
-## Returns: A status code of the verification which can be converted into an
-##          ASCII string via :bro:id:`x509_err2str`.
-##
-## .. bro:see:: x509_err2str
-function x509_verify%(der_cert: string, cert_stack: string_vec, root_certs: table_string_of_string%): count
-	%{
-	X509_STORE* ctx = 0;
-	int i = 0;
-
-	// If this certificate store was built previously, just reuse the old one.
-	if ( x509_stores.count(root_certs) > 0 )
-		ctx = x509_stores[root_certs];
-
-	if ( ! ctx ) // lookup to see if we have this one built already!
-		{
-		ctx = X509_STORE_new();
-		TableVal* root_certs2 = root_certs->AsTableVal();
-		ListVal* idxs = root_certs2->ConvertToPureList();
-
-		// Build the validation store
-		for ( i = 0; i < idxs->Length(); ++i )
-			{
-			Val* key = idxs->Index(i);
-			StringVal *sv = root_certs2->Lookup(key)->AsStringVal();
-			const uint8* data = sv->Bytes();
-			X509* x = d2i_X509_(NULL, &data, sv->Len());
-			if ( ! x )
-				{
-				builtin_error(fmt("Root CA error: %s", ERR_error_string(ERR_peek_last_error(),NULL)));
-				return new Val((uint64) ERR_get_error(), TYPE_COUNT);
-				}
-			X509_STORE_add_cert(ctx, x);
-			}
-		delete idxs;
-
-		// Save the newly constructed certificate store into the cacheing map.
-		x509_stores[root_certs] = ctx;
-		}
-
-	const uint8 *cert_data = der_cert->Bytes();
-	X509* cert = d2i_X509_(NULL, &cert_data, der_cert->Len());
-	if ( ! cert )
-		{
-		builtin_error(fmt("Certificate error: %s", ERR_error_string(ERR_peek_last_error(),NULL)));
-		return new Val((uint64) ERR_get_error(), TYPE_COUNT);
-		}
-
-	STACK_OF(X509)* untrusted_certs = sk_X509_new_null();
-	if ( ! untrusted_certs )
-		{
-		builtin_error(fmt("Untrusted certificate stack initialization error: %s", ERR_error_string(ERR_peek_last_error(),NULL)));
-		return new Val((uint64) ERR_get_error(), TYPE_COUNT);
-		}
-
-	VectorVal *cert_stack_vec = cert_stack->AsVectorVal();
-	for ( i = 0; i < (int) cert_stack_vec->Size(); ++i )
-		{
-		StringVal *sv = cert_stack_vec->Lookup(i)->AsStringVal();
-		const uint8 *data = sv->Bytes();
-		X509* x = d2i_X509_(NULL, &data, sv->Len());
-		if ( ! x )
-			{
-			X509_free(cert);
-			sk_X509_pop_free(untrusted_certs, X509_free);
-			builtin_error(fmt("Untrusted certificate stack creation error: %s", ERR_error_string(ERR_peek_last_error(),NULL)));
-			return new Val((uint64) ERR_get_error(), TYPE_COUNT);
-			}
-		sk_X509_push(untrusted_certs, x);
-		}
-
-	X509_STORE_CTX csc;
-	X509_STORE_CTX_init(&csc, ctx, cert, untrusted_certs);
-	X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time);
-
-	int result = X509_verify_cert(&csc);
-	X509_STORE_CTX_cleanup(&csc);
-
-	if ( untrusted_certs )
-		sk_X509_pop_free(untrusted_certs, X509_free);
-	X509_free(cert);
-
-	return new Val((uint64) csc.error, TYPE_COUNT);
-	%}
-
-## Converts a certificate verification error code into an ASCII string.
-##
-## err_num: The error code.
-##
-## Returns: A string representation of *err_num*.
-##
-## .. bro:see:: x509_verify
-function x509_err2str%(err_num: count%): string
-	%{
-	return new StringVal(X509_verify_cert_error_string(err_num));
-	%}
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 43e2ac5c73..4bf1e27d64 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -8,9 +8,6 @@
 
 #include "util.h"
 
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-
 #include "file_analysis/Manager.h"
 %}
 
@@ -247,57 +244,13 @@ refine connection SSL_Conn += {
 		if ( certificates->size() == 0 )
 			return true;
 
-		if ( x509_certificate )
+		for ( unsigned int i = 0; i < certificates->size(); ++i )
 			{
-			STACK_OF(X509)* untrusted_certs = 0;
+			const bytestring& cert = (*certificates)[i];
 
-			for ( unsigned int i = 0; i < certificates->size(); ++i )
-				{
-				const bytestring& cert = (*certificates)[i];
-				const uint8* data = cert.data();
-				
-				file_mgr->DataIn(reinterpret_cast<const u_char*>(data), cert.length(), 
-						bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), false);
-				file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn());
-
-				X509* pTemp = d2i_X509_binpac(NULL, &data, cert.length());
-				if ( ! pTemp )
-					{
-					BifEvent::generate_x509_error(bro_analyzer(), bro_analyzer()->Conn(),
-					                              ${rec.is_orig}, ERR_get_error());
-					return false;
-					}
-
-
-				RecordVal* pX509Cert = new RecordVal(x509_type);
-				char tmp[256];
-				BIO *bio = BIO_new(BIO_s_mem());
-
-				pX509Cert->Assign(0, new Val((uint64) X509_get_version(pTemp), TYPE_COUNT));
-				i2a_ASN1_INTEGER(bio, X509_get_serialNumber(pTemp));
-				int len = BIO_read(bio, &(*tmp), sizeof tmp);
-				pX509Cert->Assign(1, new StringVal(len, tmp));
-
-				X509_NAME_print_ex(bio, X509_get_subject_name(pTemp), 0, XN_FLAG_RFC2253);
-				len = BIO_gets(bio, &(*tmp), sizeof tmp);
-				pX509Cert->Assign(2, new StringVal(len, tmp));
-				X509_NAME_print_ex(bio, X509_get_issuer_name(pTemp), 0, XN_FLAG_RFC2253);
-				len = BIO_gets(bio, &(*tmp), sizeof tmp);
-				pX509Cert->Assign(3, new StringVal(len, tmp));
-				BIO_free(bio);
-
-				pX509Cert->Assign(4, new Val(get_time_from_asn1(X509_get_notBefore(pTemp)), TYPE_TIME));
-				pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notAfter(pTemp)), TYPE_TIME));
-				StringVal* der_cert = new StringVal(cert.length(), (const char*) cert.data());
-
-				BifEvent::generate_x509_certificate(bro_analyzer(), bro_analyzer()->Conn(),
-							${rec.is_orig},
-							pX509Cert,
-							i, certificates->size(),
-							der_cert);
-
-				X509_free(pTemp);
-				}
+			file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()), cert.length(), 
+					bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), ${rec.is_orig});
+			file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn());
 			}
 		return true;
 		%}

From 2c7e7f962ea847259a95f04f3360775149d72702 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Tue, 8 Oct 2013 12:50:47 -0700
Subject: [PATCH 04/18] Make x509 certificates an opaque type

---
 src/SerialTypes.h                             |   1 +
 src/Type.h                                    |   1 +
 src/analyzer/protocol/ssl/ssl-analyzer.pac    |  16 ---
 src/analyzer/protocol/ssl/ssl-protocol.pac    | 100 ------------------
 .../analyzer/x509/CMakeLists.txt              |   2 +-
 src/file_analysis/analyzer/x509/Plugin.cc     |   1 +
 src/file_analysis/analyzer/x509/X509.cc       |  64 +++++++++++
 src/file_analysis/analyzer/x509/X509.h        |  44 ++++++++
 src/main.cc                                   |   2 +
 9 files changed, 114 insertions(+), 117 deletions(-)

diff --git a/src/SerialTypes.h b/src/SerialTypes.h
index 69927afb74..81ccbc030e 100644
--- a/src/SerialTypes.h
+++ b/src/SerialTypes.h
@@ -111,6 +111,7 @@ SERIAL_VAL(ENTROPY_VAL, 19)
 SERIAL_VAL(TOPK_VAL, 20)
 SERIAL_VAL(BLOOMFILTER_VAL, 21)
 SERIAL_VAL(CARDINALITY_VAL, 22)
+SERIAL_VAL(X509_VAL, 23)
 
 #define SERIAL_EXPR(name, val) SERIAL_CONST(name, val, EXPR)
 SERIAL_EXPR(EXPR, 1)
diff --git a/src/Type.h b/src/Type.h
index a6163d5152..b880eac131 100644
--- a/src/Type.h
+++ b/src/Type.h
@@ -616,6 +616,7 @@ extern OpaqueType* entropy_type;
 extern OpaqueType* cardinality_type;
 extern OpaqueType* topk_type;
 extern OpaqueType* bloomfilter_type;
+extern OpaqueType* x509_opaque_type;
 
 // Returns the BRO basic (non-parameterized) type with the given type.
 extern BroType* base_type(TypeTag tag);
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 4bf1e27d64..f9de1a12a8 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -22,8 +22,6 @@
 	};
 
 	string orig_label(bool is_orig);
-	void free_X509(void *);
-	X509* d2i_X509_binpac(X509** px, const uint8** in, int len);
 	string handshake_type_label(int type);
 	%}
 
@@ -33,20 +31,6 @@ string orig_label(bool is_orig)
 		return string(is_orig ? "originator" :"responder");
 		}
 
-	void free_X509(void* cert)
-		{
-		X509_free((X509*) cert);
-		}
-
-	X509* d2i_X509_binpac(X509** px, const uint8** in, int len)
-		{
-#ifdef OPENSSL_D2I_X509_USES_CONST_CHAR
-		return d2i_X509(px, in, len);
-#else
-		return d2i_X509(px, (u_char**) in, len);
-#endif
-		}
-
 	string handshake_type_label(int type)
 		{
 		switch ( type ) {
diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac
index b35d07f18b..4f24251a5c 100644
--- a/src/analyzer/protocol/ssl/ssl-protocol.pac
+++ b/src/analyzer/protocol/ssl/ssl-protocol.pac
@@ -22,7 +22,6 @@ type uint24 = record {
 	};
 
 	string state_label(int state_nr);
-	double get_time_from_asn1(const ASN1_TIME * atime);
 %}
 
 extern type to_int;
@@ -146,105 +145,6 @@ enum AnalyzerState {
 			return string(fmt("UNKNOWN (%d)", state_nr));
 		}
 		}
-
-
-	double get_time_from_asn1(const ASN1_TIME * atime)
-		{
-		time_t lResult = 0;
-
-		char lBuffer[24];
-		char * pBuffer = lBuffer;
-
-		size_t lTimeLength = atime->length;
-		char * pString = (char *) atime->data;
-
-		if ( atime->type == V_ASN1_UTCTIME )
-			{
-			if ( lTimeLength < 11 || lTimeLength > 17 )
-				return 0;
-
-			memcpy(pBuffer, pString, 10);
-			pBuffer += 10;
-			pString += 10;
-			}
-		else
-			{
-			if ( lTimeLength < 13 )
-				return 0;
-
-			memcpy(pBuffer, pString, 12);
-			pBuffer += 12;
-			pString += 12;
-			}
-
-		if ((*pString == 'Z') || (*pString == '-') || (*pString == '+'))
-			{
-			*(pBuffer++) = '0';
-			*(pBuffer++) = '0';
-			}
-		else
-			{
-			*(pBuffer++) = *(pString++);
-			*(pBuffer++) = *(pString++);
-
-			// Skip any fractional seconds...
-			if (*pString == '.')
-				{
-				pString++;
-				while ((*pString >= '0') && (*pString <= '9'))
-					pString++;
-				}
-			}
-
-		*(pBuffer++) = 'Z';
-		*(pBuffer++) = '\0';
-
-		time_t lSecondsFromUTC;
-
-		if ( *pString == 'Z' )
-			lSecondsFromUTC = 0;
-
-		else
-			{
-			if ((*pString != '+') && (pString[5] != '-'))
-				return 0;
-
-			lSecondsFromUTC = ((pString[1]-'0') * 10 + (pString[2]-'0')) * 60;
-			lSecondsFromUTC += (pString[3]-'0') * 10 + (pString[4]-'0');
-
-			if (*pString == '-')
-				lSecondsFromUTC = -lSecondsFromUTC;
-			}
-
-		tm lTime;
-		lTime.tm_sec  = ((lBuffer[10] - '0') * 10) + (lBuffer[11] - '0');
-		lTime.tm_min  = ((lBuffer[8] - '0') * 10) + (lBuffer[9] - '0');
-		lTime.tm_hour = ((lBuffer[6] - '0') * 10) + (lBuffer[7] - '0');
-		lTime.tm_mday = ((lBuffer[4] - '0') * 10) + (lBuffer[5] - '0');
-		lTime.tm_mon  = (((lBuffer[2] - '0') * 10) + (lBuffer[3] - '0')) - 1;
-		lTime.tm_year = ((lBuffer[0] - '0') * 10) + (lBuffer[1] - '0');
-
-		if ( lTime.tm_year < 50 )
-			lTime.tm_year += 100; // RFC 2459
-
-		lTime.tm_wday = 0;
-		lTime.tm_yday = 0;
-		lTime.tm_isdst = 0;  // No DST adjustment requested
-
-		lResult = mktime(&lTime);
-
-		if ( lResult )
-			{
-			if ( 0 != lTime.tm_isdst )
-				lResult -= 3600;  // mktime may adjust for DST  (OS dependent)
-
-			lResult += lSecondsFromUTC;
-			}
-		else
-			lResult = 0;
-
-		return lResult;
-	}
 %}
 
 ######################################################################
diff --git a/src/file_analysis/analyzer/x509/CMakeLists.txt b/src/file_analysis/analyzer/x509/CMakeLists.txt
index 759a01b55c..b07ef278f7 100644
--- a/src/file_analysis/analyzer/x509/CMakeLists.txt
+++ b/src/file_analysis/analyzer/x509/CMakeLists.txt
@@ -6,5 +6,5 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
 
 bro_plugin_begin(Bro X509)
 bro_plugin_cc(X509.cc Plugin.cc ../../Analyzer.cc)
-bro_plugin_bif(events.bif types.bif)
+bro_plugin_bif(events.bif types.bif functions.bif)
 bro_plugin_end()
diff --git a/src/file_analysis/analyzer/x509/Plugin.cc b/src/file_analysis/analyzer/x509/Plugin.cc
index 1e76e3fdb7..5b0e5779c5 100644
--- a/src/file_analysis/analyzer/x509/Plugin.cc
+++ b/src/file_analysis/analyzer/x509/Plugin.cc
@@ -7,4 +7,5 @@ BRO_PLUGIN_BEGIN(Bro, X509)
 	BRO_PLUGIN_FILE_ANALYZER("X509", X509);
 	BRO_PLUGIN_BIF_FILE(events);
 	BRO_PLUGIN_BIF_FILE(types);	
+	BRO_PLUGIN_BIF_FILE(functions);
 BRO_PLUGIN_END
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 3d7871be9a..59ab644634 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -17,6 +17,8 @@
 
 using namespace file_analysis;
 
+IMPLEMENT_SERIAL(X509Val, SER_X509_VAL);
+
 file_analysis::X509::X509(RecordVal* args, file_analysis::File* file)
     : file_analysis::Analyzer(file_mgr->GetComponentTag("X509"), args, file)
 	{
@@ -444,3 +446,65 @@ double file_analysis::X509::get_time_from_asn1(const ASN1_TIME * atime)
 	return lResult;
 }
 
+X509Val::X509Val(::X509* arg_certificate) : OpaqueVal(x509_opaque_type)
+	{
+	certificate = arg_certificate;
+	}
+
+X509Val::X509Val() : OpaqueVal(x509_opaque_type)
+	{
+	certificate = 0;
+	}
+
+X509Val::~X509Val()
+	{
+	if ( certificate )
+		X509_free(certificate);
+	}
+
+::X509* X509Val::GetCertificate() const
+	{
+	return certificate;
+	}
+
+bool X509Val::DoSerialize(SerialInfo* info) const
+	{
+	DO_SERIALIZE(SER_X509_VAL, X509Val);
+
+	unsigned char *buf = NULL;
+
+	int length = i2d_X509(certificate, &buf);
+
+	if ( length < 0 ) 
+		return false;
+
+	bool res = SERIALIZE_STR(reinterpret_cast<const char*>(buf), length);
+
+	OPENSSL_free(buf);
+	return res;
+	}
+
+bool X509Val::DoUnserialize(UnserialInfo* info)
+	{
+	DO_UNSERIALIZE(OpaqueVal)
+
+	int length;
+	unsigned char *certbuf, *opensslbuf;
+
+	if ( ! UNSERIALIZE_STR(reinterpret_cast<char **>(&certbuf), &length) )
+		return false;
+
+	opensslbuf = certbuf; // OpenSSL likes to shift pointers around. really.
+	certificate = d2i_X509(NULL, const_cast<const unsigned char**>(&opensslbuf), length);
+	delete[] certbuf;
+
+	if ( !certificate ) 
+		return false;
+
+	return true;
+	}
+
+
+
+
+
diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h
index cc0131afac..80bb68209e 100644
--- a/src/file_analysis/analyzer/x509/X509.h
+++ b/src/file_analysis/analyzer/x509/X509.h
@@ -39,6 +39,50 @@ private:
 	std::string cert_data;
 };
 
+/**
+ * This class wraps an OpenSSL X509 data structure. 
+ *
+ * We need these to be able to pass OpenSSL pointers around in Bro
+ * script-land. Otherwise, we cannot verify certificates from Bro 
+ * scriptland
+ */
+class X509Val : public OpaqueVal {
+public:
+	/**
+	 * Construct an X509Val.
+	 *
+	 * @param certificate specifies the wrapped OpenSSL certificate
+	 *
+	 * @return A newly initialized X509Val
+	 */
+	X509Val(::X509* certificate);
+
+	/**
+	 * Destructor.
+	 */
+	~X509Val();
+
+	/**
+	 * Get the wrapped X509 certificate. Please take care, that the
+	 * internal OpenSSL reference counting stays the same.
+	 *
+	 * @return The wrapped OpenSSL X509 certificate
+	 */
+	::X509* GetCertificate() const;
+
+protected:
+	/**
+	 * Construct an empty X509Val. Only used for deserialization
+	 */
+	X509Val();
+
+private:
+	::X509* certificate; // the wrapped certificate
+
+	DECLARE_SERIAL(X509Val);
+};
+
 }
 
+
 #endif
diff --git a/src/main.cc b/src/main.cc
index 313e1a40b0..ffa7a85f29 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -131,6 +131,7 @@ OpaqueType* entropy_type = 0;
 OpaqueType* cardinality_type = 0;
 OpaqueType* topk_type = 0;
 OpaqueType* bloomfilter_type = 0;
+OpaqueType* x509_opaque_type = 0;
 
 extern std::list<BroDoc*> docs_generated;
 
@@ -860,6 +861,7 @@ int main(int argc, char** argv)
 	cardinality_type = new OpaqueType("cardinality");
 	topk_type = new OpaqueType("topk");
 	bloomfilter_type = new OpaqueType("bloomfilter");
+	x509_opaque_type = new OpaqueType("x509");
 
 	// The leak-checker tends to produce some false
 	// positives (memory which had already been

From 1735e33691dad0d500f024300a0c2dfb716a3fdc Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Fri, 28 Feb 2014 02:09:06 -0800
Subject: [PATCH 05/18] Backport crash fix that made it into master with the
 x509_extension backport from here.

---
 src/file_analysis/analyzer/x509/X509.cc | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 59ab644634..c2c2a0b8bc 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -163,10 +163,13 @@ void file_analysis::X509::ParseExtension(X509_EXTENSION* ex)
 	
 	BIO_flush(bio);
 	int length = BIO_pending(bio);
-	char *buffer = new char[length];
+
+	// Use OPENSSL_malloc here. Using new or anything else can lead
+	// to interesting, hard to debug segfaults.
+	char *buffer = (char*) OPENSSL_malloc(length);
 	BIO_read(bio, (void*)buffer, length);
 	StringVal* ext_val = new StringVal(length, buffer);
-	delete(buffer);
+	OPENSSL_free(buffer);
 	BIO_free_all(bio);
 
 	RecordVal* pX509Ext = new RecordVal(BifType::Record::X509::Extension);						
@@ -189,16 +192,13 @@ void file_analysis::X509::ParseExtension(X509_EXTENSION* ex)
 
 	mgr.QueueEvent(x509_extension, vl);
 
-
 	// look if we have a specialized handler for this event...
 	if ( OBJ_obj2nid(ext_asn) == NID_basic_constraints ) 
 		ParseBasicConstraints(ex);
 	else if ( OBJ_obj2nid(ext_asn) == NID_subject_alt_name )
 		ParseSAN(ex);
-
-	
-
 	}
+
 void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) 
 	{
 	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_basic_constraints);
@@ -222,7 +222,6 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 		mgr.QueueEvent(x509_ext_basic_constraints, vl);
 
 		}
-		
 	}
 
 void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) 

From 7ba6bcff2ca20c5d57244b7e6f11a22c95520819 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Fri, 28 Feb 2014 02:43:16 -0800
Subject: [PATCH 06/18] Second try on the event interface.

Now the x509 opaque is wrapped in the certificate structure. After
pondering on it for a bit, this might not be the brightest idea.
---
 scripts/base/files/x509/main.bro           |  6 +--
 scripts/base/init-bare.bro                 | 25 +-----------
 src/NetVar.cc                              |  6 ---
 src/NetVar.h                               |  3 --
 src/file_analysis/analyzer/x509/X509.cc    | 45 ++++++++++++++--------
 src/file_analysis/analyzer/x509/X509.h     | 11 +++---
 src/file_analysis/analyzer/x509/events.bif |  6 +--
 7 files changed, 40 insertions(+), 62 deletions(-)

diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index 458a389934..d19327f07c 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -12,17 +12,17 @@ event x509_cert(f: fa_file, cert: X509::Certificate)
 	print cert;
 	}
 
-event x509_extension(f: fa_file, ext: X509::Extension)
+event x509_extension(f: fa_file, cert: X509::Certificate, ext: X509::Extension)
 {
 print ext;
 }
 
-event x509_ext_basic_constraints(f: fa_file, ext: X509::BasicConstraints)
+event x509_ext_basic_constraints(f: fa_file, cert: X509::Certificate, ext: X509::BasicConstraints)
 {
 print ext;
 }
 
-event x509_ext_subject_alternative_name(f: fa_file, ext: X509::SubjectAlternativeName) 
+event x509_ext_subject_alternative_name(f: fa_file, cert: X509::Certificate, ext: X509::SubjectAlternativeName) 
 {
 print ext;
 }
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 8573fc2876..e4c1803fcb 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2420,29 +2420,6 @@ global dns_skip_all_addl = T &redef;
 ## traffic and do not process it.  Set to 0 to turn off this functionality.
 global dns_max_queries = 5;
 
-## An X509 certificate.
-##
-## .. bro:see:: x509_certificate
-type X509: record {
-	version: count;	##< Version number.
-	serial: string;	##< Serial number.
-	subject: string;	##< Subject.
-	issuer: string;	##< Issuer.
-	not_valid_before: time;	##< Timestamp before when certificate is not valid.
-	not_valid_after: time;	##< Timestamp after when certificate is not valid.
-};
-
-## An X509 extension.
-##
-## .. bro:see:: x509_extension
-type X509_extension_info: record {
-	name: string;	##< Long name of extension; oid if name not known.
-	short_name: string &optional;	##< Short name of extension if known.
-	oid: string;	##< Oid of extension.
-	critical: bool;	##< True if extension is critical.
-	value: string;	##< Extension content parsed to string for known extensions. Raw data otherwise.
-};
-
 ## HTTP session statistics.
 ##
 ## .. bro:see:: http_stats
@@ -2767,6 +2744,7 @@ export {
 module X509;
 export {
 	type X509::Certificate: record {
+		certificate: opaque of x509; ##< OpenSSL certificate reference
 		version: count;	##< Version number.
 		serial: string;	##< Serial number.
 		subject: string;	##< Subject.
@@ -2799,7 +2777,6 @@ export {
 	type X509::SubjectAlternativeName: record {
 		names: vector of string;
 	};
-
 }
 		
 module SOCKS;
diff --git a/src/NetVar.cc b/src/NetVar.cc
index 05a4e16b47..2883adcf9f 100644
--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@@ -47,9 +47,6 @@ int tcp_max_initial_window;
 int tcp_max_above_hole_without_any_acks;
 int tcp_excessive_data_without_further_acks;
 
-RecordType* x509_type;
-RecordType* x509_extension_type;
-
 RecordType* socks_address;
 
 double non_analyzed_lifetime;
@@ -356,9 +353,6 @@ void init_net_var()
 	tcp_excessive_data_without_further_acks =
 		opt_internal_int("tcp_excessive_data_without_further_acks");
 
-	x509_type = internal_type("X509")->AsRecordType();
-	x509_extension_type = internal_type("X509_extension_info")->AsRecordType();
-
 	socks_address = internal_type("SOCKS::Address")->AsRecordType();
 
 	non_analyzed_lifetime = opt_internal_double("non_analyzed_lifetime");
diff --git a/src/NetVar.h b/src/NetVar.h
index 8ef6571313..55f3955fa4 100644
--- a/src/NetVar.h
+++ b/src/NetVar.h
@@ -50,9 +50,6 @@ extern int tcp_max_initial_window;
 extern int tcp_max_above_hole_without_any_acks;
 extern int tcp_excessive_data_without_further_acks;
 
-extern RecordType* x509_type;
-extern RecordType* x509_extension_type;
-
 extern RecordType* socks_address;
 
 extern double non_analyzed_lifetime;
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index c2c2a0b8bc..684f4f54ba 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -49,7 +49,7 @@ bool file_analysis::X509::EndOfFile()
 		return false;
 		}
 
-	ParseCertificate(ssl_cert);
+	RecordVal* cert_record = ParseCertificate(ssl_cert); // cert_record takes ownership of ssl_cert
 
 	// after parsing the certificate - parse the extensions...
 
@@ -60,37 +60,43 @@ bool file_analysis::X509::EndOfFile()
 		if ( !ex )
 			continue;
 
-		ParseExtension(ex);
+		ParseExtension(ex, cert_record);
 		}
 	
-	X509_free(ssl_cert);
+	// X509_free(ssl_cert); We do _not_ free the certificate here. It is refcounted
+	// inside the X509Val that is sent on in the cert record to scriptland.
+	//
+	// The certificate will be freed when the last X509Val is Unref'd.
+	
+	Unref(cert_record); // Unref the RecordVal that we kept around from ParseCertificate
 
 	return false;
 	}
 
-void file_analysis::X509::ParseCertificate(::X509* ssl_cert) 
+RecordVal* file_analysis::X509::ParseCertificate(::X509* ssl_cert) 
 	{
 	char buf[256]; // we need a buffer for some of the openssl functions
-	memset(buf, 0, 256);	
+	memset(buf, 0, 256);
 	
 	RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate);
 	BIO *bio = BIO_new(BIO_s_mem());
 
-	pX509Cert->Assign(0, new Val((uint64) X509_get_version(ssl_cert), TYPE_COUNT));
+	pX509Cert->Assign(0, new X509Val(ssl_cert)); // take ownership for cleanup
+	pX509Cert->Assign(1, new Val((uint64) X509_get_version(ssl_cert), TYPE_COUNT));
 	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
 	int len = BIO_read(bio, &(*buf), sizeof buf);
-	pX509Cert->Assign(1, new StringVal(len, buf));
+	pX509Cert->Assign(2, new StringVal(len, buf));
 
 	X509_NAME_print_ex(bio, X509_get_subject_name(ssl_cert), 0, XN_FLAG_RFC2253);
 	len = BIO_gets(bio, &(*buf), sizeof buf);
-	pX509Cert->Assign(2, new StringVal(len, buf));
+	pX509Cert->Assign(3, new StringVal(len, buf));
 	X509_NAME_print_ex(bio, X509_get_issuer_name(ssl_cert), 0, XN_FLAG_RFC2253);
 	len = BIO_gets(bio, &(*buf), sizeof buf);
-	pX509Cert->Assign(3, new StringVal(len, buf));
+	pX509Cert->Assign(4, new StringVal(len, buf));
 	BIO_free(bio);
 
-	pX509Cert->Assign(4, new Val(get_time_from_asn1(X509_get_notBefore(ssl_cert)), TYPE_TIME));
-	pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notAfter(ssl_cert)), TYPE_TIME));
+	pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notBefore(ssl_cert)), TYPE_TIME));
+	pX509Cert->Assign(6, new Val(get_time_from_asn1(X509_get_notAfter(ssl_cert)), TYPE_TIME));
 
 	// we only read 255 bytes because byte 256 is always 0.
 	// if the string is longer than 255, that will be our null-termination,
@@ -137,12 +143,14 @@ void file_analysis::X509::ParseCertificate(::X509* ssl_cert)
 
 	val_list* vl = new val_list();
 	vl->append(GetFile()->GetVal()->Ref());
-	vl->append(pX509Cert);
+	vl->append(pX509Cert->Ref()); // we Ref it here, because we want to keep a copy around for now...
 
 	mgr.QueueEvent(x509_cert, vl);
+
+	return pX509Cert;
 	}
 
-void file_analysis::X509::ParseExtension(X509_EXTENSION* ex) 
+void file_analysis::X509::ParseExtension(X509_EXTENSION* ex, RecordVal* r) 
 	{
 	char name[256];
 	char oid[256];
@@ -188,18 +196,19 @@ void file_analysis::X509::ParseExtension(X509_EXTENSION* ex)
 	// but I am not sure if there is a better way to do it...
 	val_list* vl = new val_list();
 	vl->append(GetFile()->GetVal()->Ref());
+	vl->append(r->Ref());
 	vl->append(pX509Ext);
 
 	mgr.QueueEvent(x509_extension, vl);
 
 	// look if we have a specialized handler for this event...
 	if ( OBJ_obj2nid(ext_asn) == NID_basic_constraints ) 
-		ParseBasicConstraints(ex);
+		ParseBasicConstraints(ex, r);
 	else if ( OBJ_obj2nid(ext_asn) == NID_subject_alt_name )
-		ParseSAN(ex);
+		ParseSAN(ex, r);
 	}
 
-void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) 
+void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r) 
 	{
 	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_basic_constraints);
 	
@@ -217,6 +226,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 		}
 		val_list* vl = new val_list();
 		vl->append(GetFile()->GetVal()->Ref());
+		vl->append(r->Ref());
 		vl->append(pBasicConstraint);
 
 		mgr.QueueEvent(x509_ext_basic_constraints, vl);
@@ -224,7 +234,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 		}
 	}
 
-void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) 
+void file_analysis::X509::ParseSAN(X509_EXTENSION* ext, RecordVal* r) 
 	{
 	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_subject_alt_name);
 
@@ -268,6 +278,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 
 		val_list* vl = new val_list();
 		vl->append(GetFile()->GetVal()->Ref());
+		vl->append(r->Ref());
 		vl->append(pSan);
 
 		mgr.QueueEvent(x509_ext_basic_constraints, vl);
diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h
index 80bb68209e..f64aa3eb58 100644
--- a/src/file_analysis/analyzer/x509/X509.h
+++ b/src/file_analysis/analyzer/x509/X509.h
@@ -31,10 +31,10 @@ private:
 	static StringVal* key_curve(EVP_PKEY *key);
 	static unsigned int key_length(EVP_PKEY *key);
 
-	void ParseCertificate(::X509* ssl_cert);
-	void ParseExtension(X509_EXTENSION* ex);
-	void ParseBasicConstraints(X509_EXTENSION* ex);
-	void ParseSAN(X509_EXTENSION* ex);
+	RecordVal* ParseCertificate(::X509* ssl_cert);
+	void ParseExtension(X509_EXTENSION* ex, RecordVal* r);
+	void ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r);
+	void ParseSAN(X509_EXTENSION* ex, RecordVal* r);
 
 	std::string cert_data;
 };
@@ -55,7 +55,7 @@ public:
 	 *
 	 * @return A newly initialized X509Val
 	 */
-	X509Val(::X509* certificate);
+	explicit X509Val(::X509* certificate);
 
 	/**
 	 * Destructor.
@@ -84,5 +84,4 @@ private:
 
 }
 
-
 #endif
diff --git a/src/file_analysis/analyzer/x509/events.bif b/src/file_analysis/analyzer/x509/events.bif
index 148d09ec00..2787746e0c 100644
--- a/src/file_analysis/analyzer/x509/events.bif
+++ b/src/file_analysis/analyzer/x509/events.bif
@@ -1,4 +1,4 @@
 event x509_cert%(f: fa_file, cert: X509::Certificate%);
-event x509_extension%(f: fa_file, ext: X509::Extension%);
-event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%);
-event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternativeName%);
+event x509_extension%(f: fa_file, cert: X509::Certificate, ext: X509::Extension%);
+event x509_ext_basic_constraints%(f: fa_file, cert: X509::Certificate, ext: X509::BasicConstraints%);
+event x509_ext_subject_alternative_name%(f: fa_file, cert: X509::Certificate, ext: X509::SubjectAlternativeName%);

From a1f2ab34ac6781d1eb1eb6ca94bb48cbc8312a4a Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Mon, 3 Mar 2014 10:49:28 -0800
Subject: [PATCH 07/18] Add verify functionality, including the ability to get
 the validated chain. This means that it is now possible to get information
 about the root-certificates that were used to secure a connection.

Intermediate commit before changing the script interface again.

addresses BIT-953, BIT-760
---
 scripts/base/files/x509/main.bro              |  11 +-
 scripts/base/init-bare.bro                    |  18 +-
 src/Type.h                                    |  13 ++
 src/file_analysis/analyzer/x509/X509.cc       |  55 +++---
 src/file_analysis/analyzer/x509/X509.h        |  11 +-
 src/file_analysis/analyzer/x509/events.bif    |   8 +-
 src/file_analysis/analyzer/x509/functions.bif | 171 ++++++++++++++++++
 src/file_analysis/analyzer/x509/types.bif     |   2 +-
 8 files changed, 249 insertions(+), 40 deletions(-)
 create mode 100644 src/file_analysis/analyzer/x509/functions.bif

diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index d19327f07c..7f7ff3064a 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -5,24 +5,27 @@ module X509;
 
 export {
 	redef enum Log::ID += { LOG };
+
+	redef record Files::Info += {
+	};
 }
 
-event x509_cert(f: fa_file, cert: X509::Certificate)
+event x509_cert(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
 	{
 	print cert;
 	}
 
-event x509_extension(f: fa_file, cert: X509::Certificate, ext: X509::Extension)
+event x509_extension(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::Extension)
 {
 print ext;
 }
 
-event x509_ext_basic_constraints(f: fa_file, cert: X509::Certificate, ext: X509::BasicConstraints)
+event x509_ext_basic_constraints(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::BasicConstraints)
 {
 print ext;
 }
 
-event x509_ext_subject_alternative_name(f: fa_file, cert: X509::Certificate, ext: X509::SubjectAlternativeName) 
+event x509_ext_subject_alternative_name(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: string_vec) 
 {
 print ext;
 }
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index e4c1803fcb..12b056a541 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -46,6 +46,13 @@ type index_vec: vector of count;
 ##    directly and then remove this alias.
 type string_vec: vector of string;
 
+## A vector of x509 opaques.
+##
+## .. todo:: We need this type definition only for declaring builtin functions
+##    via ``bifcl``. We should extend ``bifcl`` to understand composite types
+##    directly and then remove this alias.
+type x509_opaque_vector: vector of opaque of x509;
+
 ## A vector of addresses.
 ##
 ## .. todo:: We need this type definition only for declaring builtin functions
@@ -2744,7 +2751,6 @@ export {
 module X509;
 export {
 	type X509::Certificate: record {
-		certificate: opaque of x509; ##< OpenSSL certificate reference
 		version: count;	##< Version number.
 		serial: string;	##< Serial number.
 		subject: string;	##< Subject.
@@ -2774,8 +2780,14 @@ export {
 		path_len: count &optional;
 	};
 	
-	type X509::SubjectAlternativeName: record {
-		names: vector of string;
+	## Result of an X509 certificate chain verification
+	type X509::Result: record {
+		## OpenSSL result code
+		result:	count;
+		## Result as string
+		result_string: string;
+		## References to the final certificate chain, if verification successful. End-host certificate is first.
+		chain_certs: vector of opaque of x509 &optional;
 	};
 }
 		
diff --git a/src/Type.h b/src/Type.h
index 742b933ec1..323938d4c5 100644
--- a/src/Type.h
+++ b/src/Type.h
@@ -73,6 +73,7 @@ class EnumType;
 class Serializer;
 class VectorType;
 class TypeType;
+class OpaqueType;
 
 const int DOES_NOT_MATCH_INDEX = 0;
 const int MATCHES_INDEX_SCALAR = 1;
@@ -204,6 +205,18 @@ public:
 		return (VectorType*) this;
 		}
 
+	OpaqueType* AsOpaqueType()
+		{
+		CHECK_TYPE_TAG(TYPE_OPAQUE, "BroType::AsOpaqueType");
+		return (OpaqueType*) this;
+		}
+
+	const OpaqueType* AsOpaqueType() const
+		{
+		CHECK_TYPE_TAG(TYPE_OPAQUE, "BroType::AsOpaqueType");
+		return (OpaqueType*) this;
+		}
+
 	VectorType* AsVectorType()
 	        {
 		CHECK_TYPE_TAG(TYPE_VECTOR, "BroType::AsVectorType");
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 684f4f54ba..a254188585 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -49,7 +49,17 @@ bool file_analysis::X509::EndOfFile()
 		return false;
 		}
 
-	RecordVal* cert_record = ParseCertificate(ssl_cert); // cert_record takes ownership of ssl_cert
+	X509Val* cert_val = new X509Val(ssl_cert); // cert_val takes ownership of ssl_cert
+
+	RecordVal* cert_record = ParseCertificate(cert_val); // parse basic information into record
+
+	// and send	the record on to scriptland
+	val_list* vl = new val_list();
+	vl->append(GetFile()->GetVal()->Ref());
+	vl->append(cert_val->Ref());
+	vl->append(cert_record->Ref()); // we Ref it here, because we want to keep a copy around for now...
+
+	mgr.QueueEvent(x509_cert, vl);
 
 	// after parsing the certificate - parse the extensions...
 
@@ -60,7 +70,7 @@ bool file_analysis::X509::EndOfFile()
 		if ( !ex )
 			continue;
 
-		ParseExtension(ex, cert_record);
+		ParseExtension(ex, cert_record, cert_val);
 		}
 	
 	// X509_free(ssl_cert); We do _not_ free the certificate here. It is refcounted
@@ -69,34 +79,36 @@ bool file_analysis::X509::EndOfFile()
 	// The certificate will be freed when the last X509Val is Unref'd.
 	
 	Unref(cert_record); // Unref the RecordVal that we kept around from ParseCertificate
+	Unref(cert_val); // Same for cert_val
 
 	return false;
 	}
 
-RecordVal* file_analysis::X509::ParseCertificate(::X509* ssl_cert) 
+RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val) 
 	{
+	::X509* ssl_cert = cert_val->GetCertificate();
+
 	char buf[256]; // we need a buffer for some of the openssl functions
 	memset(buf, 0, 256);
 	
 	RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate);
 	BIO *bio = BIO_new(BIO_s_mem());
 
-	pX509Cert->Assign(0, new X509Val(ssl_cert)); // take ownership for cleanup
-	pX509Cert->Assign(1, new Val((uint64) X509_get_version(ssl_cert), TYPE_COUNT));
+	pX509Cert->Assign(0, new Val((uint64) X509_get_version(ssl_cert), TYPE_COUNT));
 	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
 	int len = BIO_read(bio, &(*buf), sizeof buf);
-	pX509Cert->Assign(2, new StringVal(len, buf));
+	pX509Cert->Assign(1, new StringVal(len, buf));
 
 	X509_NAME_print_ex(bio, X509_get_subject_name(ssl_cert), 0, XN_FLAG_RFC2253);
 	len = BIO_gets(bio, &(*buf), sizeof buf);
-	pX509Cert->Assign(3, new StringVal(len, buf));
+	pX509Cert->Assign(2, new StringVal(len, buf));
 	X509_NAME_print_ex(bio, X509_get_issuer_name(ssl_cert), 0, XN_FLAG_RFC2253);
 	len = BIO_gets(bio, &(*buf), sizeof buf);
-	pX509Cert->Assign(4, new StringVal(len, buf));
+	pX509Cert->Assign(3, new StringVal(len, buf));
 	BIO_free(bio);
 
-	pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notBefore(ssl_cert)), TYPE_TIME));
-	pX509Cert->Assign(6, new Val(get_time_from_asn1(X509_get_notAfter(ssl_cert)), TYPE_TIME));
+	pX509Cert->Assign(4, new Val(get_time_from_asn1(X509_get_notBefore(ssl_cert)), TYPE_TIME));
+	pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notAfter(ssl_cert)), TYPE_TIME));
 
 	// we only read 255 bytes because byte 256 is always 0.
 	// if the string is longer than 255, that will be our null-termination,
@@ -141,16 +153,11 @@ RecordVal* file_analysis::X509::ParseCertificate(::X509* ssl_cert)
 			pX509Cert->Assign(9, new Val(length, TYPE_COUNT));
 		}
 
-	val_list* vl = new val_list();
-	vl->append(GetFile()->GetVal()->Ref());
-	vl->append(pX509Cert->Ref()); // we Ref it here, because we want to keep a copy around for now...
-
-	mgr.QueueEvent(x509_cert, vl);
 
 	return pX509Cert;
 	}
 
-void file_analysis::X509::ParseExtension(X509_EXTENSION* ex, RecordVal* r) 
+void file_analysis::X509::ParseExtension(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val) 
 	{
 	char name[256];
 	char oid[256];
@@ -196,6 +203,7 @@ void file_analysis::X509::ParseExtension(X509_EXTENSION* ex, RecordVal* r)
 	// but I am not sure if there is a better way to do it...
 	val_list* vl = new val_list();
 	vl->append(GetFile()->GetVal()->Ref());
+	vl->append(cert_val->Ref());
 	vl->append(r->Ref());
 	vl->append(pX509Ext);
 
@@ -203,12 +211,12 @@ void file_analysis::X509::ParseExtension(X509_EXTENSION* ex, RecordVal* r)
 
 	// look if we have a specialized handler for this event...
 	if ( OBJ_obj2nid(ext_asn) == NID_basic_constraints ) 
-		ParseBasicConstraints(ex, r);
+		ParseBasicConstraints(ex, r, cert_val);
 	else if ( OBJ_obj2nid(ext_asn) == NID_subject_alt_name )
-		ParseSAN(ex, r);
+		ParseSAN(ex, r, cert_val);
 	}
 
-void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r) 
+void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val) 
 	{
 	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_basic_constraints);
 	
@@ -226,6 +234,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r
 		}
 		val_list* vl = new val_list();
 		vl->append(GetFile()->GetVal()->Ref());
+		vl->append(cert_val->Ref());
 		vl->append(r->Ref());
 		vl->append(pBasicConstraint);
 
@@ -234,7 +243,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r
 		}
 	}
 
-void file_analysis::X509::ParseSAN(X509_EXTENSION* ext, RecordVal* r) 
+void file_analysis::X509::ParseSAN(X509_EXTENSION* ext, RecordVal* r, X509Val* cert_val) 
 	{
 	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_subject_alt_name);
 
@@ -273,13 +282,11 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext, RecordVal* r)
 			}
 		}
 
-		RecordVal* pSan = new RecordVal(BifType::Record::X509::SubjectAlternativeName);
-		pSan->Assign(0, names);
-
 		val_list* vl = new val_list();
 		vl->append(GetFile()->GetVal()->Ref());
+		vl->append(cert_val->Ref());
 		vl->append(r->Ref());
-		vl->append(pSan);
+		vl->append(names);
 
 		mgr.QueueEvent(x509_ext_basic_constraints, vl);
 	}
diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h
index f64aa3eb58..b535ebe256 100644
--- a/src/file_analysis/analyzer/x509/X509.h
+++ b/src/file_analysis/analyzer/x509/X509.h
@@ -12,12 +12,16 @@
 
 namespace file_analysis {
 
+class X509Val;
+
 class X509 : public file_analysis::Analyzer {
 public:
 	//~X509();
 
 	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
 		{ return new X509(args, file); }
+	
+	static RecordVal* ParseCertificate(X509Val* cert_val);
 
 	virtual bool DeliverStream(const u_char* data, uint64 len);
 	virtual bool Undelivered(uint64 offset, uint64 len);	
@@ -31,10 +35,9 @@ private:
 	static StringVal* key_curve(EVP_PKEY *key);
 	static unsigned int key_length(EVP_PKEY *key);
 
-	RecordVal* ParseCertificate(::X509* ssl_cert);
-	void ParseExtension(X509_EXTENSION* ex, RecordVal* r);
-	void ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r);
-	void ParseSAN(X509_EXTENSION* ex, RecordVal* r);
+	void ParseExtension(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val);
+	void ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val);
+	void ParseSAN(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val);
 
 	std::string cert_data;
 };
diff --git a/src/file_analysis/analyzer/x509/events.bif b/src/file_analysis/analyzer/x509/events.bif
index 2787746e0c..b78f819e90 100644
--- a/src/file_analysis/analyzer/x509/events.bif
+++ b/src/file_analysis/analyzer/x509/events.bif
@@ -1,4 +1,4 @@
-event x509_cert%(f: fa_file, cert: X509::Certificate%);
-event x509_extension%(f: fa_file, cert: X509::Certificate, ext: X509::Extension%);
-event x509_ext_basic_constraints%(f: fa_file, cert: X509::Certificate, ext: X509::BasicConstraints%);
-event x509_ext_subject_alternative_name%(f: fa_file, cert: X509::Certificate, ext: X509::SubjectAlternativeName%);
+event x509_cert%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate%);
+event x509_extension%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::Extension%);
+event x509_ext_basic_constraints%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::BasicConstraints%);
+event x509_ext_subject_alternative_name%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, names: string_vec%);
diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
new file mode 100644
index 0000000000..7af8883aef
--- /dev/null
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -0,0 +1,171 @@
+%%{
+#include "file_analysis/analyzer/x509/X509.h"
+#include "types.bif.h"
+
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/x509_vfy.h>
+
+// This is the indexed map of X509 certificate stores.
+static map<Val*, X509_STORE*> x509_stores;
+
+// ### NOTE: while d2i_X509 does not take a const u_char** pointer,
+// here we assume d2i_X509 does not write to <data>, so it is safe to
+// convert data to a non-const pointer.  Could some X509 guru verify
+// this?
+
+X509* d2i_X509_(X509** px, const u_char** in, int len)
+	{
+#ifdef OPENSSL_D2I_X509_USES_CONST_CHAR
+	  return d2i_X509(px, in, len);
+#else
+	  return d2i_X509(px, (u_char**)in, len);
+#endif
+	}
+
+%%}
+
+## Parses a certificate into an X509::Certificate structure
+##
+## cert: The x509 certificicate opaque
+##
+## Returns: A X509::Certificate structure
+##
+## .. bro:see:: x509_verify
+function x509_parse%(cert: opaque of x509%): X509::Certificate
+	%{
+	assert(cert);
+	file_analysis::X509Val* h = (file_analysis::X509Val*) cert;
+	
+	return file_analysis::X509::ParseCertificate(h);
+	%}
+
+## Verifies a certificate.
+##
+## cert_val: The X.509 certificate in DER format.
+##
+## cert_stack: Specifies a certificate chain that is being used to validate
+##             the given certificate against the root store given in *root_certs*
+##
+## root_certs: A list of root certificates to validate the certificate chain
+##
+## Returns: A record of type X509::Result containing the result code of the verify
+##          operation. In case of success also returns the full certificate chain.
+##
+## .. bro:see:: x509_parse
+function x509_verify%(cert_val: opaque of x509, cert_stack: x509_opaque_vector, root_certs: table_string_of_string%): X509::Result
+	%{
+	X509_STORE* ctx = 0;
+	int i = 0;
+
+	// If this certificate store was built previously, just reuse the old one.
+	if ( x509_stores.count(root_certs) > 0 )
+		ctx = x509_stores[root_certs];
+
+	if ( ! ctx ) // lookup to see if we have this one built already!
+		{
+		ctx = X509_STORE_new();
+		TableVal* root_certs2 = root_certs->AsTableVal();
+		ListVal* idxs = root_certs2->ConvertToPureList();
+
+		// Build the validation store
+		for ( i = 0; i < idxs->Length(); ++i )
+			{
+			Val* key = idxs->Index(i);
+			StringVal *sv = root_certs2->Lookup(key)->AsStringVal();
+			const uint8* data = sv->Bytes();
+			X509* x = d2i_X509_(NULL, &data, sv->Len());
+			if ( ! x )
+				{
+				builtin_error(fmt("Root CA error: %s", ERR_error_string(ERR_peek_last_error(),NULL)));
+				return new Val((uint64) ERR_get_error(), TYPE_COUNT);
+				}
+			X509_STORE_add_cert(ctx, x);
+			}
+		delete idxs;
+
+		// Save the newly constructed certificate store into the cacheing map.
+		x509_stores[root_certs] = ctx;
+		}
+
+	assert(cert_val);
+	file_analysis::X509Val* cert_handle = (file_analysis::X509Val*) cert_val;
+
+	X509* cert = cert_handle->GetCertificate();
+	if ( ! cert )
+		{
+		builtin_error(fmt("No certificate in opaque"));
+		return new Val(-1, TYPE_COUNT);
+		}
+
+	STACK_OF(X509)* untrusted_certs = sk_X509_new_null();
+	if ( ! untrusted_certs )
+		{
+		builtin_error(fmt("Untrusted certificate stack initialization error: %s", ERR_error_string(ERR_peek_last_error(),NULL)));
+		return new Val((uint64) ERR_get_error(), TYPE_COUNT);
+		}
+
+	VectorVal *cert_stack_vec = cert_stack->AsVectorVal();
+	for ( i = 0; i < (int) cert_stack_vec->Size(); ++i )
+		{
+		Val *sv = cert_stack_vec->Lookup(i);
+		// Fixme: check type
+		X509* x = ((file_analysis::X509Val*) sv)->GetCertificate();
+		if ( ! x )
+			{
+			sk_X509_pop(untrusted_certs);
+			builtin_error(fmt("No certificate in opaque in stack"));
+			return new Val(-1, TYPE_COUNT);
+			}
+		sk_X509_push(untrusted_certs, x);
+		}
+
+	X509_STORE_CTX csc;
+	X509_STORE_CTX_init(&csc, ctx, cert, untrusted_certs);
+	X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time);
+
+	int result = X509_verify_cert(&csc);
+
+	VectorVal* chainVector = 0;
+		if ( result == 1 ) // we have a valid chain. try to get it...
+		{
+		STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(&csc); // get1 = deep copy
+
+		if (!chain) 
+			{
+			reporter->Error("Encountered valid chain that could not be resolved");
+			goto x509_verify_chainerror;
+			}
+		
+		int num_certs = sk_X509_num(chain);
+		chainVector = new VectorVal(new VectorType(base_type(TYPE_OPAQUE)));
+
+		for ( int i = 0; i < num_certs; i++ ) 
+			{
+			X509* currcert = sk_X509_value(chain, i);
+			if ( !currcert )
+				{
+				reporter->InternalError("OpenSSL returned null certificate");
+				goto x509_verify_chainerror;
+				}
+
+			chainVector->Assign(i, new file_analysis::X509Val(currcert)); // X509Val takes ownership
+			}
+		}
+
+x509_verify_chainerror:
+
+	X509_STORE_CTX_cleanup(&csc);
+
+	if ( untrusted_certs )
+		sk_X509_pop(untrusted_certs);
+
+	RecordVal* rrecord = new RecordVal(BifType::Record::X509::Result);
+
+	rrecord->Assign(0, new Val((uint64) csc.error, TYPE_COUNT));
+	rrecord->Assign(1, new StringVal(X509_verify_cert_error_string(csc.error)));
+	if ( chainVector ) 
+		rrecord->Assign(2, chainVector);
+
+	return rrecord;
+	%}
diff --git a/src/file_analysis/analyzer/x509/types.bif b/src/file_analysis/analyzer/x509/types.bif
index 49a915c7fc..6b3049883e 100644
--- a/src/file_analysis/analyzer/x509/types.bif
+++ b/src/file_analysis/analyzer/x509/types.bif
@@ -1,5 +1,5 @@
 type X509::Certificate: record;
 type X509::Extension: record;
 type X509::BasicConstraints: record;
-type X509::SubjectAlternativeName: record;
+type X509::Result: record;
 

From 110d9fbd6a79020a77b6f84b7f3289835e023c33 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Mon, 3 Mar 2014 17:07:50 -0800
Subject: [PATCH 08/18] X509 file analyzer nearly done. Verification and most
 other policy scripts work fine now.

Todo:
 * update all baselines
 * fix the circular reference to the fa_file structure I introduced :)
   Sadly this does not seem to be entirely straightforward.

addresses BIT-953, BIT-760
---
 scripts/base/files/x509/README                |  1 +
 scripts/base/files/x509/main.bro              | 77 +++++++++++----
 scripts/base/init-bare.bro                    |  4 +-
 scripts/base/init-default.bro                 |  4 +-
 scripts/base/protocols/ssl/files.bro          | 76 +++++++++++++--
 scripts/base/protocols/ssl/main.bro           | 32 +------
 .../policy/frameworks/intel/seen/__load__.bro |  3 +-
 scripts/policy/frameworks/intel/seen/ssl.bro  | 21 -----
 .../frameworks/intel/seen/where-locations.bro |  3 +-
 scripts/policy/frameworks/intel/seen/x509.bro | 16 ++++
 scripts/policy/protocols/ssl/cert-hash.bro    | 22 -----
 .../policy/protocols/ssl/expiring-certs.bro   | 22 ++---
 .../protocols/ssl/extract-certs-pem.bro       | 31 ++----
 scripts/policy/protocols/ssl/known-certs.bro  | 20 ++--
 scripts/policy/protocols/ssl/notary.bro       |  9 +-
 .../policy/protocols/ssl/validate-certs.bro   | 29 +++---
 src/file_analysis/analyzer/x509/X509.cc       | 22 ++---
 src/file_analysis/analyzer/x509/X509.h        |  6 +-
 src/file_analysis/analyzer/x509/events.bif    |  8 +-
 src/file_analysis/analyzer/x509/functions.bif | 94 +++++++++++++++----
 20 files changed, 303 insertions(+), 197 deletions(-)
 create mode 100644 scripts/base/files/x509/README
 create mode 100644 scripts/policy/frameworks/intel/seen/x509.bro
 delete mode 100644 scripts/policy/protocols/ssl/cert-hash.bro

diff --git a/scripts/base/files/x509/README b/scripts/base/files/x509/README
new file mode 100644
index 0000000000..8b50366cd2
--- /dev/null
+++ b/scripts/base/files/x509/README
@@ -0,0 +1 @@
+Support for X509 certificates with the file analysis framework.
diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index 7f7ff3064a..2238cf0c8b 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -1,32 +1,77 @@
-
 @load base/frameworks/files
+@load base/files/hash
 
 module X509;
 
 export {
 	redef enum Log::ID += { LOG };
 
-	redef record Files::Info += {
+	type Info: record {
+		## current timestamp
+		ts: time &log &default=network_time();
+
+		## file id of this certificate
+		id: string &log;
+    
+		## Basic information about the certificate
+		certificate: X509::Certificate &log;
+
+		## The opaque wrapping the certificate. Mainly used
+		## for the verify operations
+		handle: opaque of x509;
+
+		## All extensions that were encountered in the certificate
+		extensions: vector of X509::Extension &default=vector();
+
+		## Subject alternative name extension of the certificate
+		san: string_vec &optional &log;
+
+		## Basic constraints extension of the certificate
+		basic_constraints: X509::BasicConstraints &optional &log;
 	};
+
+	## Event for accessing logged records.
+	global log_x509: event(rec: Info);
 }
 
-event x509_cert(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
+event bro_init() &priority=5
 	{
-	print cert;
+	Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509]);
 	}
 
-event x509_extension(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::Extension)
-{
-print ext;
-}
+redef record fa_file += {
+	## Information about X509 certificates. This is used to keep
+	## certificate information until all events have been received.
+	x509: X509::Info &optional;
+};
 
-event x509_ext_basic_constraints(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::BasicConstraints)
-{
-print ext;
-}
+event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=5
+	{
+	f$x509 = [$id=f$id, $certificate=cert, $handle=cert_ref];
+	}
 
-event x509_ext_subject_alternative_name(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: string_vec) 
-{
-print ext;
-}
+event x509_extension(f: fa_file, ext: X509::Extension) &priority=5
+	{
+	if ( f?$x509 )
+		f$x509$extensions[|f$x509$extensions|] = ext;
+	}
 
+event x509_ext_basic_constraints(f: fa_file, ext: X509::BasicConstraints) &priority=5
+	{
+	if ( f?$x509 )
+		f$x509$basic_constraints = ext;
+	}
+
+event x509_ext_subject_alternative_name(f: fa_file, names: string_vec) &priority=5
+	{
+	if ( f?$x509 )
+		f$x509$san = names;
+	}
+
+event file_state_remove(f: fa_file)
+	{
+	if ( f?$x509 )
+		{
+		Log::write(LOG, f$x509);
+		}
+	}
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 12b056a541..f59355895d 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2765,7 +2765,7 @@ export {
 		curve: string &optional; ##< curve, if EC-certificate
 		#ca: bool &optional; ##< indicates the CA value in the X509v3 BasicConstraints extension
 		#path_len: count &optional; ##< indicates the path_length value in the X509v3 BasicConstraints extension
-	};
+	} &log;
 
 	type X509::Extension: record {
 		name: string; ##< long name of extension. oid if name not known
@@ -2778,7 +2778,7 @@ export {
 	type X509::BasicConstraints: record {
 		ca: bool; ##< CA flag set?
 		path_len: count &optional;
-	};
+	} &log;
 	
 	## Result of an X509 certificate chain verification
 	type X509::Result: record {
diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index b4dca043c0..91f1157811 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -38,6 +38,9 @@
 @load base/frameworks/sumstats
 @load base/frameworks/tunnels
 
+# needed for the SSL protocol
+@load base/files/x509
+
 @load base/protocols/conn
 @load base/protocols/dhcp
 @load base/protocols/dnp3
@@ -57,7 +60,6 @@
 @load base/files/hash
 @load base/files/extract
 @load base/files/unified2
-@load base/files/x509
 
 @load base/misc/find-checksum-offloading
 @load base/misc/find-filtered-trace
diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro
index 7582a428ae..a8e755e953 100644
--- a/scripts/base/protocols/ssl/files.bro
+++ b/scripts/base/protocols/ssl/files.bro
@@ -6,9 +6,33 @@ module SSL;
 
 export {
 	redef record Info += {
-		## An ordered vector of file unique IDs which contains
-		## all the certificates sent over the connection
-		fuids: vector of string &log &default=string_vec();
+		## Chain of certificates offered by the server to validate its
+		## complete signing chain.
+		cert_chain: vector of fa_file &optional;
+
+		## An ordered vector of all certicate file unique IDs for the
+		## certificates offered by the server.
+		cert_chain_fuids: vector of string &optional &log;
+
+		## Chain of certificates offered by the client to validate its
+		## complete signing chain.
+		client_cert_chain: vector of fa_file &optional;
+		
+		## An ordered vector of all certicate file unique IDs for the
+		## certificates offered by the client.
+		client_cert_chain_fuids: vector of string &optional &log;
+		
+		## Subject of the X.509 certificate offered by the server.
+		subject:          string           &log &optional;
+		## Subject of the signer of the X.509 certificate offered by the
+		## server.
+		issuer:   string           &log &optional;
+		
+		## Subject of the X.509 certificate offered by the client.
+		client_subject:          string           &log &optional;
+		## Subject of the signer of the X.509 certificate offered by the
+		## client.
+		client_issuer:   string           &log &optional;
 	};
 
 	## Default file handle provider for SSL.
@@ -20,7 +44,7 @@ export {
 
 function get_file_handle(c: connection, is_orig: bool): string
 	{
-	return cat(Analyzer::ANALYZER_SMTP, c$start_time);
+	return cat(Analyzer::ANALYZER_SSL, c$start_time);
 	}
 
 function describe_file(f: fa_file): string
@@ -29,6 +53,8 @@ function describe_file(f: fa_file): string
 	if ( f$source != "SSL" )
 		return "";
 
+	# Fixme!
+
 	return "";
 	}
 
@@ -41,8 +67,46 @@ event bro_init() &priority=5
 
 event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5
 	{
-	if ( c?$ssl )
-		c$ssl$fuids[|c$ssl$fuids|] = f$id;
+	if ( ! c?$ssl )
+		return;
+
+	if ( ! c$ssl?$cert_chain )
+		{
+		c$ssl$cert_chain = vector();
+		c$ssl$client_cert_chain = vector();
+		c$ssl$cert_chain_fuids = string_vec();
+		c$ssl$client_cert_chain_fuids = string_vec();
+		}	
+
+	if ( is_orig )
+		{
+		c$ssl$client_cert_chain[|c$ssl$client_cert_chain|] = f;
+		c$ssl$client_cert_chain_fuids[|c$ssl$client_cert_chain_fuids|] = f$id;
+		}
+	else
+		{
+		c$ssl$cert_chain[|c$ssl$cert_chain|] = f;
+		c$ssl$cert_chain_fuids[|c$ssl$cert_chain_fuids|] = f$id;
+		}
 
 	Files::add_analyzer(f, Files::ANALYZER_X509);
+	# always calculate hashes for certificates
+	Files::add_analyzer(f, Files::ANALYZER_MD5);
+	Files::add_analyzer(f, Files::ANALYZER_SHA1);
+	}
+
+event ssl_established(c: connection) &priority=6
+	{
+	# update subject and issuer information
+	if ( c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 )
+		{
+		c$ssl$subject = c$ssl$cert_chain[0]$x509$certificate$subject;
+		c$ssl$issuer = c$ssl$cert_chain[0]$x509$certificate$issuer;
+		}
+
+	if ( c$ssl?$client_cert_chain && |c$ssl$client_cert_chain| > 0 )
+		{
+		c$ssl$client_subject = c$ssl$client_cert_chain[0]$x509$certificate$subject;
+		c$ssl$client_issuer = c$ssl$client_cert_chain[0]$x509$certificate$issuer;
+		}
 	}
diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index be62cf419d..e803077d19 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -24,36 +24,9 @@ export {
 		server_name:      string           &log &optional;
 		## Session ID offered by the client for session resumption.
 		session_id:       string           &log &optional;
-		## Subject of the X.509 certificate offered by the server.
-		subject:          string           &log &optional;
-		## Subject of the signer of the X.509 certificate offered by the
-		## server.
-		issuer_subject:   string           &log &optional;
-		## NotValidBefore field value from the server certificate.
-		not_valid_before: time             &log &optional;
-		## NotValidAfter field value from the server certificate.
-		not_valid_after:  time             &log &optional;
 		## Last alert that was seen during the connection.
 		last_alert:       string           &log &optional;
 
-		## Subject of the X.509 certificate offered by the client.
-		client_subject:          string           &log &optional;
-		## Subject of the signer of the X.509 certificate offered by the
-		## client.
-		client_issuer_subject:   string           &log &optional;
-
-		## Full binary server certificate stored in DER format.
-		cert:             string           &optional;
-		## Chain of certificates offered by the server to validate its
-		## complete signing chain.
-		cert_chain:       vector of string &optional;
-
-		## Full binary client certificate stored in DER format.
-		client_cert:             string           &optional;
-		## Chain of certificates offered by the client to validate its
-		## complete signing chain.
-		client_cert_chain:       vector of string &optional;
-
 		## The analyzer ID used for the analyzer instance attached
 		## to each connection.  It is not used for logging since it's a
 		## meaningless arbitrary number.
@@ -108,8 +81,7 @@ event bro_init() &priority=5
 function set_session(c: connection)
 	{
 	if ( ! c?$ssl )
-		c$ssl = [$ts=network_time(), $uid=c$uid, $id=c$id, $cert_chain=vector(),
-		         $client_cert_chain=vector()];
+		c$ssl = [$ts=network_time(), $uid=c$uid, $id=c$id];
 	}
 
 function delay_log(info: Info, token: string)
@@ -185,7 +157,7 @@ event ssl_alert(c: connection, is_orig: bool, level: count, desc: count) &priori
 	c$ssl$last_alert = alert_descriptions[desc];
 	}
 
-event ssl_established(c: connection) &priority=5
+event ssl_established(c: connection) &priority=7
 	{
 	set_session(c);
 	}
diff --git a/scripts/policy/frameworks/intel/seen/__load__.bro b/scripts/policy/frameworks/intel/seen/__load__.bro
index 01034d95e2..807bf0fcb2 100644
--- a/scripts/policy/frameworks/intel/seen/__load__.bro
+++ b/scripts/policy/frameworks/intel/seen/__load__.bro
@@ -6,4 +6,5 @@
 @load ./http-url
 @load ./ssl
 @load ./smtp
-@load ./smtp-url-extraction
\ No newline at end of file
+@load ./smtp-url-extraction
+@load ./x509
diff --git a/scripts/policy/frameworks/intel/seen/ssl.bro b/scripts/policy/frameworks/intel/seen/ssl.bro
index e404c39e5b..c41dbbdbe1 100644
--- a/scripts/policy/frameworks/intel/seen/ssl.bro
+++ b/scripts/policy/frameworks/intel/seen/ssl.bro
@@ -2,27 +2,6 @@
 @load base/protocols/ssl
 @load ./where-locations
 
-event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string)
-	{
-	if ( chain_idx == 0 )
-		{
-		if ( /emailAddress=/ in cert$subject )
-			{
-			local email = sub(cert$subject, /^.*emailAddress=/, "");
-			email = sub(email, /,.*$/, "");
-			Intel::seen([$indicator=email,
-			             $indicator_type=Intel::EMAIL,
-			             $conn=c,
-			             $where=(is_orig ? SSL::IN_CLIENT_CERT : SSL::IN_SERVER_CERT)]);
-			}
-
-		Intel::seen([$indicator=sha1_hash(der_cert),
-		             $indicator_type=Intel::CERT_HASH,
-		             $conn=c,
-		             $where=(is_orig ? SSL::IN_CLIENT_CERT : SSL::IN_SERVER_CERT)]);
-		}
-	}
-
 event ssl_extension(c: connection, is_orig: bool, code: count, val: string)
 	{
 	if ( is_orig && SSL::extensions[code] == "server_name" && 
diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.bro
index 0387814ea7..b9b4325bc1 100644
--- a/scripts/policy/frameworks/intel/seen/where-locations.bro
+++ b/scripts/policy/frameworks/intel/seen/where-locations.bro
@@ -21,9 +21,8 @@ export {
 		SMTP::IN_REPLY_TO,
 		SMTP::IN_X_ORIGINATING_IP_HEADER,
 		SMTP::IN_MESSAGE,
-		SSL::IN_SERVER_CERT,
-		SSL::IN_CLIENT_CERT,
 		SSL::IN_SERVER_NAME,
 		SMTP::IN_HEADER,
+		X509::IN_CERT,
 	};
 }
diff --git a/scripts/policy/frameworks/intel/seen/x509.bro b/scripts/policy/frameworks/intel/seen/x509.bro
new file mode 100644
index 0000000000..de6c0ab495
--- /dev/null
+++ b/scripts/policy/frameworks/intel/seen/x509.bro
@@ -0,0 +1,16 @@
+@load base/frameworks/intel
+@load base/files/x509
+@load ./where-locations
+
+event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
+	{
+	if ( /emailAddress=/ in cert$subject )
+		{
+		local email = sub(cert$subject, /^.*emailAddress=/, "");
+		email = sub(email, /,.*$/, "");
+		Intel::seen([$indicator=email,
+								 $indicator_type=Intel::EMAIL,
+								 $f=f,
+								 $where=X509::IN_CERT]);
+		}
+	}
diff --git a/scripts/policy/protocols/ssl/cert-hash.bro b/scripts/policy/protocols/ssl/cert-hash.bro
deleted file mode 100644
index 32a165a946..0000000000
--- a/scripts/policy/protocols/ssl/cert-hash.bro
+++ /dev/null
@@ -1,22 +0,0 @@
-##! Calculate MD5 sums for server DER formatted certificates.
-
-@load base/protocols/ssl
-
-module SSL;
-
-export {
-	redef record Info += {
-		## MD5 sum of the raw server certificate.
-		cert_hash: string &log &optional;
-	};
-}
-
-event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string) &priority=4
-	{
-	# We aren't tracking client certificates yet and we are also only tracking
-	# the primary cert.  Watch that this came from an SSL analyzed session too.
-	if ( is_orig || chain_idx != 0 || ! c?$ssl ) 
-		return;
-
-	c$ssl$cert_hash = md5_hash(der_cert);
-	}
\ No newline at end of file
diff --git a/scripts/policy/protocols/ssl/expiring-certs.bro b/scripts/policy/protocols/ssl/expiring-certs.bro
index be6526877b..fc48ad9f2b 100644
--- a/scripts/policy/protocols/ssl/expiring-certs.bro
+++ b/scripts/policy/protocols/ssl/expiring-certs.bro
@@ -3,10 +3,7 @@
 ##! certificate.
 
 @load base/protocols/ssl
-@load base/frameworks/notice
-@load base/utils/directions-and-hosts
-
-@load protocols/ssl/cert-hash
+@load base/files/x509
 
 module SSL;
 
@@ -35,30 +32,31 @@ export {
 	const notify_when_cert_expiring_in = 30days &redef;
 }
 
-event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string) &priority=3
+event ssl_established(c: connection) &priority=3
 	{
-	# If this isn't the host cert or we aren't interested in the server, just return.
-	if ( is_orig || 
-		 chain_idx != 0 ||
-		 ! c$ssl?$cert_hash || 
+	# If there are no certificates or we are not interested in the server, just return.
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 ||
 		 ! addr_matches_host(c$id$resp_h, notify_certs_expiration) )
 		return;
+
+	local hash = c$ssl$cert_chain[0]$info$md5;
+	local cert = c$ssl$cert_chain[0]$x509$certificate;
 	
 	if ( cert$not_valid_before > network_time() )
 		NOTICE([$note=Certificate_Not_Valid_Yet,
 		        $conn=c, $suppress_for=1day,
 		        $msg=fmt("Certificate %s isn't valid until %T", cert$subject, cert$not_valid_before),
-		        $identifier=cat(c$id$resp_h, c$id$resp_p, c$ssl$cert_hash)]);
+		        $identifier=cat(c$id$resp_h, c$id$resp_p, hash)]);
 	
 	else if ( cert$not_valid_after < network_time() )
 		NOTICE([$note=Certificate_Expired,
 		        $conn=c, $suppress_for=1day,
 		        $msg=fmt("Certificate %s expired at %T", cert$subject, cert$not_valid_after),
-		        $identifier=cat(c$id$resp_h, c$id$resp_p, c$ssl$cert_hash)]);
+		        $identifier=cat(c$id$resp_h, c$id$resp_p, hash)]);
 	
 	else if ( cert$not_valid_after - notify_when_cert_expiring_in < network_time() )
 		NOTICE([$note=Certificate_Expires_Soon,
 		        $msg=fmt("Certificate %s is going to expire at %T", cert$subject, cert$not_valid_after),
 		        $conn=c, $suppress_for=1day,
-		        $identifier=cat(c$id$resp_h, c$id$resp_p, c$ssl$cert_hash)]);
+		        $identifier=cat(c$id$resp_h, c$id$resp_p, hash)]);
 	}
diff --git a/scripts/policy/protocols/ssl/extract-certs-pem.bro b/scripts/policy/protocols/ssl/extract-certs-pem.bro
index 32293ebef3..247d58fea2 100644
--- a/scripts/policy/protocols/ssl/extract-certs-pem.bro
+++ b/scripts/policy/protocols/ssl/extract-certs-pem.bro
@@ -10,8 +10,7 @@
 ##!
 
 @load base/protocols/ssl
-@load base/utils/directions-and-hosts
-@load protocols/ssl/cert-hash
+@load base/files/x509
 
 module SSL;
 
@@ -23,41 +22,31 @@ export {
 }
 
 # This is an internally maintained variable to prevent relogging of
-# certificates that have already been seen.  It is indexed on an md5 sum of
+# certificates that have already been seen.  It is indexed on an sha1 sum of
 # the certificate.
 global extracted_certs: set[string] = set() &read_expire=1hr &redef;
 
 event ssl_established(c: connection) &priority=5
 	{
-	if ( ! c$ssl?$cert )
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 )
 		return;
 
 	if ( ! addr_matches_host(c$id$resp_h, extract_certs_pem) )
 		return;
 
-	if ( c$ssl$cert_hash in extracted_certs )
+	local hash = c$ssl$cert_chain[0]$info$sha1;
+	local cert = c$ssl$cert_chain[0]$x509$handle;
+
+	if ( hash in extracted_certs )
 		# If we already extracted this cert, don't do it again.
 		return;
 
-	add extracted_certs[c$ssl$cert_hash];
+	add extracted_certs[hash];
 	local filename = Site::is_local_addr(c$id$resp_h) ? "certs-local.pem" : "certs-remote.pem";
 	local outfile = open_for_append(filename);
+	enable_raw_output(outfile);
 
-	print outfile, "-----BEGIN CERTIFICATE-----";
+	print outfile, x509_get_certificate_string(cert, T);
 
-	# Encode to base64 and format to fit 50 lines. Otherwise openssl won't like it later.
-	local lines = split_all(encode_base64(c$ssl$cert), /.{50}/);
-	local i = 1;
-	for ( line in lines )
-		{
-		if ( |lines[i]| > 0 )
-			{
-			print outfile, lines[i];
-			}
-		i+=1;
-		}
-
-	print outfile, "-----END CERTIFICATE-----";
-	print outfile, "";
 	close(outfile);
 	}
diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro
index 478074f55a..e1bf59e72d 100644
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@@ -3,7 +3,7 @@
 
 @load base/utils/directions-and-hosts
 @load base/protocols/ssl
-@load protocols/ssl/cert-hash
+@load base/files/x509
 
 module Known;
 
@@ -31,9 +31,9 @@ export {
 	const cert_tracking = LOCAL_HOSTS &redef;
 	
 	## The set of all known certificates to store for preventing duplicate 
-	## logging.  It can also be used from other scripts to 
+	## logging. It can also be used from other scripts to 
 	## inspect if a certificate has been seen in use. The string value 
-	## in the set is for storing the DER formatted certificate's MD5 hash.
+	## in the set is for storing the DER formatted certificate' SHA1 hash.
 	global certs: set[addr, string] &create_expire=1day &synchronized &redef;
 	
 	## Event that can be handled to access the loggable record as it is sent
@@ -46,16 +46,18 @@ event bro_init() &priority=5
 	Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs]);
 	}
 
-event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string) &priority=3
+event ssl_established(c: connection) &priority=3
 	{
-	# Make sure this is the server cert and we have a hash for it.
-	if ( is_orig || chain_idx != 0 || ! c$ssl?$cert_hash ) 
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| < 1 )
 		return;
-	
+
+	local hash = c$ssl$cert_chain[0]$info$sha1;
+	local cert = c$ssl$cert_chain[0]$x509$certificate;
+
 	local host = c$id$resp_h;
-	if ( [host, c$ssl$cert_hash] !in certs && addr_matches_host(host, cert_tracking) )
+	if ( [host, hash] !in certs && addr_matches_host(host, cert_tracking) )
 		{
-		add certs[host, c$ssl$cert_hash];
+		add certs[host, hash];
 		Log::write(Known::CERTS_LOG, [$ts=network_time(), $host=host,
 		                              $port_num=c$id$resp_p, $subject=cert$subject,
 		                              $issuer_subject=cert$issuer,
diff --git a/scripts/policy/protocols/ssl/notary.bro b/scripts/policy/protocols/ssl/notary.bro
index 29cd655860..424959df2f 100644
--- a/scripts/policy/protocols/ssl/notary.bro
+++ b/scripts/policy/protocols/ssl/notary.bro
@@ -16,7 +16,6 @@ export {
 }
 
 redef record SSL::Info += {
-	sha1:   string &log &optional;
 	notary: Response &log &optional;
 	};
 
@@ -38,14 +37,12 @@ function clear_waitlist(digest: string)
 		}
 	}
 
-event x509_certificate(c: connection, is_orig: bool, cert: X509,
-                       chain_idx: count, chain_len: count, der_cert: string)
+event ssl_established(c: connection) &priority=3
 	{
-	if ( is_orig || chain_idx != 0 || ! c?$ssl )
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 )
 		return;
 
-	local digest = sha1_hash(der_cert);
-	c$ssl$sha1 = digest;
+	local digest = c$ssl$cert_chain[0]$info$sha1;
 
 	if ( digest in notary_cache )
 		{
diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro
index 886c28b6ac..de22e2d30d 100644
--- a/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/scripts/policy/protocols/ssl/validate-certs.bro
@@ -2,7 +2,6 @@
 
 @load base/frameworks/notice
 @load base/protocols/ssl
-@load protocols/ssl/cert-hash
 
 module SSL;
 
@@ -19,9 +18,9 @@ export {
 		validation_status: string &log &optional;
 	};
 	
-	## MD5 hash values for recently validated certs along with the
+	## MD5 hash values for recently validated chains along with the
 	## validation status message are kept in this table to avoid constant
-	## validation every time the same certificate is seen.
+	## validation every time the same certificate chain is seen.
 	global recently_validated_certs: table[string] of string = table() 
 		&read_expire=5mins &synchronized &redef;
 }
@@ -29,18 +28,26 @@ export {
 event ssl_established(c: connection) &priority=3
 	{
 	# If there aren't any certs we can't very well do certificate validation.
-	if ( ! c$ssl?$cert || ! c$ssl?$cert_chain )
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 )
 		return;
-	
-	if ( c$ssl?$cert_hash && c$ssl$cert_hash in recently_validated_certs )
+
+	local chain_id = join_string_vec(c$ssl$cert_chain_fuids, ".");
+
+	local chain: vector of opaque of x509 = vector();
+	for ( i in c$ssl$cert_chain )
 		{
-		c$ssl$validation_status = recently_validated_certs[c$ssl$cert_hash];
+		chain[i] = c$ssl$cert_chain[i]$x509$handle;
+		}
+
+	if ( chain_id in recently_validated_certs )
+		{
+		c$ssl$validation_status = recently_validated_certs[chain_id];
 		}
 	else
 		{
-		local result = x509_verify(c$ssl$cert, c$ssl$cert_chain, root_certs);
-		c$ssl$validation_status = x509_err2str(result);
-		recently_validated_certs[c$ssl$cert_hash] = c$ssl$validation_status;
+		local result = x509_verify(chain, root_certs);
+		c$ssl$validation_status = result$result_string;
+		recently_validated_certs[chain_id] = result$result_string;
 		}
 		
 	if ( c$ssl$validation_status != "ok" )
@@ -48,7 +55,7 @@ event ssl_established(c: connection) &priority=3
 		local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status);
 		NOTICE([$note=Invalid_Server_Cert, $msg=message,
 		        $sub=c$ssl$subject, $conn=c,
-		        $identifier=cat(c$id$resp_h,c$id$resp_p,c$ssl$validation_status,c$ssl$cert_hash)]);
+		        $identifier=cat(c$id$resp_h,c$id$resp_p,c$ssl$validation_status)]);
 		}
 	}
 
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index a254188585..96e0964eff 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -59,7 +59,7 @@ bool file_analysis::X509::EndOfFile()
 	vl->append(cert_val->Ref());
 	vl->append(cert_record->Ref()); // we Ref it here, because we want to keep a copy around for now...
 
-	mgr.QueueEvent(x509_cert, vl);
+	mgr.QueueEvent(x509_certificate, vl);
 
 	// after parsing the certificate - parse the extensions...
 
@@ -70,7 +70,7 @@ bool file_analysis::X509::EndOfFile()
 		if ( !ex )
 			continue;
 
-		ParseExtension(ex, cert_record, cert_val);
+		ParseExtension(ex);
 		}
 	
 	// X509_free(ssl_cert); We do _not_ free the certificate here. It is refcounted
@@ -157,7 +157,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val)
 	return pX509Cert;
 	}
 
-void file_analysis::X509::ParseExtension(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val) 
+void file_analysis::X509::ParseExtension(X509_EXTENSION* ex) 
 	{
 	char name[256];
 	char oid[256];
@@ -203,20 +203,18 @@ void file_analysis::X509::ParseExtension(X509_EXTENSION* ex, RecordVal* r, X509V
 	// but I am not sure if there is a better way to do it...
 	val_list* vl = new val_list();
 	vl->append(GetFile()->GetVal()->Ref());
-	vl->append(cert_val->Ref());
-	vl->append(r->Ref());
 	vl->append(pX509Ext);
 
 	mgr.QueueEvent(x509_extension, vl);
 
 	// look if we have a specialized handler for this event...
 	if ( OBJ_obj2nid(ext_asn) == NID_basic_constraints ) 
-		ParseBasicConstraints(ex, r, cert_val);
+		ParseBasicConstraints(ex);
 	else if ( OBJ_obj2nid(ext_asn) == NID_subject_alt_name )
-		ParseSAN(ex, r, cert_val);
+		ParseSAN(ex);
 	}
 
-void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val) 
+void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) 
 	{
 	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_basic_constraints);
 	
@@ -234,8 +232,6 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r
 		}
 		val_list* vl = new val_list();
 		vl->append(GetFile()->GetVal()->Ref());
-		vl->append(cert_val->Ref());
-		vl->append(r->Ref());
 		vl->append(pBasicConstraint);
 
 		mgr.QueueEvent(x509_ext_basic_constraints, vl);
@@ -243,7 +239,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r
 		}
 	}
 
-void file_analysis::X509::ParseSAN(X509_EXTENSION* ext, RecordVal* r, X509Val* cert_val) 
+void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) 
 	{
 	assert(OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_subject_alt_name);
 
@@ -284,11 +280,9 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext, RecordVal* r, X509Val* c
 
 		val_list* vl = new val_list();
 		vl->append(GetFile()->GetVal()->Ref());
-		vl->append(cert_val->Ref());
-		vl->append(r->Ref());
 		vl->append(names);
 
-		mgr.QueueEvent(x509_ext_basic_constraints, vl);
+		mgr.QueueEvent(x509_ext_subject_alternative_name, vl);
 	}
 
 StringVal* file_analysis::X509::key_curve(EVP_PKEY *key)
diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h
index b535ebe256..6008383468 100644
--- a/src/file_analysis/analyzer/x509/X509.h
+++ b/src/file_analysis/analyzer/x509/X509.h
@@ -35,9 +35,9 @@ private:
 	static StringVal* key_curve(EVP_PKEY *key);
 	static unsigned int key_length(EVP_PKEY *key);
 
-	void ParseExtension(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val);
-	void ParseBasicConstraints(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val);
-	void ParseSAN(X509_EXTENSION* ex, RecordVal* r, X509Val* cert_val);
+	void ParseExtension(X509_EXTENSION* ex);
+	void ParseBasicConstraints(X509_EXTENSION* ex);
+	void ParseSAN(X509_EXTENSION* ex);
 
 	std::string cert_data;
 };
diff --git a/src/file_analysis/analyzer/x509/events.bif b/src/file_analysis/analyzer/x509/events.bif
index b78f819e90..2cfc5882a4 100644
--- a/src/file_analysis/analyzer/x509/events.bif
+++ b/src/file_analysis/analyzer/x509/events.bif
@@ -1,4 +1,4 @@
-event x509_cert%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate%);
-event x509_extension%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::Extension%);
-event x509_ext_basic_constraints%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::BasicConstraints%);
-event x509_ext_subject_alternative_name%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, names: string_vec%);
+event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate%);
+event x509_extension%(f: fa_file, ext: X509::Extension%);
+event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%);
+event x509_ext_subject_alternative_name%(f: fa_file, names: string_vec%);
diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index 7af8883aef..36c261d216 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -23,11 +23,22 @@ X509* d2i_X509_(X509** px, const u_char** in, int len)
 #endif
 	}
 
+// construct an error record
+RecordVal* x509_error_record(uint64_t num, const char* reason)
+	{
+	RecordVal* rrecord = new RecordVal(BifType::Record::X509::Result);
+
+	rrecord->Assign(0, new Val(num, TYPE_COUNT));
+	rrecord->Assign(1, new StringVal(reason));
+
+	return rrecord;
+	}
+
 %%}
 
 ## Parses a certificate into an X509::Certificate structure
 ##
-## cert: The x509 certificicate opaque
+## cert: The X509 certificicate opaque handle
 ##
 ## Returns: A X509::Certificate structure
 ##
@@ -40,12 +51,50 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate
 	return file_analysis::X509::ParseCertificate(h);
 	%}
 
+## Returns the string form of a certificate
+##
+## cert: The X509 certificate opaque handle
+##
+## pem: A boolean that specifies if the certificate is returned
+##      in pem-form (true), or as the raw ASN1 encoded binary
+##      (false).
+##
+## Returns: X509 certificate as a string
+
+function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F%): string
+	%{
+	assert(cert);
+	file_analysis::X509Val* h = (file_analysis::X509Val*) cert;
+
+	BIO *bio = BIO_new(BIO_s_mem());
+	
+	if ( pem )
+		{
+		PEM_write_bio_X509(bio, h->GetCertificate());
+		}
+	else
+		{
+		i2d_X509_bio(bio, h->GetCertificate());
+		}
+	
+	BIO_flush(bio);
+	int length = BIO_pending(bio);
+	// use OPENSS_malloc here. Otherwhise, interesting problems will happen
+	char *buffer = (char*) OPENSSL_malloc(length);
+	BIO_read(bio, (void*) buffer, length);
+	StringVal* ext_val = new StringVal(length, buffer);
+	OPENSSL_free(buffer);
+	BIO_free_all(bio);
+			
+	return ext_val;
+	%}
+
+
 ## Verifies a certificate.
 ##
-## cert_val: The X.509 certificate in DER format.
-##
-## cert_stack: Specifies a certificate chain that is being used to validate
-##             the given certificate against the root store given in *root_certs*
+## certs: Specifies a certificate chain that is being used to validate
+##        the given certificate against the root store given in *root_certs*.
+##        The host certificate has to be at index 0.
 ##
 ## root_certs: A list of root certificates to validate the certificate chain
 ##
@@ -53,10 +102,27 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate
 ##          operation. In case of success also returns the full certificate chain.
 ##
 ## .. bro:see:: x509_parse
-function x509_verify%(cert_val: opaque of x509, cert_stack: x509_opaque_vector, root_certs: table_string_of_string%): X509::Result
+function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string%): X509::Result
 	%{
 	X509_STORE* ctx = 0;
 	int i = 0;
+	
+	VectorVal *certs_vec = certs->AsVectorVal();
+	if ( certs_vec->Size() < 1 )
+		{
+		reporter->Error("No certificates given in vector");
+		return x509_error_record(-1, "no certificates");
+		}
+
+	// host certificate
+	unsigned int index = 0; // to prevent overloading to 0pointer
+	Val *sv = certs_vec->Lookup(index);
+	if ( !sv )
+		{
+		builtin_error("undefined value in certificate vector");
+		return x509_error_record(-1, "undefined value in certificate vector");
+		}
+	file_analysis::X509Val* cert_handle = (file_analysis::X509Val*) sv;	
 
 	// If this certificate store was built previously, just reuse the old one.
 	if ( x509_stores.count(root_certs) > 0 )
@@ -78,7 +144,7 @@ function x509_verify%(cert_val: opaque of x509, cert_stack: x509_opaque_vector,
 			if ( ! x )
 				{
 				builtin_error(fmt("Root CA error: %s", ERR_error_string(ERR_peek_last_error(),NULL)));
-				return new Val((uint64) ERR_get_error(), TYPE_COUNT);
+				return x509_error_record((uint64) ERR_get_error(), ERR_error_string(ERR_peek_last_error(),NULL));
 				}
 			X509_STORE_add_cert(ctx, x);
 			}
@@ -88,34 +154,30 @@ function x509_verify%(cert_val: opaque of x509, cert_stack: x509_opaque_vector,
 		x509_stores[root_certs] = ctx;
 		}
 
-	assert(cert_val);
-	file_analysis::X509Val* cert_handle = (file_analysis::X509Val*) cert_val;
-
 	X509* cert = cert_handle->GetCertificate();
 	if ( ! cert )
 		{
 		builtin_error(fmt("No certificate in opaque"));
-		return new Val(-1, TYPE_COUNT);
+		return x509_error_record(-1, "No certificate in opaque");
 		}
 
 	STACK_OF(X509)* untrusted_certs = sk_X509_new_null();
 	if ( ! untrusted_certs )
 		{
 		builtin_error(fmt("Untrusted certificate stack initialization error: %s", ERR_error_string(ERR_peek_last_error(),NULL)));
-		return new Val((uint64) ERR_get_error(), TYPE_COUNT);
+		return x509_error_record((uint64) ERR_get_error(), ERR_error_string(ERR_peek_last_error(),NULL));		
 		}
 
-	VectorVal *cert_stack_vec = cert_stack->AsVectorVal();
-	for ( i = 0; i < (int) cert_stack_vec->Size(); ++i )
+	for ( i = 1; i < (int) certs_vec->Size(); ++i ) // start at 1 - 0 is host cert
 		{
-		Val *sv = cert_stack_vec->Lookup(i);
+		Val *sv = certs_vec->Lookup(i);
 		// Fixme: check type
 		X509* x = ((file_analysis::X509Val*) sv)->GetCertificate();
 		if ( ! x )
 			{
 			sk_X509_pop(untrusted_certs);
 			builtin_error(fmt("No certificate in opaque in stack"));
-			return new Val(-1, TYPE_COUNT);
+			return x509_error_record(-1, "No certificate in opaque");
 			}
 		sk_X509_push(untrusted_certs, x);
 		}

From 7eb6b5133e803411d7c97aee02456efb55ac5f18 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Tue, 4 Mar 2014 05:29:04 -0800
Subject: [PATCH 09/18] Fix circular reference problem and a few other small
 things.

SSL::Info now holds a reference to Files::Info instead of the
fa_files record.

Everything should work now, if everyone thinks that the interface is
ok I will update the test baselines in a bit.

addresses BIT-953, BIT-760
---
 scripts/base/files/x509/main.bro              | 26 +++++++++----------
 scripts/base/protocols/ssl/files.bro          |  9 ++++---
 .../policy/protocols/ssl/expiring-certs.bro   |  2 +-
 .../protocols/ssl/extract-certs-pem.bro       |  2 +-
 scripts/policy/protocols/ssl/known-certs.bro  |  2 +-
 scripts/policy/protocols/ssl/notary.bro       |  2 +-
 scripts/test-all-policy.bro                   |  2 +-
 src/file_analysis/analyzer/x509/X509.cc       |  2 +-
 8 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index 2238cf0c8b..b20c6c715e 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -39,7 +39,7 @@ event bro_init() &priority=5
 	Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509]);
 	}
 
-redef record fa_file += {
+redef record Files::Info += {
 	## Information about X509 certificates. This is used to keep
 	## certificate information until all events have been received.
 	x509: X509::Info &optional;
@@ -47,31 +47,31 @@ redef record fa_file += {
 
 event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=5
 	{
-	f$x509 = [$id=f$id, $certificate=cert, $handle=cert_ref];
+	f$info$x509 = [$id=f$id, $certificate=cert, $handle=cert_ref];
 	}
 
 event x509_extension(f: fa_file, ext: X509::Extension) &priority=5
 	{
-	if ( f?$x509 )
-		f$x509$extensions[|f$x509$extensions|] = ext;
+	if ( f$info?$x509 )
+		f$info$x509$extensions[|f$info$x509$extensions|] = ext;
 	}
 
 event x509_ext_basic_constraints(f: fa_file, ext: X509::BasicConstraints) &priority=5
 	{
-	if ( f?$x509 )
-		f$x509$basic_constraints = ext;
+	if ( f$info?$x509 )
+		f$info$x509$basic_constraints = ext;
 	}
 
 event x509_ext_subject_alternative_name(f: fa_file, names: string_vec) &priority=5
 	{
-	if ( f?$x509 )
-		f$x509$san = names;
+	if ( f$info?$x509 )
+		f$info$x509$san = names;
 	}
 
-event file_state_remove(f: fa_file)
+event file_state_remove(f: fa_file) &priority=5
 	{
-	if ( f?$x509 )
-		{
-		Log::write(LOG, f$x509);
-		}
+	if ( ! f$info?$x509 )
+		return;
+
+	Log::write(LOG, f$info$x509);
 	}
diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro
index a8e755e953..a10a3f5f76 100644
--- a/scripts/base/protocols/ssl/files.bro
+++ b/scripts/base/protocols/ssl/files.bro
@@ -1,6 +1,7 @@
 @load ./main
 @load base/utils/conn-ids
 @load base/frameworks/files
+@load base/files/x509
 
 module SSL;
 
@@ -8,7 +9,7 @@ export {
 	redef record Info += {
 		## Chain of certificates offered by the server to validate its
 		## complete signing chain.
-		cert_chain: vector of fa_file &optional;
+		cert_chain: vector of Files::Info &optional;
 
 		## An ordered vector of all certicate file unique IDs for the
 		## certificates offered by the server.
@@ -16,7 +17,7 @@ export {
 
 		## Chain of certificates offered by the client to validate its
 		## complete signing chain.
-		client_cert_chain: vector of fa_file &optional;
+		client_cert_chain: vector of Files::Info &optional;
 		
 		## An ordered vector of all certicate file unique IDs for the
 		## certificates offered by the client.
@@ -80,12 +81,12 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 
 	if ( is_orig )
 		{
-		c$ssl$client_cert_chain[|c$ssl$client_cert_chain|] = f;
+		c$ssl$client_cert_chain[|c$ssl$client_cert_chain|] = f$info;
 		c$ssl$client_cert_chain_fuids[|c$ssl$client_cert_chain_fuids|] = f$id;
 		}
 	else
 		{
-		c$ssl$cert_chain[|c$ssl$cert_chain|] = f;
+		c$ssl$cert_chain[|c$ssl$cert_chain|] = f$info;
 		c$ssl$cert_chain_fuids[|c$ssl$cert_chain_fuids|] = f$id;
 		}
 
diff --git a/scripts/policy/protocols/ssl/expiring-certs.bro b/scripts/policy/protocols/ssl/expiring-certs.bro
index fc48ad9f2b..a76dc542f4 100644
--- a/scripts/policy/protocols/ssl/expiring-certs.bro
+++ b/scripts/policy/protocols/ssl/expiring-certs.bro
@@ -39,7 +39,7 @@ event ssl_established(c: connection) &priority=3
 		 ! addr_matches_host(c$id$resp_h, notify_certs_expiration) )
 		return;
 
-	local hash = c$ssl$cert_chain[0]$info$md5;
+	local hash = c$ssl$cert_chain[0]$md5;
 	local cert = c$ssl$cert_chain[0]$x509$certificate;
 	
 	if ( cert$not_valid_before > network_time() )
diff --git a/scripts/policy/protocols/ssl/extract-certs-pem.bro b/scripts/policy/protocols/ssl/extract-certs-pem.bro
index 247d58fea2..1cfccb6556 100644
--- a/scripts/policy/protocols/ssl/extract-certs-pem.bro
+++ b/scripts/policy/protocols/ssl/extract-certs-pem.bro
@@ -34,7 +34,7 @@ event ssl_established(c: connection) &priority=5
 	if ( ! addr_matches_host(c$id$resp_h, extract_certs_pem) )
 		return;
 
-	local hash = c$ssl$cert_chain[0]$info$sha1;
+	local hash = c$ssl$cert_chain[0]$sha1;
 	local cert = c$ssl$cert_chain[0]$x509$handle;
 
 	if ( hash in extracted_certs )
diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro
index e1bf59e72d..e0e76eb526 100644
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@@ -51,7 +51,7 @@ event ssl_established(c: connection) &priority=3
 	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| < 1 )
 		return;
 
-	local hash = c$ssl$cert_chain[0]$info$sha1;
+	local hash = c$ssl$cert_chain[0]$sha1;
 	local cert = c$ssl$cert_chain[0]$x509$certificate;
 
 	local host = c$id$resp_h;
diff --git a/scripts/policy/protocols/ssl/notary.bro b/scripts/policy/protocols/ssl/notary.bro
index 424959df2f..3646a4d43e 100644
--- a/scripts/policy/protocols/ssl/notary.bro
+++ b/scripts/policy/protocols/ssl/notary.bro
@@ -42,7 +42,7 @@ event ssl_established(c: connection) &priority=3
 	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 )
 		return;
 
-	local digest = c$ssl$cert_chain[0]$info$sha1;
+	local digest = c$ssl$cert_chain[0]$sha1;
 
 	if ( digest in notary_cache )
 		{
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index 3a0bd17614..a29d2d3030 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -26,6 +26,7 @@
 @load frameworks/intel/seen/smtp.bro
 @load frameworks/intel/seen/ssl.bro
 @load frameworks/intel/seen/where-locations.bro
+@load frameworks/intel/seen/x509.bro
 @load frameworks/files/detect-MHR.bro
 @load frameworks/files/hash-all-files.bro
 @load frameworks/packet-filter/shunt.bro
@@ -82,7 +83,6 @@
 @load protocols/ssh/geo-data.bro
 @load protocols/ssh/interesting-hostnames.bro
 @load protocols/ssh/software.bro
-@load protocols/ssl/cert-hash.bro
 @load protocols/ssl/expiring-certs.bro
 @load protocols/ssl/extract-certs-pem.bro
 @load protocols/ssl/known-certs.bro
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 96e0964eff..4109781193 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -480,7 +480,7 @@ X509Val::~X509Val()
 
 bool X509Val::DoSerialize(SerialInfo* info) const
 	{
-	DO_SERIALIZE(SER_X509_VAL, X509Val);
+	DO_SERIALIZE(SER_X509_VAL, OpaqueVal);
 
 	unsigned char *buf = NULL;
 

From 0d50b8b04ff2551ce816afaa15b94d54e8cdc910 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 13 Mar 2014 00:05:48 -0700
Subject: [PATCH 10/18] Change x509 log - now certificates are only logged once
 per hour.

Add parsing of several more types to SAN extension.

Make error messages of x509 file analyzer more useful.

Fix file ID generation.

You apparently have to be very careful which EndOfFile function of
the file analysis framework you call... otherwhise it might try
to close another file id. This took me quite a while to find.

addresses BIT-953, BIT-760, BIT-1150
---
 scripts/base/files/x509/main.bro              | 40 ++++++++--
 scripts/base/init-bare.bro                    | 18 +++--
 scripts/base/protocols/ssl/files.bro          | 79 ++++++++++++++-----
 src/analyzer/protocol/ssl/events.bif          |  6 +-
 src/analyzer/protocol/ssl/ssl-analyzer.pac    |  4 +-
 src/file_analysis/Manager.h                   |  2 +-
 src/file_analysis/analyzer/x509/X509.cc       | 79 ++++++++++++++++---
 src/file_analysis/analyzer/x509/events.bif    | 55 ++++++++++++-
 src/file_analysis/analyzer/x509/functions.bif | 12 ++-
 src/file_analysis/analyzer/x509/types.bif     |  2 +-
 10 files changed, 242 insertions(+), 55 deletions(-)

diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index b20c6c715e..8192fb9e42 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -6,12 +6,15 @@ module X509;
 export {
 	redef enum Log::ID += { LOG };
 
+	## Set that keeps track of the certificates which were logged recently.
+	global cert_hashes: set[string] &create_expire=1hrs &synchronized &redef;
+
 	type Info: record {
 		## current timestamp
-		ts: time &log &default=network_time();
+		ts: time &log;
 
-		## file id of this certificate
-		id: string &log;
+		## SHA-1 hash of this certificate
+		sha1: string &log &optional;
     
 		## Basic information about the certificate
 		certificate: X509::Certificate &log;
@@ -24,7 +27,7 @@ export {
 		extensions: vector of X509::Extension &default=vector();
 
 		## Subject alternative name extension of the certificate
-		san: string_vec &optional &log;
+		san: X509::SubjectAlternativeName &optional &log;
 
 		## Basic constraints extension of the certificate
 		basic_constraints: X509::BasicConstraints &optional &log;
@@ -45,9 +48,20 @@ redef record Files::Info += {
 	x509: X509::Info &optional;
 };
 
+# Either, this event arrives first - then info$x509 does not exist 
+# yet and this is a no-op, and the sha1 value is set in x509_certificate.
+# Or the x509_certificate event arrives first - then the hash is set here.
+event file_hash(f: fa_file, kind: string, hash: string)
+	{
+	if ( f$info?$x509 && kind == "sha1" )
+		f$info$x509$sha1 = hash;
+	}
+
 event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=5
 	{
-	f$info$x509 = [$id=f$id, $certificate=cert, $handle=cert_ref];
+	f$info$x509 = [$ts=f$info$ts, $certificate=cert, $handle=cert_ref];
+	if ( f$info?$sha1 )
+		f$info$x509$sha1 = f$info$sha1;
 	}
 
 event x509_extension(f: fa_file, ext: X509::Extension) &priority=5
@@ -62,10 +76,10 @@ event x509_ext_basic_constraints(f: fa_file, ext: X509::BasicConstraints) &prior
 		f$info$x509$basic_constraints = ext;
 	}
 
-event x509_ext_subject_alternative_name(f: fa_file, names: string_vec) &priority=5
+event x509_ext_subject_alternative_name(f: fa_file, ext: X509::SubjectAlternativeName) &priority=5
 	{
 	if ( f$info?$x509 )
-		f$info$x509$san = names;
+		f$info$x509$san = ext;
 	}
 
 event file_state_remove(f: fa_file) &priority=5
@@ -73,5 +87,17 @@ event file_state_remove(f: fa_file) &priority=5
 	if ( ! f$info?$x509 )
 		return;
 
+	if ( ! f$info$x509?$sha1 )
+		{
+		Reporter::error(fmt("Certificate without a hash value. Logging skipped. File-id: %s", f$id));
+		return;
+		}
+
+	if ( f$info$x509$sha1 in cert_hashes )
+		# we already have seen & logged this certificate
+		return;
+
+	add cert_hashes[f$info$x509$sha1];
+
 	Log::write(LOG, f$info$x509);
 	}
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index f59355895d..ad01d4ef87 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2750,7 +2750,7 @@ export {
 
 module X509;
 export {
-	type X509::Certificate: record {
+	type Certificate: record {
 		version: count;	##< Version number.
 		serial: string;	##< Serial number.
 		subject: string;	##< Subject.
@@ -2767,7 +2767,7 @@ export {
 		#path_len: count &optional; ##< indicates the path_length value in the X509v3 BasicConstraints extension
 	} &log;
 
-	type X509::Extension: record {
+	type Extension: record {
 		name: string; ##< long name of extension. oid if name not known
 		short_name: string &optional; ##< short name of extension if known.
 		oid: string; ##< oid of extension
@@ -2775,13 +2775,21 @@ export {
 		value: string; ##< extension content parsed to string for known extensions. Raw data otherwise.
 	};
 
-	type X509::BasicConstraints: record {
+	type BasicConstraints: record {
 		ca: bool; ##< CA flag set?
-		path_len: count &optional;
+		path_len: count &optional; ##< maximum path length
 	} &log;
+
+	type SubjectAlternativeName: record {
+		dns: string_vec &optional &log; ##< list of DNS entries in SAN
+		uri: string_vec &optional &log; ##< list of URI entries in SAN
+		email: string_vec &optional &log; ##< list of email entries in SAN
+		ip: addr_vec &optional &log; ##< list of IP entries in SAN
+		other_fields: bool; ##< true if the certificate contained other, not recognized or parsed name fields
+	};
 	
 	## Result of an X509 certificate chain verification
-	type X509::Result: record {
+	type Result: record {
 		## OpenSSL result code
 		result:	count;
 		## Result as string
diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro
index a10a3f5f76..18bf3c3236 100644
--- a/scripts/base/protocols/ssl/files.bro
+++ b/scripts/base/protocols/ssl/files.bro
@@ -11,29 +11,34 @@ export {
 		## complete signing chain.
 		cert_chain: vector of Files::Info &optional;
 
-		## An ordered vector of all certicate file unique IDs for the
+		## An ordered vector of all certicate sha1 hashes for the
 		## certificates offered by the server.
-		cert_chain_fuids: vector of string &optional &log;
+		cert_chain_sha1s: vector of string &optional &log;
 
 		## Chain of certificates offered by the client to validate its
 		## complete signing chain.
 		client_cert_chain: vector of Files::Info &optional;
 		
-		## An ordered vector of all certicate file unique IDs for the
+		## An ordered vector of all certicate sha1 hashes for the
 		## certificates offered by the client.
-		client_cert_chain_fuids: vector of string &optional &log;
+		client_cert_chain_sha1s: vector of string &optional &log;
 		
 		## Subject of the X.509 certificate offered by the server.
-		subject:          string           &log &optional;
+		subject: string &log &optional;
 		## Subject of the signer of the X.509 certificate offered by the
 		## server.
-		issuer:   string           &log &optional;
+		issuer: string &log &optional;
 		
 		## Subject of the X.509 certificate offered by the client.
-		client_subject:          string           &log &optional;
+		client_subject: string &log &optional;
 		## Subject of the signer of the X.509 certificate offered by the
 		## client.
-		client_issuer:   string           &log &optional;
+		client_issuer: string &log &optional;
+
+		## current number of certificates seen from either side. Used
+		## to create file handles
+		server_depth: count &default=0;
+		client_depth: count &default=0;
 	};
 
 	## Default file handle provider for SSL.
@@ -45,7 +50,22 @@ export {
 
 function get_file_handle(c: connection, is_orig: bool): string
 	{
-	return cat(Analyzer::ANALYZER_SSL, c$start_time);
+	set_session(c);
+
+	local depth: count;
+
+	if ( is_orig )
+		{
+		depth = c$ssl$client_depth;
+		++c$ssl$client_depth;
+		}
+	else
+		{
+		depth = c$ssl$server_depth;
+		++c$ssl$server_depth;
+		}
+
+	return cat(Analyzer::ANALYZER_SSL, c$start_time, is_orig, id_string(c$id), depth);
 	}
 
 function describe_file(f: fa_file): string
@@ -54,7 +74,19 @@ function describe_file(f: fa_file): string
 	if ( f$source != "SSL" )
 		return "";
 
-	# Fixme!
+	# It is difficult to reliably describe a certificate - especially since
+	# we do not know when this function is called (hence, if the data structures
+	# are already populated).
+	#
+	# Just return a bit of our connection information and hope that that is good enough.
+	for ( cid in f$conns )
+		{
+		if ( f$conns[cid]?$ssl )
+			{
+			local c = f$conns[cid];
+			return cat(c$id$resp_h, ":", c$id$resp_p);
+			}
+		}
 
 	return "";
 	}
@@ -75,30 +107,22 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 		{
 		c$ssl$cert_chain = vector();
 		c$ssl$client_cert_chain = vector();
-		c$ssl$cert_chain_fuids = string_vec();
-		c$ssl$client_cert_chain_fuids = string_vec();
 		}	
 
 	if ( is_orig )
-		{
 		c$ssl$client_cert_chain[|c$ssl$client_cert_chain|] = f$info;
-		c$ssl$client_cert_chain_fuids[|c$ssl$client_cert_chain_fuids|] = f$id;
-		}
 	else
-		{
 		c$ssl$cert_chain[|c$ssl$cert_chain|] = f$info;
-		c$ssl$cert_chain_fuids[|c$ssl$cert_chain_fuids|] = f$id;
-		}
 
 	Files::add_analyzer(f, Files::ANALYZER_X509);
-	# always calculate hashes for certificates
+	# always calculate hashes. SHA1 is always required for certificates.
 	Files::add_analyzer(f, Files::ANALYZER_MD5);
 	Files::add_analyzer(f, Files::ANALYZER_SHA1);
 	}
 
 event ssl_established(c: connection) &priority=6
 	{
-	# update subject and issuer information
+	# update subject and issuer information as well as sha1 hashes
 	if ( c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 )
 		{
 		c$ssl$subject = c$ssl$cert_chain[0]$x509$certificate$subject;
@@ -110,4 +134,19 @@ event ssl_established(c: connection) &priority=6
 		c$ssl$client_subject = c$ssl$client_cert_chain[0]$x509$certificate$subject;
 		c$ssl$client_issuer = c$ssl$client_cert_chain[0]$x509$certificate$issuer;
 		}
+
+
+	if ( c$ssl?$cert_chain )
+		{
+		c$ssl$cert_chain_sha1s = string_vec();
+		for ( i in c$ssl$cert_chain )
+			c$ssl$cert_chain_sha1s[i] = c$ssl$cert_chain[i]$x509$sha1;
+		}
+
+	if ( c$ssl?$client_cert_chain )
+		{
+		c$ssl$client_cert_chain_sha1s = string_vec();
+		for ( i in c$ssl$client_cert_chain )
+			c$ssl$client_cert_chain_sha1s[i] = c$ssl$client_cert_chain[i]$x509$sha1;
+		}
 	}
diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif
index 32a648f2d3..054d9c672f 100644
--- a/src/analyzer/protocol/ssl/events.bif
+++ b/src/analyzer/protocol/ssl/events.bif
@@ -25,7 +25,7 @@
 ##          :bro:id:`SSL::cipher_desc` table maps them to descriptive names.
 ##
 ## .. bro:see:: ssl_alert  ssl_established ssl_extension ssl_server_hello
-##    ssl_session_ticket_handshake x509_certificate x509_error x509_extension
+##    ssl_session_ticket_handshake x509_certificate
 event ssl_client_hello%(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec%);
 
 ## Generated for an SSL/TLS server's initial *hello* message. SSL/TLS sessions
@@ -58,7 +58,7 @@ event ssl_client_hello%(c: connection, version: count, possible_ts: time, client
 ##              standardized as part of the SSL/TLS protocol.
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension
-##    ssl_session_ticket_handshake x509_certificate x509_error x509_extension
+##    ssl_session_ticket_handshake x509_certificate
 event ssl_server_hello%(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count%);
 
 ## Generated for SSL/TLS extensions seen in an initial handshake.  SSL/TLS
@@ -92,7 +92,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%);
 ## c: The connection.
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello  ssl_extension ssl_server_hello
-##    ssl_session_ticket_handshake
+##    ssl_session_ticket_handshake x509_certificate
 event ssl_established%(c: connection%);
 
 ## Generated for SSL/TLS alert records. SSL/TLS sessions start with an
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 635274793c..3fdf13713d 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -235,9 +235,9 @@ refine connection SSL_Conn += {
 			{
 			const bytestring& cert = (*certificates)[i];
 
-			file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()), cert.length(), 
+			string fid = file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()), cert.length(),
 					bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), ${rec.is_orig});
-			file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn());
+			file_mgr->EndOfFile(fid);
 			}
 		return true;
 		%}
diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h
index 649f82c164..2e7d7a7de4 100644
--- a/src/file_analysis/Manager.h
+++ b/src/file_analysis/Manager.h
@@ -108,7 +108,7 @@ public:
 	 *         cached and passed back in to a subsequent function call in order
 	 *         to avoid costly file handle lookups (which have to go through
 	 *         the \c get_file_handle script-layer event).  An empty string
-	 *         indicates the associate file is not going to be analyzed further.
+	 *         indicates the associated file is not going to be analyzed further.
 	 */
 	std::string DataIn(const u_char* data, uint64 len, analyzer::Tag tag,
 	                   Connection* conn, bool is_orig,
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 4109781193..8a429489e8 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -45,7 +45,7 @@ bool file_analysis::X509::EndOfFile()
 	::X509* ssl_cert = d2i_X509(NULL, &cert_char, cert_data.size());
 	if ( !ssl_cert )
 		{
-		reporter->Error("Could not parse X509 certificate");
+		reporter->Error("Could not parse X509 certificate. fuid %s", GetFile()->GetID().c_str());
 		return false;
 		}
 
@@ -222,7 +222,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 	BASIC_CONSTRAINTS *constr = (BASIC_CONSTRAINTS *) X509V3_EXT_d2i(ex);
 	if ( !constr ) 
 		{
-		reporter->Error("Certificate with invalid BasicConstraint");
+		reporter->Error("Certificate with invalid BasicConstraint. fuid %s", GetFile()->GetID().c_str());
 		}
 	else 	
 		{
@@ -246,41 +246,96 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 	GENERAL_NAMES *altname = (GENERAL_NAMES*)X509V3_EXT_d2i(ext);
 	if ( !altname )
 		{
-		reporter->Error("could not parse subject alternative names");
+		reporter->Error("Could not parse subject alternative names. fuid %s", GetFile()->GetID().c_str());
 		return;
 		}
 
-	VectorVal* names = new VectorVal(internal_type("string_vec")->AsVectorType());
+	VectorVal* names = 0;
+	VectorVal* emails = 0;
+	VectorVal* uris = 0;
+	VectorVal* ips = 0;
+
+	unsigned int otherfields = 0;
 
-	int j = 0;
 	for ( int i = 0; i < sk_GENERAL_NAME_num(altname); i++ ) 
 		{
 		GENERAL_NAME *gen = sk_GENERAL_NAME_value(altname, i);
 		assert(gen);
 
-		if ( gen->type == GEN_DNS )
+		if ( gen->type == GEN_DNS || gen->type == GEN_URI || gen->type == GEN_EMAIL )
 			{
 			if (ASN1_STRING_type(gen->d.ia5) != V_ASN1_IA5STRING) 
 				{
-				reporter->Error("DNS-field does not contain an IA5String");
+				reporter->Error("DNS-field does not contain an IA5String. fuid %s", GetFile()->GetID().c_str());
 				continue;
 				}
 			const char* name = (const char*) ASN1_STRING_data(gen->d.ia5);
 			StringVal* bs = new StringVal(name);
-			names->Assign(j, bs);
-			j++;
+
+			switch ( gen->type )
+				{
+				case GEN_DNS:
+					if ( names == 0 )
+						names = new VectorVal(internal_type("string_vec")->AsVectorType());
+					names->Assign(names->Size(), bs);
+					break;
+
+				case GEN_URI:
+					if ( uris == 0 )
+						uris = new VectorVal(internal_type("string_vec")->AsVectorType());
+					uris->Assign(uris->Size(), bs);
+					break;
+
+				case GEN_EMAIL:
+					if ( emails == 0 )
+						emails = new VectorVal(internal_type("string_vec")->AsVectorType());
+					emails->Assign(emails->Size(), bs);
+					break;
+				}
+			}
+		else if ( gen->type == GEN_IPADD )
+			{
+				if ( ips == 0 )
+					ips = new VectorVal(internal_type("addr_vec")->AsVectorType());
+
+				uint32* addr = (uint32*) gen->d.ip->data;
+				if(gen->d.ip->length == 4 )
+					{
+					ips->Assign(ips->Size(), new AddrVal(*addr));
+					}
+				else if ( gen->d.ip->length == 16 )
+					{
+					ips->Assign(ips->Size(), new AddrVal(addr));
+					}
+				else
+					{
+					reporter->Error("Weird IP address length %d in subject alternative name. fuid %s", gen->d.ip->length, GetFile()->GetID().c_str());
+					continue;
+					}
 			}
 		else 
 			{
-			// we should perhaps sometime parse out ip-addresses
-			reporter->Error("Subject alternative name contained non-dns fields");
+			//reporter->Error("Subject alternative name contained unsupported fields. fuid %s", GetFile()->GetID().c_str());
+			// This happens quite often - just mark it
+			otherfields = 1;
 			continue;
 			}
 		}
 
+		RecordVal* sanExt = new RecordVal(BifType::Record::X509::SubjectAlternativeName);
+		if ( names != 0 )
+			sanExt->Assign(0, names);
+		if ( uris != 0 )
+			sanExt->Assign(1, uris);
+		if ( emails != 0 )
+			sanExt->Assign(2, emails);
+		if ( ips != 0 )
+			sanExt->Assign(3, ips);
+		sanExt->Assign(4, new Val(otherfields, TYPE_BOOL));
+
 		val_list* vl = new val_list();
 		vl->append(GetFile()->GetVal()->Ref());
-		vl->append(names);
+		vl->append(sanExt);
 
 		mgr.QueueEvent(x509_ext_subject_alternative_name, vl);
 	}
diff --git a/src/file_analysis/analyzer/x509/events.bif b/src/file_analysis/analyzer/x509/events.bif
index 2cfc5882a4..a6db8fac44 100644
--- a/src/file_analysis/analyzer/x509/events.bif
+++ b/src/file_analysis/analyzer/x509/events.bif
@@ -1,4 +1,57 @@
+## Generated for encountered X509 certificates, e.g., in the clear SSL/TLS 
+## connection handshake.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
+## about the X.509 format.
+##
+## f: The file.
+##
+## cert_ref: An opaque pointer to the underlying OpenSSL data structure of the
+##           certificate.
+##
+## cert: The parsed certificate information.
+##
+## .. bro:see:: x509_extension x509_ext_basic_constraints
+##              x509_ext_subject_alternative_name x509_parse x509_verify
+##              x509_get_certificate_string
 event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate%);
+
+## Generated for X509 extensions seen in a certificate.
+##
+## See `Wikipedia <http://en.wikipedia.org/wiki/X.509>`__ for more information
+## about the X.509 format.
+##
+## f: The file.
+##
+## ext: The parsed extension.
+##
+## .. bro:see:: x509_certificate x509_ext_basic_constraints
+##              x509_ext_subject_alternative_name x509_parse x509_verify
+##              x509_get_certificate_string
 event x509_extension%(f: fa_file, ext: X509::Extension%);
+
+## Generated for the X509 basic constraints extension seen in a certificate.
+## This extension can be used to identify the subject of a certificate as a CA.
+##
+## f: The file.
+##
+## ext: The parsed basic constraints extension.
+##
+## .. bro:see:: x509_certificate x509_extension
+##              x509_ext_subject_alternative_name x509_parse x509_verify
+##              x509_get_certificate_string
 event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%);
-event x509_ext_subject_alternative_name%(f: fa_file, names: string_vec%);
+
+## Generated for the X509 subject alternative name extension seen in a certificate.
+## This extension can be used to allow additional entities to be bound to the subject
+## of the certificate. Usually it is used to specify one or multiple DNS names for 
+## which a certificate is valid.
+##
+## f: The file.
+##
+## ext: The parsed subject alternative name extension.
+##
+## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
+##              x509_parse x509_verify
+##              x509_get_certificate_string
+event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternativeName%);
diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index 36c261d216..4c1b31942f 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -42,7 +42,9 @@ RecordVal* x509_error_record(uint64_t num, const char* reason)
 ##
 ## Returns: A X509::Certificate structure
 ##
-## .. bro:see:: x509_verify
+## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
+##              x509_ext_subject_alternative_name x509_verify
+##              x509_get_certificate_string
 function x509_parse%(cert: opaque of x509%): X509::Certificate
 	%{
 	assert(cert);
@@ -60,7 +62,9 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate
 ##      (false).
 ##
 ## Returns: X509 certificate as a string
-
+##
+## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
+##              x509_ext_subject_alternative_name x509_parse x509_verify
 function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F%): string
 	%{
 	assert(cert);
@@ -101,7 +105,9 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F
 ## Returns: A record of type X509::Result containing the result code of the verify
 ##          operation. In case of success also returns the full certificate chain.
 ##
-## .. bro:see:: x509_parse
+## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
+##              x509_ext_subject_alternative_name x509_parse
+##              x509_get_certificate_string
 function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string%): X509::Result
 	%{
 	X509_STORE* ctx = 0;
diff --git a/src/file_analysis/analyzer/x509/types.bif b/src/file_analysis/analyzer/x509/types.bif
index 6b3049883e..258d848e1e 100644
--- a/src/file_analysis/analyzer/x509/types.bif
+++ b/src/file_analysis/analyzer/x509/types.bif
@@ -1,5 +1,5 @@
 type X509::Certificate: record;
 type X509::Extension: record;
 type X509::BasicConstraints: record;
+type X509::SubjectAlternativeName: record;
 type X509::Result: record;
-

From 74d728656d65e5a1c228ec0b6525871819be636b Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 13 Mar 2014 13:38:44 -0700
Subject: [PATCH 11/18] Revert change to only log certificates once per hour.

addresses BIT-953, BIT-760, BIT-1150
---
 scripts/base/files/x509/main.bro     | 32 +++----------------------
 scripts/base/protocols/ssl/files.bro | 36 ++++++++++++----------------
 2 files changed, 18 insertions(+), 50 deletions(-)

diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index 8192fb9e42..8c108c8743 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -6,15 +6,12 @@ module X509;
 export {
 	redef enum Log::ID += { LOG };
 
-	## Set that keeps track of the certificates which were logged recently.
-	global cert_hashes: set[string] &create_expire=1hrs &synchronized &redef;
-
 	type Info: record {
 		## current timestamp
 		ts: time &log;
 
-		## SHA-1 hash of this certificate
-		sha1: string &log &optional;
+		## file id of this certificate
+		id: string &log;
     
 		## Basic information about the certificate
 		certificate: X509::Certificate &log;
@@ -48,20 +45,9 @@ redef record Files::Info += {
 	x509: X509::Info &optional;
 };
 
-# Either, this event arrives first - then info$x509 does not exist 
-# yet and this is a no-op, and the sha1 value is set in x509_certificate.
-# Or the x509_certificate event arrives first - then the hash is set here.
-event file_hash(f: fa_file, kind: string, hash: string)
-	{
-	if ( f$info?$x509 && kind == "sha1" )
-		f$info$x509$sha1 = hash;
-	}
-
 event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=5
 	{
-	f$info$x509 = [$ts=f$info$ts, $certificate=cert, $handle=cert_ref];
-	if ( f$info?$sha1 )
-		f$info$x509$sha1 = f$info$sha1;
+	f$info$x509 = [$ts=f$info$ts, $id=f$id, $certificate=cert, $handle=cert_ref];
 	}
 
 event x509_extension(f: fa_file, ext: X509::Extension) &priority=5
@@ -87,17 +73,5 @@ event file_state_remove(f: fa_file) &priority=5
 	if ( ! f$info?$x509 )
 		return;
 
-	if ( ! f$info$x509?$sha1 )
-		{
-		Reporter::error(fmt("Certificate without a hash value. Logging skipped. File-id: %s", f$id));
-		return;
-		}
-
-	if ( f$info$x509$sha1 in cert_hashes )
-		# we already have seen & logged this certificate
-		return;
-
-	add cert_hashes[f$info$x509$sha1];
-
 	Log::write(LOG, f$info$x509);
 	}
diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro
index 18bf3c3236..4216f26fe3 100644
--- a/scripts/base/protocols/ssl/files.bro
+++ b/scripts/base/protocols/ssl/files.bro
@@ -11,17 +11,17 @@ export {
 		## complete signing chain.
 		cert_chain: vector of Files::Info &optional;
 
-		## An ordered vector of all certicate sha1 hashes for the
+		## An ordered vector of all certicate file unique IDs for the
 		## certificates offered by the server.
-		cert_chain_sha1s: vector of string &optional &log;
+		cert_chain_fuids: vector of string &optional &log;
 
 		## Chain of certificates offered by the client to validate its
 		## complete signing chain.
 		client_cert_chain: vector of Files::Info &optional;
 		
-		## An ordered vector of all certicate sha1 hashes for the
+		## An ordered vector of all certicate file unique IDs for the
 		## certificates offered by the client.
-		client_cert_chain_sha1s: vector of string &optional &log;
+		client_cert_chain_fuids: vector of string &optional &log;
 		
 		## Subject of the X.509 certificate offered by the server.
 		subject: string &log &optional;
@@ -107,22 +107,31 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 		{
 		c$ssl$cert_chain = vector();
 		c$ssl$client_cert_chain = vector();
+		c$ssl$cert_chain_fuids = string_vec();
+		c$ssl$client_cert_chain_fuids = string_vec();
 		}	
 
 	if ( is_orig )
+		{
 		c$ssl$client_cert_chain[|c$ssl$client_cert_chain|] = f$info;
+		c$ssl$client_cert_chain_fuids[|c$ssl$client_cert_chain_fuids|] = f$id;
+		}
 	else
+		{
 		c$ssl$cert_chain[|c$ssl$cert_chain|] = f$info;
+		c$ssl$cert_chain_fuids[|c$ssl$cert_chain_fuids|] = f$id;
+		}
 
 	Files::add_analyzer(f, Files::ANALYZER_X509);
-	# always calculate hashes. SHA1 is always required for certificates.
+	# always calculate hashes. They are not necessary for base scripts
+	# but very useful for identification, and required for policy scripts
 	Files::add_analyzer(f, Files::ANALYZER_MD5);
 	Files::add_analyzer(f, Files::ANALYZER_SHA1);
 	}
 
 event ssl_established(c: connection) &priority=6
 	{
-	# update subject and issuer information as well as sha1 hashes
+	# update subject and issuer information
 	if ( c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 )
 		{
 		c$ssl$subject = c$ssl$cert_chain[0]$x509$certificate$subject;
@@ -134,19 +143,4 @@ event ssl_established(c: connection) &priority=6
 		c$ssl$client_subject = c$ssl$client_cert_chain[0]$x509$certificate$subject;
 		c$ssl$client_issuer = c$ssl$client_cert_chain[0]$x509$certificate$issuer;
 		}
-
-
-	if ( c$ssl?$cert_chain )
-		{
-		c$ssl$cert_chain_sha1s = string_vec();
-		for ( i in c$ssl$cert_chain )
-			c$ssl$cert_chain_sha1s[i] = c$ssl$cert_chain[i]$x509$sha1;
-		}
-
-	if ( c$ssl?$client_cert_chain )
-		{
-		c$ssl$client_cert_chain_sha1s = string_vec();
-		for ( i in c$ssl$client_cert_chain )
-			c$ssl$client_cert_chain_sha1s[i] = c$ssl$client_cert_chain[i]$x509$sha1;
-		}
 	}

From 4da071851147edefc41560ea1080382d39b70f01 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 13 Mar 2014 15:17:25 -0700
Subject: [PATCH 12/18] Finishing touches of the x509 file analyzer.

Mostly baseline updates and new tests.

addresses BIT-953, BIT-760, BIT-1150
---
 scripts/base/init-bare.bro                    |   2 -
 scripts/base/init-default.bro                 |   4 +-
 scripts/base/protocols/ssl/files.bro          |   7 +-
 .../policy/protocols/ssl/expiring-certs.bro   |   8 +-
 scripts/policy/protocols/ssl/known-certs.bro  |   9 +
 src/file_analysis/analyzer/x509/functions.bif |  11 +-
 .../btest/Baseline/bifs.x509_verify/.stdout   |   7 +
 .../canonified_loaded_scripts.log             |   8 +-
 .../canonified_loaded_scripts.log             |  15 +-
 .../ssl.log                                   |  12 +-
 .../x509.log                                  |  21 +
 .../scripts.base.protocols.ssl.basic/ssl.log  |  10 +-
 .../scripts.base.protocols.ssl.basic/x509.log |  11 +
 .../ssl.log                                   |  10 +-
 .../ssl.log                                   |  10 +-
 .../x509.log                                  |  12 +
 .../all-events-no-args.log                    |  81 ++++
 .../all-events.log                            | 420 +++++++++++++++---
 .../ssl-events.log                            |  18 +-
 .../notice.log                                |  11 +
 .../certs-remote.pem                          |  56 +--
 .../known_certs.log                           |  10 +
 .../ssl.log                                   |  11 +
 .../x509.log                                  |  15 +
 .../ssl.log                                   |  11 +
 .../btest/Traces/tls/google-duplicate.trace   | Bin 0 -> 14122 bytes
 testing/btest/Traces/{ => tls}/ssl.v3.trace   | Bin
 .../{ => tls}/tls-1.2-handshake-failure.trace | Bin
 .../{ => tls}/tls-conn-with-extensions.trace  | Bin
 .../btest/Traces/tls/tls-expired-cert.trace   | Bin 0 -> 14054 bytes
 testing/btest/Traces/{ => tls}/tls1.2.trace   | Bin
 testing/btest/bifs/x509_verify.bro            |  25 ++
 .../scripts/base/protocols/ftp/gridftp.test   |   1 +
 .../scripts/base/protocols/ssl/basic.test     |   3 +-
 .../base/protocols/ssl/tls-1.2-ciphers.test   |   2 +-
 .../ssl/tls-1.2-handshake-failure.test        |   2 +-
 .../base/protocols/ssl/tls-1.2-random.test    |   2 +-
 .../scripts/base/protocols/ssl/tls-1.2.test   |   3 +-
 .../base/protocols/ssl/x509_extensions.test   |   4 +-
 .../btest/scripts/policy/misc/dump-events.bro |   6 +-
 .../policy/protocols/ssl/expiring-certs.bro   |   7 +
 .../protocols/ssl/extract-certs-pem.bro       |   2 +-
 .../policy/protocols/ssl/known-certs.bro      |   9 +
 .../policy/protocols/ssl/validate-certs.bro   |   4 +
 44 files changed, 712 insertions(+), 148 deletions(-)
 create mode 100644 testing/btest/Baseline/bifs.x509_verify/.stdout
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log
 create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.expiring-certs/notice.log
 create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/known_certs.log
 create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log
 create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log
 create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log
 create mode 100644 testing/btest/Traces/tls/google-duplicate.trace
 rename testing/btest/Traces/{ => tls}/ssl.v3.trace (100%)
 rename testing/btest/Traces/{ => tls}/tls-1.2-handshake-failure.trace (100%)
 rename testing/btest/Traces/{ => tls}/tls-conn-with-extensions.trace (100%)
 create mode 100644 testing/btest/Traces/tls/tls-expired-cert.trace
 rename testing/btest/Traces/{ => tls}/tls1.2.trace (100%)
 create mode 100644 testing/btest/bifs/x509_verify.bro
 create mode 100644 testing/btest/scripts/policy/protocols/ssl/expiring-certs.bro
 create mode 100644 testing/btest/scripts/policy/protocols/ssl/known-certs.bro
 create mode 100644 testing/btest/scripts/policy/protocols/ssl/validate-certs.bro

diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index f845c3e68d..e65cdaf883 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2764,8 +2764,6 @@ export {
 		key_length: count &optional; ##< key-length in bits  
 		exponent: string &optional; ##< exponent, if RSA-certificate
 		curve: string &optional; ##< curve, if EC-certificate
-		#ca: bool &optional; ##< indicates the CA value in the X509v3 BasicConstraints extension
-		#path_len: count &optional; ##< indicates the path_length value in the X509v3 BasicConstraints extension
 	} &log;
 
 	type Extension: record {
diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index 91f1157811..b4dca043c0 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -38,9 +38,6 @@
 @load base/frameworks/sumstats
 @load base/frameworks/tunnels
 
-# needed for the SSL protocol
-@load base/files/x509
-
 @load base/protocols/conn
 @load base/protocols/dhcp
 @load base/protocols/dnp3
@@ -60,6 +57,7 @@
 @load base/files/hash
 @load base/files/extract
 @load base/files/unified2
+@load base/files/x509
 
 @load base/misc/find-checksum-offloading
 @load base/misc/find-filtered-trace
diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro
index 4216f26fe3..997258a3c3 100644
--- a/scripts/base/protocols/ssl/files.bro
+++ b/scripts/base/protocols/ssl/files.bro
@@ -70,8 +70,7 @@ function get_file_handle(c: connection, is_orig: bool): string
 
 function describe_file(f: fa_file): string
 	{
-	# This shouldn't be needed, but just in case...
-	if ( f$source != "SSL" )
+	if ( f$source != "SSL" || ! f?$info || ! f$info?$x509 || ! f$info$x509?$certificate )
 		return "";
 
 	# It is difficult to reliably describe a certificate - especially since
@@ -88,7 +87,9 @@ function describe_file(f: fa_file): string
 			}
 		}
 
-	return "";
+	return cat("Serial: ", f$info$x509$certificate$serial, " Subject: ",
+		f$info$x509$certificate$subject, " Issuer: ",
+		f$info$x509$certificate$issuer);
 	}
 
 event bro_init() &priority=5
diff --git a/scripts/policy/protocols/ssl/expiring-certs.bro b/scripts/policy/protocols/ssl/expiring-certs.bro
index a76dc542f4..230c9524cd 100644
--- a/scripts/policy/protocols/ssl/expiring-certs.bro
+++ b/scripts/policy/protocols/ssl/expiring-certs.bro
@@ -39,24 +39,24 @@ event ssl_established(c: connection) &priority=3
 		 ! addr_matches_host(c$id$resp_h, notify_certs_expiration) )
 		return;
 
-	local hash = c$ssl$cert_chain[0]$md5;
+	local fuid = c$ssl$cert_chain_fuids[0];
 	local cert = c$ssl$cert_chain[0]$x509$certificate;
 	
 	if ( cert$not_valid_before > network_time() )
 		NOTICE([$note=Certificate_Not_Valid_Yet,
 		        $conn=c, $suppress_for=1day,
 		        $msg=fmt("Certificate %s isn't valid until %T", cert$subject, cert$not_valid_before),
-		        $identifier=cat(c$id$resp_h, c$id$resp_p, hash)]);
+		        $fuid=fuid]);
 	
 	else if ( cert$not_valid_after < network_time() )
 		NOTICE([$note=Certificate_Expired,
 		        $conn=c, $suppress_for=1day,
 		        $msg=fmt("Certificate %s expired at %T", cert$subject, cert$not_valid_after),
-		        $identifier=cat(c$id$resp_h, c$id$resp_p, hash)]);
+		        $fuid=fuid]);
 	
 	else if ( cert$not_valid_after - notify_when_cert_expiring_in < network_time() )
 		NOTICE([$note=Certificate_Expires_Soon,
 		        $msg=fmt("Certificate %s is going to expire at %T", cert$subject, cert$not_valid_after),
 		        $conn=c, $suppress_for=1day,
-		        $identifier=cat(c$id$resp_h, c$id$resp_p, hash)]);
+		        $fuid=fuid]);
 	}
diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro
index e0e76eb526..739b11e767 100644
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@@ -51,6 +51,15 @@ event ssl_established(c: connection) &priority=3
 	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| < 1 )
 		return;
 
+	local fuid = c$ssl$cert_chain_fuids[0];
+
+	if ( ! c$ssl$cert_chain[0]?$sha1 )
+		{
+		Reporter::error(fmt("Certificate with fuid %s did not contain sha1 hash when checking for known certs. Aborting",
+			fuid));
+		return;
+		}
+
 	local hash = c$ssl$cert_chain[0]$sha1;
 	local cert = c$ssl$cert_chain[0]$x509$certificate;
 
diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index 4c1b31942f..40af444a98 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -102,13 +102,15 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F
 ##
 ## root_certs: A list of root certificates to validate the certificate chain
 ##
+## verify_time: Time for the validity check of the certificates.
+##
 ## Returns: A record of type X509::Result containing the result code of the verify
 ##          operation. In case of success also returns the full certificate chain.
 ##
 ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
 ##              x509_ext_subject_alternative_name x509_parse
 ##              x509_get_certificate_string
-function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string%): X509::Result
+function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result
 	%{
 	X509_STORE* ctx = 0;
 	int i = 0;
@@ -190,12 +192,13 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 
 	X509_STORE_CTX csc;
 	X509_STORE_CTX_init(&csc, ctx, cert, untrusted_certs);
-	X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time);
+	X509_STORE_CTX_set_time(&csc, 0, (time_t) verify_time);
+	X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_USE_CHECK_TIME);
 
 	int result = X509_verify_cert(&csc);
 
 	VectorVal* chainVector = 0;
-		if ( result == 1 ) // we have a valid chain. try to get it...
+	if ( result == 1 ) // we have a valid chain. try to get it...
 		{
 		STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(&csc); // get1 = deep copy
 
@@ -206,7 +209,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 			}
 		
 		int num_certs = sk_X509_num(chain);
-		chainVector = new VectorVal(new VectorType(base_type(TYPE_OPAQUE)));
+		chainVector = new VectorVal(new VectorType(base_type(TYPE_ANY)));
 
 		for ( int i = 0; i < num_certs; i++ ) 
 			{
diff --git a/testing/btest/Baseline/bifs.x509_verify/.stdout b/testing/btest/Baseline/bifs.x509_verify/.stdout
new file mode 100644
index 0000000000..38729453d9
--- /dev/null
+++ b/testing/btest/Baseline/bifs.x509_verify/.stdout
@@ -0,0 +1,7 @@
+Validation result: certificate has expired
+Validation result: ok
+Resulting chain:
+Fingerprint: 70829f77ff4b6e908324a3f4e1940fce6c489098, Subject: CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP
+Fingerprint: 5deb8f339e264c19f6686f5f8f32b54a4c46b476, Subject: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
+Fingerprint: 32f30882622b87cf8856c63db873df0853b4dd27, Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
+Fingerprint: 742c3192e607e424eb4549542be1bbc53e6174e2, Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 0218611d1c..dd7d539ed0 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2013-10-30-16-52-11
+#open	2014-03-04-06-37-10
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -56,7 +56,6 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro
-    build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro
     build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro
@@ -65,6 +64,9 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro
+    build/scripts/base/bif/plugins/Bro_X509.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_X509.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_X509.types.bif.bro
     build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
   scripts/base/frameworks/logging/__load__.bro
     scripts/base/frameworks/logging/main.bro
@@ -101,4 +103,4 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/top-k.bif.bro
 scripts/policy/misc/loaded-scripts.bro
   scripts/base/utils/paths.bro
-#close	2013-10-30-16-52-11
+#close	2014-03-04-06-37-10
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 76b3f3a596..6637000867 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2014-01-31-22-54-38
+#open	2014-03-13-22-14-10
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -56,7 +56,6 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro
-    build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro
     build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro
     build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro
@@ -65,6 +64,9 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro
     build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro
+    build/scripts/base/bif/plugins/Bro_X509.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_X509.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_X509.types.bif.bro
     build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
   scripts/base/frameworks/logging/__load__.bro
     scripts/base/frameworks/logging/main.bro
@@ -187,6 +189,11 @@ scripts/base/init-default.bro
         scripts/base/protocols/ssl/consts.bro
         scripts/base/protocols/ssl/main.bro
         scripts/base/protocols/ssl/mozilla-ca-list.bro
+        scripts/base/protocols/ssl/files.bro
+          scripts/base/files/x509/__load__.bro
+            scripts/base/files/x509/main.bro
+              scripts/base/files/hash/__load__.bro
+                scripts/base/files/hash/main.bro
   scripts/base/protocols/http/__load__.bro
     scripts/base/protocols/http/main.bro
     scripts/base/protocols/http/entities.bro
@@ -213,8 +220,6 @@ scripts/base/init-default.bro
     scripts/base/protocols/syslog/consts.bro
     scripts/base/protocols/syslog/main.bro
   scripts/base/protocols/tunnels/__load__.bro
-  scripts/base/files/hash/__load__.bro
-    scripts/base/files/hash/main.bro
   scripts/base/files/extract/__load__.bro
     scripts/base/files/extract/main.bro
   scripts/base/files/unified2/__load__.bro
@@ -222,4 +227,4 @@ scripts/base/init-default.bro
   scripts/base/misc/find-checksum-offloading.bro
   scripts/base/misc/find-filtered-trace.bro
 scripts/policy/misc/loaded-scripts.bro
-#close	2014-01-31-22-54-38
+#close	2014-03-13-22-14-10
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log
index 32df4c69f2..3b04596f6f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-04-22-24-11
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	subject	issuer_subject	not_valid_before	not_valid_after	last_alert	client_subject	client_issuer_subject	established
-#types	time	string	addr	port	addr	port	string	string	string	string	string	string	time	time	string	string	string	bool
-1348168976.508038	CXWv6p3arKYeMETxOg	192.168.57.103	60108	192.168.57.101	2811	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161979.000000	1379697979.000000	-	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	T
-1348168976.551422	CjhGID4nQcgTWjvg4c	192.168.57.103	35391	192.168.57.101	55968	TLSv10	TLS_RSA_WITH_NULL_SHA	-	-	CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348168676.000000	1348206441.000000	-	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	T
-#close	2014-03-04-22-24-11
+#open	2014-03-13-20-45-24
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1348168976.508038	CXWv6p3arKYeMETxOg	192.168.57.103	60108	192.168.57.101	2811	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	-	T	FBtbj87tgpyeDSj31,F8TfgZ31c1dFu8Kt2k	FVNYOh2BeQBb7MpCPe,FwjBou1e5DbpE0eOgk,FbYQmk4x4M4Bx3PZme	CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid
+1348168976.551422	CjhGID4nQcgTWjvg4c	192.168.57.103	35391	192.168.57.101	55968	TLSv10	TLS_RSA_WITH_NULL_SHA	-	-	-	T	F4SSqN31HDIrrH5Q8h,FJHp5Pf6VLQsRQK3,FHACqa3dX9BXRV2av,FNnDVT1NURRWeoLLN3	FFWYVj4BcvQb35WIaf,Fj16G835fnJgnVlKU6,FGONoc1Nj0Ka5zlxDa	CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid
+#close	2014-03-13-20-45-24
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log
new file mode 100644
index 0000000000..827bfd97de
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log
@@ -0,0 +1,21 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	x509
+#open	2014-03-13-20-45-24
+#fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
+#types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
+1348168976.510615	FBtbj87tgpyeDSj31	2	01	CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161979.000000	1379697979.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
+1348168976.510615	F8TfgZ31c1dFu8Kt2k	2	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
+1348168976.514202	FVNYOh2BeQBb7MpCPe	2	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
+1348168976.514202	FwjBou1e5DbpE0eOgk	2	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
+1348168976.514202	FbYQmk4x4M4Bx3PZme	2	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
+1348168976.551554	F4SSqN31HDIrrH5Q8h	2	3792E385	CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348168676.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
+1348168976.551554	FJHp5Pf6VLQsRQK3	2	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
+1348168976.551554	FHACqa3dX9BXRV2av	2	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
+1348168976.551554	FNnDVT1NURRWeoLLN3	2	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
+1348168976.554445	FFWYVj4BcvQb35WIaf	2	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
+1348168976.554445	Fj16G835fnJgnVlKU6	2	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
+1348168976.554445	FGONoc1Nj0Ka5zlxDa	2	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
+#close	2014-03-13-20-45-24
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log
index 172cd19afa..455d8606e8 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-04-22-02-50
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	subject	issuer_subject	not_valid_before	not_valid_after	last_alert	client_subject	client_issuer_subject	established
-#types	time	string	addr	port	addr	port	string	string	string	string	string	string	time	time	string	string	string	bool
-1335538392.319381	CXWv6p3arKYeMETxOg	192.168.1.105	62045	74.125.224.79	443	TLSv10	TLS_ECDHE_RSA_WITH_RC4_128_SHA	ssl.gstatic.com	-	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	1334102677.000000	1365639277.000000	-	-	-	T
-#close	2014-03-04-22-02-50
+#open	2014-03-13-20-45-46
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1335538392.319381	CXWv6p3arKYeMETxOg	192.168.1.105	62045	74.125.224.79	443	TLSv10	TLS_ECDHE_RSA_WITH_RC4_128_SHA	ssl.gstatic.com	-	-	T	F6wfNWn8LR755SYo7,FJl60T1mOolaez9T0h	(empty)	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	-	-
+#close	2014-03-13-20-45-46
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log
new file mode 100644
index 0000000000..350673c2c8
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	x509
+#open	2014-03-13-20-45-46
+#fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
+#types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
+1335538392.343624	F6wfNWn8LR755SYo7	2	36F5DA5300000000505E	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	1334102677.000000	1365639277.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	*.gstatic.com,gstatic.com,*.metric.gstatic.com	-	-	-	-	-
+1335538392.343624	FJl60T1mOolaez9T0h	2	0B6771	CN=Google Internet Authority,O=Google Inc,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1244493807.000000	1370634207.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	0
+#close	2014-03-13-20-45-46
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log
index 92d7e3a1ab..88f3c2126e 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-04-21-57-58
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	subject	issuer_subject	not_valid_before	not_valid_after	last_alert	client_subject	client_issuer_subject	established
-#types	time	string	addr	port	addr	port	string	string	string	string	string	string	time	time	string	string	string	bool
-1393957586.786031	CXWv6p3arKYeMETxOg	192.168.4.149	53525	74.125.239.37	443	-	-	-	-	-	-	-	-	handshake_failure	-	-	F
-#close	2014-03-04-21-57-58
+#open	2014-03-13-20-46-30
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1393957586.786031	CXWv6p3arKYeMETxOg	192.168.4.149	53525	74.125.239.37	443	-	-	-	-	handshake_failure	F	-	-	-	-	-	-
+#close	2014-03-13-20-46-30
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log
index ed1ff6a70b..0bb8b5810d 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-04-22-03-00
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	subject	issuer_subject	not_valid_before	not_valid_after	last_alert	client_subject	client_issuer_subject	established
-#types	time	string	addr	port	addr	port	string	string	string	string	string	string	time	time	string	string	string	bool
-1357328848.549370	CXWv6p3arKYeMETxOg	10.0.0.80	56637	68.233.76.12	443	TLSv12	TLS_RSA_WITH_RC4_128_MD5	-	-	CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	1304467200.000000	1467676799.000000	-	-	-	T
-#close	2014-03-04-22-03-00
+#open	2014-03-13-20-46-09
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1357328848.549370	CXWv6p3arKYeMETxOg	10.0.0.80	56637	68.233.76.12	443	TLSv12	TLS_RSA_WITH_RC4_128_MD5	-	-	-	T	FlnQzb2dJK4p9jXwmd,FaDzX22O4j3kFF6Jqg,F9Tsjm3OdCmGGw43Yh	(empty)	CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	-	-
+#close	2014-03-13-20-46-09
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log
new file mode 100644
index 0000000000..5aeca0e664
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log
@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	x509
+#open	2014-03-13-20-46-09
+#fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
+#types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
+1357328848.591964	FlnQzb2dJK4p9jXwmd	2	99FAA8037A4EB2FAEF84EB5E55D5B8C8	CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	1304467200.000000	1467676799.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.taleo.net,taleo.net	-	-	-	F	-
+1357328848.591964	FaDzX22O4j3kFF6Jqg	2	1690C329B6780607511F05B0344846CB	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	1271376000.000000	1590835718.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
+1357328848.591964	F9Tsjm3OdCmGGw43Yh	2	01	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	959683718.000000	1590835718.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
+#close	2014-03-13-20-46-09
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
index daa0f9f43f..4e01411971 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
@@ -7,24 +7,105 @@
 1170717505.549109 protocol_confirmation
 1170717505.549109 ssl_client_hello
 1170717505.734145 ssl_server_hello
+1170717505.735416 get_file_handle
+1170717505.735416 file_new
+1170717505.735416 file_over_new_connection
 1170717505.735416 x509_certificate
+1170717505.735416 x509_extension
+1170717505.735416 x509_ext_basic_constraints
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 file_hash
+1170717505.735416 file_hash
+1170717505.735416 file_state_remove
+1170717505.735416 get_file_handle
+1170717505.735416 file_new
+1170717505.735416 file_over_new_connection
 1170717505.735416 x509_certificate
+1170717505.735416 x509_extension
+1170717505.735416 x509_ext_basic_constraints
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 x509_extension
+1170717505.735416 file_hash
+1170717505.735416 file_hash
+1170717505.735416 file_state_remove
 1170717505.934612 ssl_established
 1170717508.515696 new_connection
 1170717508.696747 connection_established
 1170717508.697180 protocol_confirmation
 1170717508.697180 ssl_client_hello
 1170717508.881857 ssl_server_hello
+1170717508.883051 get_file_handle
+1170717508.883051 file_new
+1170717508.883051 file_over_new_connection
 1170717508.883051 x509_certificate
+1170717508.883051 x509_extension
+1170717508.883051 x509_ext_basic_constraints
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 file_hash
+1170717508.883051 file_hash
+1170717508.883051 file_state_remove
+1170717508.883051 get_file_handle
+1170717508.883051 file_new
+1170717508.883051 file_over_new_connection
 1170717508.883051 x509_certificate
+1170717508.883051 x509_extension
+1170717508.883051 x509_ext_basic_constraints
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 x509_extension
+1170717508.883051 file_hash
+1170717508.883051 file_hash
+1170717508.883051 file_state_remove
 1170717509.082241 ssl_established
 1170717511.541455 new_connection
 1170717511.722589 connection_established
 1170717511.722913 protocol_confirmation
 1170717511.722913 ssl_client_hello
 1170717511.908619 ssl_server_hello
+1170717511.909717 get_file_handle
+1170717511.909717 file_new
+1170717511.909717 file_over_new_connection
 1170717511.909717 x509_certificate
+1170717511.909717 x509_extension
+1170717511.909717 x509_ext_basic_constraints
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 file_hash
+1170717511.909717 file_hash
+1170717511.909717 file_state_remove
+1170717511.909717 get_file_handle
+1170717511.909717 file_new
+1170717511.909717 file_over_new_connection
 1170717511.909717 x509_certificate
+1170717511.909717 x509_extension
+1170717511.909717 x509_ext_basic_constraints
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 x509_extension
+1170717511.909717 file_hash
+1170717511.909717 file_hash
+1170717511.909717 file_state_remove
 1170717512.108799 ssl_established
 1170717528.851698 ChecksumOffloading::check
 1170717528.851698 connection_state_remove
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
index 59c9d6d026..f383249428 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
@@ -14,7 +14,7 @@
                   [2] aid: count         = 3
 
 1170717505.549109 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 2
                   [2] possible_ts: time  = 0.0
                   [3] client_random: string = \xe6\xb8\xef\xdf\x91\xcfD\xf7\xea\xe4<\x839\x8f\xdc\xb2
@@ -22,7 +22,7 @@
                   [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
 
 1170717505.734145 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717505.366729, duration=0.367416, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717505.366729, duration=0.367416, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 1170717513.0
                   [3] server_random: string = +e\x8dQ\x83\xbb\xae\xdb\xf3^\x8f^Ro\xf9&\xb1Iy\xcdp=$*\xea\x99j_\xda
@@ -30,24 +30,130 @@
                   [5] cipher: count      = 4
                   [6] comp_method: count = 0
 
-1170717505.735416 x509_certificate
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] is_orig: bool      = F
-                  [2] cert: X509         = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0]
-                  [3] chain_idx: count   = 0
-                  [4] chain_len: count   = 2
-                  [5] der_cert: string   = 0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4
+1170717505.735416 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SSL
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717505.735416 file_new
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+
+1170717505.735416 file_over_new_connection
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
 1170717505.735416 x509_certificate
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] is_orig: bool      = F
-                  [2] cert: X509         = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0]
-                  [3] chain_idx: count   = 1
-                  [4] chain_len: count   = 2
-                  [5] der_cert: string   = 0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] cert_ref: opaque of x509 = <no value description>
+                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
+
+1170717505.735416 x509_ext_basic_constraints
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
+
+1170717505.735416 file_hash
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = sha1
+                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
+
+1170717505.735416 file_hash
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = md5
+                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
+
+1170717505.735416 file_state_remove
+                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+
+1170717505.735416 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SSL
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717505.735416 file_new
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+
+1170717505.735416 file_over_new_connection
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717505.735416 x509_certificate
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] cert_ref: opaque of x509 = <no value description>
+                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
+
+1170717505.735416 x509_ext_basic_constraints
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
+
+1170717505.735416 x509_extension
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
+
+1170717505.735416 file_hash
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = sha1
+                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
+
+1170717505.735416 file_hash
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = md5
+                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
+
+1170717505.735416 file_state_remove
+                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
 
 1170717505.934612 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=269, state=4, num_pkts=5, num_bytes_ip=541, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717505.366729, duration=0.567883, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=269, state=4, num_pkts=5, num_bytes_ip=541, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717505.366729, duration=0.567883, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1170717508.515696 new_connection
                   [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717508.515696, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
@@ -61,7 +167,7 @@
                   [2] aid: count         = 7
 
 1170717508.697180 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 2486404.0
                   [3] client_random: string = \xa8\xa2\xabs\x9ad\xab\xb4\xe6\x8c\xfc\xfc4p\xffbi\xb1\xa8hXP\x1f\xbb\xd12~\xd8
@@ -69,7 +175,7 @@
                   [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
 
 1170717508.881857 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717508.515696, duration=0.366161, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717508.515696, duration=0.366161, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 1170717516.0
                   [3] server_random: string = ^O\xac^?x#X|hC\x8c\x87\x87e3\xaf{^K\xaa*\x8f^Px\xeb\x8d^X"G\xe9
@@ -77,24 +183,130 @@
                   [5] cipher: count      = 4
                   [6] comp_method: count = 0
 
-1170717508.883051 x509_certificate
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] is_orig: bool      = F
-                  [2] cert: X509         = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0]
-                  [3] chain_idx: count   = 0
-                  [4] chain_len: count   = 2
-                  [5] der_cert: string   = 0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4
+1170717508.883051 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SSL
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717508.883051 file_new
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+
+1170717508.883051 file_over_new_connection
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
 1170717508.883051 x509_certificate
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] is_orig: bool      = F
-                  [2] cert: X509         = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0]
-                  [3] chain_idx: count   = 1
-                  [4] chain_len: count   = 2
-                  [5] der_cert: string   = 0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] cert_ref: opaque of x509 = <no value description>
+                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
+
+1170717508.883051 x509_ext_basic_constraints
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
+
+1170717508.883051 file_hash
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = sha1
+                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
+
+1170717508.883051 file_hash
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = md5
+                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
+
+1170717508.883051 file_state_remove
+                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+
+1170717508.883051 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SSL
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717508.883051 file_new
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+
+1170717508.883051 file_over_new_connection
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717508.883051 x509_certificate
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] cert_ref: opaque of x509 = <no value description>
+                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
+
+1170717508.883051 x509_ext_basic_constraints
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
+
+1170717508.883051 x509_extension
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
+
+1170717508.883051 file_hash
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = sha1
+                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
+
+1170717508.883051 file_hash
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = md5
+                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
+
+1170717508.883051 file_state_remove
+                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
 
 1170717509.082241 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717508.515696, duration=0.566545, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717508.515696, duration=0.566545, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1170717511.541455 new_connection
                   [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717511.541455, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
@@ -108,7 +320,7 @@
                   [2] aid: count         = 11
 
 1170717511.722913 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 2486407.0
                   [3] client_random: string = $^F^D\xbe/VD\xc8\xdf\xd2\xe5\x1c\xc2\xb3\xa3^Aq\xbdX\x85>\xd7\xc6\xe3\xfc\xd1\x88F
@@ -116,7 +328,7 @@
                   [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
 
 1170717511.908619 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717511.541455, duration=0.367164, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717511.541455, duration=0.367164, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 1170717519.0
                   [3] server_random: string = \xfd\x1b\x8c^S^H\xa2\xca\xac^A^O\xcbv\xe9\xbd!\x98}\x89|\xb6\xc0(\xcd\xb3^WmY^D
@@ -124,38 +336,144 @@
                   [5] cipher: count      = 4
                   [6] comp_method: count = 0
 
-1170717511.909717 x509_certificate
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] is_orig: bool      = F
-                  [2] cert: X509         = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0]
-                  [3] chain_idx: count   = 0
-                  [4] chain_len: count   = 2
-                  [5] der_cert: string   = 0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4
+1170717511.909717 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SSL
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717511.909717 file_new
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+
+1170717511.909717 file_over_new_connection
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
 1170717511.909717 x509_certificate
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] is_orig: bool      = F
-                  [2] cert: X509         = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0]
-                  [3] chain_idx: count   = 1
-                  [4] chain_len: count   = 2
-                  [5] der_cert: string   = 0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] cert_ref: opaque of x509 = <no value description>
+                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
+
+1170717511.909717 x509_ext_basic_constraints
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
+
+1170717511.909717 file_hash
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = sha1
+                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
+
+1170717511.909717 file_hash
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = md5
+                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
+
+1170717511.909717 file_state_remove
+                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
+
+1170717511.909717 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SSL
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717511.909717 file_new
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+
+1170717511.909717 file_over_new_connection
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1170717511.909717 x509_certificate
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] cert_ref: opaque of x509 = <no value description>
+                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
+
+1170717511.909717 x509_ext_basic_constraints
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
+
+1170717511.909717 x509_extension
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
+
+1170717511.909717 file_hash
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = sha1
+                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
+
+1170717511.909717 file_hash
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] kind: string       = md5
+                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
+
+1170717511.909717 file_state_remove
+                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
 
 1170717512.108799 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717511.541455, duration=0.567344, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717511.541455, duration=0.567344, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1170717528.851698 ChecksumOffloading::check
 1170717528.851698 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=6012, state=5, num_pkts=61, num_bytes_ip=9160, flow_label=0], resp=[size=121583, state=5, num_pkts=101, num_bytes_ip=126847, flow_label=0], start_time=1170717508.515696, duration=3.001729, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFRfR, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=6012, state=5, num_pkts=61, num_bytes_ip=9160, flow_label=0], resp=[size=121583, state=5, num_pkts=101, num_bytes_ip=126847, flow_label=0], start_time=1170717508.515696, duration=3.001729, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFRfR, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1170717531.882302 net_done
                   [0] t: time            = 1170717531.882302
 
 1170717531.882302 filter_change_tracking
 1170717531.882302 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=4879, state=5, num_pkts=32, num_bytes_ip=6555, flow_label=0], resp=[size=32965, state=6, num_pkts=36, num_bytes_ip=34813, flow_label=0], start_time=1170717505.366729, duration=23.667015, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFr, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=4879, state=5, num_pkts=32, num_bytes_ip=6555, flow_label=0], resp=[size=32965, state=6, num_pkts=36, num_bytes_ip=34813, flow_label=0], start_time=1170717505.366729, duration=23.667015, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFr, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1170717531.882302 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=842, state=5, num_pkts=11, num_bytes_ip=1414, flow_label=0], resp=[size=3613, state=5, num_pkts=11, num_bytes_ip=4197, flow_label=0], start_time=1170717511.541455, duration=20.340781, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFfR, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=842, state=5, num_pkts=11, num_bytes_ip=1414, flow_label=0], resp=[size=3613, state=5, num_pkts=11, num_bytes_ip=4197, flow_label=0], start_time=1170717511.541455, duration=20.340781, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFfR, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1170717531.882302 bro_done
 1170717531.882302 ChecksumOffloading::check
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log
index b37425ac1c..1cab8fa5f2 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log
@@ -1,5 +1,5 @@
 1170717505.549109 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 2
                   [2] possible_ts: time  = 0.0
                   [3] client_random: string = \xe6\xb8\xef\xdf\x91\xcfD\xf7\xea\xe4<\x839\x8f\xdc\xb2
@@ -7,7 +7,7 @@
                   [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
 
 1170717505.734145 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717505.366729, duration=0.367416, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717505.366729, duration=0.367416, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 1170717513.0
                   [3] server_random: string = +e\x8dQ\x83\xbb\xae\xdb\xf3^\x8f^Ro\xf9&\xb1Iy\xcdp=$*\xea\x99j_\xda
@@ -16,10 +16,10 @@
                   [6] comp_method: count = 0
 
 1170717505.934612 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=269, state=4, num_pkts=5, num_bytes_ip=541, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717505.366729, duration=0.567883, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=269, state=4, num_pkts=5, num_bytes_ip=541, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717505.366729, duration=0.567883, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1170717508.697180 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 2486404.0
                   [3] client_random: string = \xa8\xa2\xabs\x9ad\xab\xb4\xe6\x8c\xfc\xfc4p\xffbi\xb1\xa8hXP\x1f\xbb\xd12~\xd8
@@ -27,7 +27,7 @@
                   [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
 
 1170717508.881857 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717508.515696, duration=0.366161, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717508.515696, duration=0.366161, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 1170717516.0
                   [3] server_random: string = ^O\xac^?x#X|hC\x8c\x87\x87e3\xaf{^K\xaa*\x8f^Px\xeb\x8d^X"G\xe9
@@ -36,10 +36,10 @@
                   [6] comp_method: count = 0
 
 1170717509.082241 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717508.515696, duration=0.566545, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717508.515696, duration=0.566545, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
 1170717511.722913 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 2486407.0
                   [3] client_random: string = $^F^D\xbe/VD\xc8\xdf\xd2\xe5\x1c\xc2\xb3\xa3^Aq\xbdX\x85>\xd7\xc6\xe3\xfc\xd1\x88F
@@ -47,7 +47,7 @@
                   [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
 
 1170717511.908619 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717511.541455, duration=0.367164, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, subject=<uninitialized>, issuer_subject=<uninitialized>, not_valid_before=<uninitialized>, not_valid_after=<uninitialized>, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=<uninitialized>, cert_chain=[], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717511.541455, duration=0.367164, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [1] version: count     = 769
                   [2] possible_ts: time  = 1170717519.0
                   [3] server_random: string = \xfd\x1b\x8c^S^H\xa2\xca\xac^A^O\xcbv\xe9\xbd!\x98}\x89|\xb6\xc0(\xcd\xb3^WmY^D
@@ -56,5 +56,5 @@
                   [6] comp_method: count = 0
 
 1170717512.108799 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717511.541455, duration=0.567344, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer_subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, last_alert=<uninitialized>, client_subject=<uninitialized>, client_issuer_subject=<uninitialized>, cert=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, cert_chain=[0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#], client_cert=<uninitialized>, client_cert_chain=[], analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717511.541455, duration=0.567344, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.expiring-certs/notice.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.expiring-certs/notice.log
new file mode 100644
index 0000000000..2368f95505
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.expiring-certs/notice.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	notice
+#open	2014-03-13-21-37-53
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	table[enum]	interval	bool	string	string	string	double	double
+1394745603.293028	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	F1fX1R2cDOzbvg17ye	-	-	tcp	SSL::Certificate_Expired	Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000	-	192.168.4.149	87.98.220.10	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+1394745619.197766	CjhGID4nQcgTWjvg4c	192.168.4.149	60540	122.1.240.204	443	F6NAbK127LhNBaEe5c	-	-	tcp	SSL::Certificate_Expires_Soon	Certificate CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP is going to expire at 2014-03-14-23:59:59.000000000	-	192.168.4.149	122.1.240.204	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+#close	2014-03-13-21-37-53
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.extract-certs-pem/certs-remote.pem b/testing/btest/Baseline/scripts.policy.protocols.ssl.extract-certs-pem/certs-remote.pem
index 1767a32095..086a72e1fa 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.ssl.extract-certs-pem/certs-remote.pem
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.extract-certs-pem/certs-remote.pem
@@ -1,34 +1,26 @@
 -----BEGIN CERTIFICATE-----
-MIIEfDCCA+WgAwIBAgIQBKeBFvADKDvaK4RiBJ+eyzANBgkqhk
-iG9w0BAQUFADCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3Qg
-TmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAxBg
-NVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENB
-IC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS
-9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5
-NyBWZXJpU2lnbjAeFw0wNjExMTQwMDAwMDBaFw0wNzExMTQyMz
-U5NTlaMIHAMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmF5ZXJu
-MREwDwYDVQQHFAhNdWVuY2hlbjE3MDUGA1UEChQuQUdJUyBBbG
-xpYW56IERyZXNkbmVyIEluZm9ybWF0aW9uc3N5c3RlbWUgR21i
-SDEzMDEGA1UECxQqVGVybXMgb2YgdXNlIGF0IHd3dy52ZXJpc2
-lnbi5jb20vcnBhIChjKTAwMR8wHQYDVQQDFBZ3d3cuZHJlc2Ru
-ZXItcHJpdmF0LmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ
-KBgQDrqHR+++O06r6LHD3t6oYEYlHgKlqehm+Yy7zF7cXIylad
-TJJY4WsTb7y35S6YQPeP1qPACqtGUhs4/AUg54Duxl3VuwP8xY
-O6mmcI/Sy6owiU8LMfFij2BWZbv3+oWfq+mWs2YrhuxoNHU2MP
-WrRRwYioVbnUMW09KkqVCtF7hwIDAQABo4IBeTCCAXUwCQYDVR
-0TBAIwADALBgNVHQ8EBAMCBaAwRgYDVR0fBD8wPTA7oDmgN4Y1
-aHR0cDovL2NybC52ZXJpc2lnbi5jb20vQ2xhc3MzSW50ZXJuYX
-Rpb25hbFNlcnZlci5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhF
-AQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2
-lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCGSAGG+EIEAQYIKwYB
-BQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBg
-EFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMG0GCCsG
-AQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBw
-YFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6
-Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSI
-b3DQEBBQUAA4GBAC9z4m/BniN+WVCJlXhv6QS9mFRTYOwIUtIK
-KZKabarVsWfBYt7JGE5XPWmcsgNmkgO76E3FmNQvQtm20uCXEF
-h2z+fWp8y72yXuQl3L8HSr0lTl6LpRD6TDPjT6UvKg5nr0j9x2
-Qr09/HjAt+teLR/FoF7foBGH+MNYEMh5KPjk
+MIIEfDCCA+WgAwIBAgIQBKeBFvADKDvaK4RiBJ+eyzANBgkqhkiG9w0BAQUFADCB
+ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
+aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
+dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
+SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
+NjExMTQwMDAwMDBaFw0wNzExMTQyMzU5NTlaMIHAMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmF5ZXJuMREwDwYDVQQHFAhNdWVuY2hlbjE3MDUGA1UEChQuQUdJUyBB
+bGxpYW56IERyZXNkbmVyIEluZm9ybWF0aW9uc3N5c3RlbWUgR21iSDEzMDEGA1UE
+CxQqVGVybXMgb2YgdXNlIGF0IHd3dy52ZXJpc2lnbi5jb20vcnBhIChjKTAwMR8w
+HQYDVQQDFBZ3d3cuZHJlc2RuZXItcHJpdmF0LmRlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDrqHR+++O06r6LHD3t6oYEYlHgKlqehm+Yy7zF7cXIyladTJJY
+4WsTb7y35S6YQPeP1qPACqtGUhs4/AUg54Duxl3VuwP8xYO6mmcI/Sy6owiU8LMf
+Fij2BWZbv3+oWfq+mWs2YrhuxoNHU2MPWrRRwYioVbnUMW09KkqVCtF7hwIDAQAB
+o4IBeTCCAXUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwRgYDVR0fBD8wPTA7oDmg
+N4Y1aHR0cDovL2NybC52ZXJpc2lnbi5jb20vQ2xhc3MzSW50ZXJuYXRpb25hbFNl
+cnZlci5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIB
+FhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCGSAGG
++EIEAQYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEF
+BQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMG0GCCsGAQUFBwEMBGEwX6Fd
+oFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrU
+SBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0G
+CSqGSIb3DQEBBQUAA4GBAC9z4m/BniN+WVCJlXhv6QS9mFRTYOwIUtIKKZKabarV
+sWfBYt7JGE5XPWmcsgNmkgO76E3FmNQvQtm20uCXEFh2z+fWp8y72yXuQl3L8HSr
+0lTl6LpRD6TDPjT6UvKg5nr0j9x2Qr09/HjAt+teLR/FoF7foBGH+MNYEMh5KPjk
 -----END CERTIFICATE-----
-
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/known_certs.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/known_certs.log
new file mode 100644
index 0000000000..98a63a358c
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/known_certs.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	known_certs
+#open	2014-03-13-21-47-24
+#fields	ts	host	port_num	subject	issuer_subject	serial
+#types	time	addr	port	string	string	string
+1394747126.871404	74.125.239.129	443	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	4A2C8628C1010633
+#close	2014-03-13-21-47-24
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log
new file mode 100644
index 0000000000..ec0a90929b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2014-03-13-21-47-24
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1394747126.855035	CXWv6p3arKYeMETxOg	192.168.4.149	60623	74.125.239.129	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	-	-	-	T	FlaIzV19yTmBYwWwc6,F0BeiV3cMsGkNML0P2,F6PfYi2WUoPdIJrhpg	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	-	-
+1394747129.505622	CjhGID4nQcgTWjvg4c	192.168.4.149	60624	74.125.239.129	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	-	-	-	T	FOye6a4kt8a7QChqw3,FytlLr3jOQenFAVtYi,FEmnxy4DGbxkmtQJS1	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	-	-
+#close	2014-03-13-21-47-24
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log
new file mode 100644
index 0000000000..df68558d9b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log
@@ -0,0 +1,15 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	x509
+#open	2014-03-13-21-47-24
+#fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
+#types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
+1394747126.862409	FlaIzV19yTmBYwWwc6	2	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+1394747126.862409	F0BeiV3cMsGkNML0P2	2	023A69	CN=Google Internet Authority G2,O=Google Inc,C=US	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	1365174955.000000	1428160555.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
+1394747126.862409	F6PfYi2WUoPdIJrhpg	2	12BBE6	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1021953600.000000	1534824000.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
+1394747129.512954	FOye6a4kt8a7QChqw3	2	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+1394747129.512954	FytlLr3jOQenFAVtYi	2	023A69	CN=Google Internet Authority G2,O=Google Inc,C=US	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	1365174955.000000	1428160555.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
+1394747129.512954	FEmnxy4DGbxkmtQJS1	2	12BBE6	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1021953600.000000	1534824000.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
+#close	2014-03-13-21-47-24
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log
new file mode 100644
index 0000000000..16fcee9111
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2014-03-13-21-53-03
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
+#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
+1394745602.951961	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	TLSv10	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	-	-	-	T	F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl	(empty)	CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated	CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	-	-	certificate has expired
+1394745618.791420	CjhGID4nQcgTWjvg4c	192.168.4.149	60540	122.1.240.204	443	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	-	T	F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h	(empty)	CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP	CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US	-	-	ok
+#close	2014-03-13-21-53-03
diff --git a/testing/btest/Traces/tls/google-duplicate.trace b/testing/btest/Traces/tls/google-duplicate.trace
new file mode 100644
index 0000000000000000000000000000000000000000..e78fb01a807e64139133da59aae12be9119527ba
GIT binary patch
literal 14122
zcmeHuc{o+w`~E&7;h4vSgESboF%l_B^cspHiVOz_Ifg@2rjwKuDMLy{deKN4D5;&w
zluD)ELYk$bB#Bq@UF#Tfkk22#_rG7~y7qOQwd{SbwVvnR_p|r9kA@q?Ie3JKjC=+M
z5d;SsJ+l<-ws-L%*5ErlkXbw4?T#&=dM&G6!Ht+9h{<BI31UL-3&jeEX_k?nW83fH
z$`p8W?BK~o_`yL<Nd&<YN#}6{0uhJf=8>wI{~i8~h#x{H@=_2>(1ynl?$8))^aZIK
z5JZ>UB@B__2)MHLd+qr2X<!8VY~eiB+4I@x=|ns?PZ(uOK12s2k>R{80rFyi3Xci%
z*4Y~i=Y5<!Zr=6)ohL?+s@2p4A}}=H0f-C{`vD>ggasbs5pm3j42XyoO^PT<)#54O
zL=-3BaE3SpH;+J=?t>MS{dJ^RM>6f(ler=n-pH%T^L(i<q+53t<-ahZB1krdVyf62
zY$hg(@n8y=Jd%qXLHrP3!~oGpb|Bj^EleF##%5sx7zsIq7$Ley943r$V>2*mL>v*p
zC>R0Z!89-xY&NEdiD1((IZPHgiX29~5felk(LxR&nINT0FilJin~N!7{1_3*LKYwz
zNIJ3z;lhM4E{qSuBP2i+F+>=dhKM3U2sc7T2*@BF#AE})ix3G24v+94IslL#p&(MA
zj}MUqC-Z=5NU%@m0vCz_5E1|p0X)M400Bf0fGL8&QV=R4OU9A$WC96C!jk}Rh<GA_
zfFs}u1UwFp$HTL6IG7P0g<m<Iz#g5{05*H1#<7P-f%j-?j37R(S8FIEAit*pa|R${
z+iVI_M?%=gctq0G)If;XzWaBG)IFn!XCR_Dfq*OqOgAPF>=b78$b7wX^+L7(yG{Fi
z@@!X33q@XBXzNX@&Hd>Z6OCXR2qHcR2!V`-5rzXU6~OQ}^CJ9D5dKF9mnq8PT8Og9
zv$NUZ;I>qapK~2Y)<!AhY0B}-;=faHI1&j#Ei`%2X=K7GB3T5#%1%=R6@m>O5gu~}
z!`q)mwFvOgR6-SDCqZP!XeW~v96)1I7lkr?7{PRA1l3#%m6f1q>Y!R$x|+J02AcX#
z?53`k9?JeWp<a^?#m&cK>gG@PVgv`!-898fQ8*MAAH|9h8o+d;2T)hjX&Xo9#W!|d
zVyFmvUVMDY>fY?>s(Uatpe&ri*j3_42!VwYKtMkao`u69PdE0Tv&)Z2$T#BJa$50V
z?@wdzPl0Y%6D#tFHP^+fF1_FqC`fpy_Wi=Q-m)7ij0&_xnyOxOZ54y7iC(L@zdyp*
za@{}f63u0D1`0)<sh_{@%d7h<cjnwJ_L!H@vm=b^4yo_n1T@p%tKfCY0A&vnZIJ2o
z5z7!gXDUn{aIso(^V#9VvYUJfCb^5wg!g46+FYU#C5Qo*A1{WcGyh)x<hbM`DS;n1
z1|6jZN?R6bv~@qs(s*^hRp|T@k$}X$;KQ$`+kak0-d4q(f7mUb&-6{Nj^3*|oo0Ks
zM>5Y|t(_LFv%BuAo@cw?Y)xNo?JZkxTpT>#=3M#Q^0syDPK}BbJOS`0mqp}5SwwDB
z282*Xi3kJFtwIKz;3D8gzu{39{uMkyh{(b}1&v26j##rO%Ia<bp1};dCk#DH95e$1
zX#w8!0NR+8u!NP>J^UG=o@4vKxkE`)a|>|uk6_Y0Lf9C*BmL?gZmcm4e-{6*zcAG4
z0i12$K+blkA4_1&`5V;Tg2#7+j_YtAe})HR+!-6f$8|8rUlJBDX3n0pF%4SCn1)yI
zn1)a2m<F9WrV-#jrV+@|VE&qkTOb{TE`TLEvR;si4YXhn8atjsBfVjCPa1>W1+wNH
z!gK>6XE%93GmNRp{tnU`8tmai4`8<hVatD9)*=|8%usilS^&d?!SJIGjRGKt``H(Q
z<PJA!o}nIKB*qXR$S27325<IBykn_DgncYBpoF@&KTC8{YViEJ%UQxh-#M1bGiK`C
z?D5szK?=rBOmwnop*};5huWSzXG(1kVr%;@PHjJ!I#Mmpdva<!i3^7#u0@?tm63Z2
z#mCF}Fqwh#H8cYK=wm{wVQ#U=Tua>}m^tQT+~~<3{&ZRZGemRj6%3D%z@ZzMpD0cg
zb)fYd&8-PQ-Ck1M{Xe}{`%XzQM)~0FD}uuf67eX4%E6W*Q4$r85w(0q7MH%#<8vYG
zTkOR$_vx3NVl_|+cmkCui1LFgd4M1gagQVLBpiyuKgbd1qO(z@Y{hK((TV+L75-y2
z7*rad!8jy=l9Y6vR;e%GYAKw0SpV|plJ4);&U<C0-=-uxyxHH_Pl;7Ax>?&qed*xz
zN&W6A;XscI>y!9$rx%4T@lxgg+lne^9yR06+2)4W{C}CZPiZ-xPJCJJ+HBMR)?Ddp
zOlo$2N9rZ1Tv5T^?vHu#mmDbmTNGPV+zh%;%vrRf#w$6e>tXAfhY##&YOKvZIXeT=
z<}I^*xS`h|#cuGxJ*B(nbQaHC?`0Eo(D+5s8ka9Uxm{cY#xq?LzYQ%rw!6jE8VHBo
zrC+*`I_vGBs%gz~IQgi-2>V@r+-(WWLycE(P02j6nL4u;r{9lUGV@yz$*{*xi)4B7
zvHG>(&+lr&9fGDIKyX<^A`sH{p}I`K&!>+I6uOwRP7aqu9ubN;jbR@g8p4D{SzS{a
zl>#XNRatnn-`t<!?&eQ5UBs@%+Ncf+Yq74bF0946ps6$5{4dM?|0=gx%EXOppV+3%
zC+D(WJh5GNC1K$gsle$wmPWluzV#*HuKXvbpKg>AttAQBOkO*iRmbkK+|xdNT;p2#
zk`yC+(<OD`73XF8-FDw+w)UsI7rS|{+m6z0`QwOvOXSsTKgM>f-d1i7N-$~U4q4$J
zJve_s{ycJ0`EnuR$H<v2t$jZ<gZfh+t^cZSS-AMY?GHD7rx(}RJri4=C|51zCU@sh
zfw6~5oGzUfS1omGsY0(^+SS)FmV%Ya?UysCLRAKtg2e1jw@qnEyR27+zPi}KT`T(I
zu7dA5>w8NH85x8q>}<>CLNo1qmyLr;TDp~#Dk!=MhYt1g3q>Tz&bw8Z6igo~x3T?b
zY%j;{hi%&Lvpb>xB*~LcDDp%kt+ckzdd$r{>D?&|Z$kFX%#D)4Jq;eHQGVDb0B>+2
zc+?}K^M`I!ZB!H0$X3f%iJv<xHy%*QX$&T$5Y%4{&=I2H&Gcro1_+NoYBZu!K()Z-
zsM<&y#l_1H!;D;@2GxfH@b}`u`OwLh0=<98F+#IXD~le~-*`?jJJhl4Y}D4pmxCK+
zpCsv#GhTG28O|G!UhMc&q1vxp-{rocQh@MB7w@p8CVLu1tHUWBX<m&<@r;<9%d550
z;+va&Yl*v@qkFE^F}4vLZ}_Ybxie7xJ;Eqcw{vxF`HM9jP}|Faw*UTZFYYmXH@kS2
z^WE%dYCAqhHbzh`zaBjC554Uf62RNQ8HiW|5Y<6HJSMyeP*d5}qC=UpTI9&GtA!*!
zEybR*TG%X^mU~!#Q_s@-GQx*!uGX9USoM?avY>Is>hkmzn;8zuO-E0pH}7Irq+RU{
zND~>9=v;8BSa5e;NPk;0zOu7l`&^pg>x$bxjv-A2Gu;izx`!yowadc^d({65UuQc%
zw&7EDb)bH8ai90U+fCNFVJnjTw))*6&98l#PYVB0+n8Ff%54-S9#NfbOPy)29fS~K
zQ5GQ*$W`mGTnU%8j+ZNIPPqb=1IiMQ2$xw<DBa5~TvH9yGtk2;GIO|xYDe=34W>~|
zX~9go7acqv(0;v1K<PrYP+cuepjY4nrAr^xA8r08^7y|rtFcbf10Cp=P@KLx%K7;M
zfBiQ>CE+OzS8|^G)mvbCk?`J1o{M`&qoanG!Q66Ec;X@bHd2XiRM4^3o9pw6KF7RC
zm?Lml>2b%_ucz};s`l3`medtJbb9~Nz3Mi#U$&cG7f*9gv;CZ)7PHCWbk`?WzX!<f
zOQOA^V!BVUrMa7ft5dGktWvpCpJALe%d_tJ-K|nVwbrc-k2W8dy0faKy8VHRzTMlk
zHoMe*+A8Y(@M^uCbj&~sDM`Z{r10|p)K|YRLpso7Wy}!Zk||V`O<r&C>R&xO5rYPo
zSt?CN1)}9zA0-KMRuY5Wp42vasb9vW7w4W8@j)EzcEwcMg8bg}4Qo~>8r#94S<6~|
z`cxhir~PC8M3E|JqrHF6k%lpvHL0WtKs{n>76}Er8H4|?f)&ChkB1vuu&g0Cm1vHd
zp{8Ua_==#0sKJP8;c?<>P_;t9!`8-)8#%;EBbXM#0MCoG5b!OK5khA&f+NOpn-Cj|
zguN6FuwE`M9FLNVW4Z5ja#vLaMR|Ry=x8vM8|>_?wtj4?UvvqLl&oL1^{DS{J)x|&
zWnQ@(qDw^@%zq|2tqu8c=Bc!nl>W&K9nll%4?gD35aqVGSoSvM^H#l&GOHQ2jaNcE
z_PmMSY^-qGh^xa@pPBWVU~8RIxc`$|SKLBj@LG?v;zMv21VmyHao`=FanIK?t?xYb
z9nW8vU$^>_x8bbbu!xE>r)et;q&HV#T?)J3a5Z}wDU0TO&-qrh=w&Q9XW=2yt~J`x
zeZg6vXdur1T~~CiKS_9f<$bSBOnBM8^Y|jSo!?K**w*;`+1Y~Q{XMt%`qVpmNKfay
z=E>>W*|R(~R4~tZ?fi6i*QLF!M?*a$UtITIceAwXqRaE|nSUK~mFQS<__9g{=_=9X
zej<0&t(Ws=N9;|ua+h&ABYQTepJrxs``YY?%KGLfy_KQ=wpM9KkhGzC)&cdr1-38X
zF<w29lGI@Mto>y#r+VfM?aTo6#9nZ!XIFJ%QK90ROSfn3lk@UD`rNO`T5YY%v<TAa
zu6$7`k5hO5UTwT}UZ|C3zw|Mwh2~1W8=IX^=qs!|ncn%P?X^M5?DR|hdbUQHdpES(
zuFqe`+ZF#}TZ)UW@)wH%W!5}Z{f9*zgOcqT6`scFB9^7v6_g<6E%Sr@TbWL92ZzWH
z76BLaW6C0PM;;cL0I!KfCJ$^W%ALI}FtNyp&Yh}kJ+6m{o+XnY?goe-YQZ+^__9UQ
zpdc8SFFeL?QX<7Ife>+R=A?*{RHQ0z6p;uEAzc1aL9mIsh?pJu&bczRS*%>h%p)gQ
zvHsG{a@641_Q-^<9j=lLex%#Ozu{DG6W*}NPxiv!(j*_Vj#8(ed-x7tLkAEuwUwd(
zioKPE%$Y{ZboaOuG0VJ`Ag_MCPENj|BJ0|{3R~9AN0)f2%ud9ur=EA@nfDOJynQ(Z
znFIF3;4z*^xap}OY$B<TBhqdK-dy1rK%|=eqeQwWRbxnm>p27VxlbUt1PnR0)}~mU
z%k|T7Johm%LTk&B#WkJIygSPC7gJgag_sp4BKhi3mMhMDmpT~T)ub%k&d{2t_WJNi
z?x&T7H$1=mtDg}TusnR$8ljS>ZY9b6!Hn-qrtOODGo)5m9Xxg*e(=;@e}|XHPkL5{
zn>(L6XRE4RDV8i&w76j(BOlGktM|(^S!GaZKCd>_JIg*Nh;pauaqZ)s9+EQ`T*~q}
z_u+v;@xp&90>{J+rWAg}b~t-Ft;90p+>WdexuGh$zO=jOgL_A-O*o_P<&J}N7`K&w
zO~tH4NyvjD1}6`4h1>D@A%Iz5s-KMVfEV!KVlP0XN8=DLFgiRYFw3!s&DEXzCPf6y
zG5}krLtI^WA0kSCOvnurVfL}uFiD{+JV{p;9m~n<@6s&SynD>J`aK-=d>Rh<3<iY9
z`1~U;Q<?1idvWGJKLq4o59Xf$E`y_nQDS#U)hxUZM+N)v><{k5nJO_df2-ocvfFCg
z*ERq1L3Dk(`1@07ioJG9#g`&FtjgEhVjqqQ5&q&TJ=<scz-3?D3dXiUHQl#6N*{PH
zQ7X24#$y_HC*G{Sc0>Qc`8`J#3$9m<ySH?03Ad?gVz;lX|AxM8%V(1hdpDj9m2A9X
zK6`<m$KB60bDvz``)+%gRqEt5=Sj<a<?d{mU3`MV`6X@3E^g{rN;Lf1XYXd&Tm_e3
z3YI_eTsvX;I;o*>`Q!bO0xEm?Lin_%TF&J|MAh_Ph!fJN^EwF<!=Z0n8ui-o1yn$c
zZ&yL~htv2N1{ETrQzEvWhlutMCqa~FBhn@!egueaAW86;Fh{%d`ypa{{iKM1YHcSu
z5ye2#rw>zY&ikujg)bsqcdvPxID3YLMVi!ZxCE|@se-aB91i$ZVBCPKKv3jkgs8|>
zU_*@$3gz@K#7Pnt#!j3NCvOYnLE=_JYoh7M5F!Y165#FQJ}^g(BV1D$al!#`j&u1(
z=U9&`+tjo94vZi);=Y3ID^4TMYzh1uG~ysS|3$7Tj5t{zIA0&hG4rhtY7@u=Biw~X
zT;QBvMx2SU>Uyafvn9}ogUAj5d4$3flBtu^4d<QtOE-q*eHWk~fJWTR+as|xvw+AD
zQM`m}3M1~jF+?<-HZBrFh`@*|R^db(W5n%MKOtGeZDEx!5v>_lsvajxUhC6P`{Tz-
zX*H=6;qNy8G2$jM;$TLE?)=K}M7GP)+3b-U$DRY5dLsED+ZQPeWd!8c3oyq5A~rnW
zn!<>a^@E7+`+kQ=E*wSlhKR84|1#qGlIT|Dlm&JQ{Dn1IgIZx3&fFKx4eXd2y$ug;
z{4wJG7;%4$IB5O+G2;FhaqyP{|EUoNwVnQON^SRNYx~&E0r0FLHglv}3=F^Zf@;Cm
z_CH44$WK207;%4$xIac5+&3Qf!6)6dX8$aP?W+GV;{IDB4r+TM(DvWI?dc1`cQZmb
z=et=Xe^A@>Ghj0yU-H}NyO|BtcZhfyApYKnlVw*650vvwVEP$$wE#OnxAt<r3H&kQ
zm=S-BxIaeRl)oJK|JsOi*#77})=n|27F$|)BiF(8A@jwTvtH#cS@$K1tM_Vu@;!V&
zdyqWuc<zJdXbT;Oz0Zk!$6pH^I5S^>%B*Wy)(MR`Bhzx0%YkND{xjc}vsS3iNMl@7
zd{kN2KoL6rI>~vr`xRgP5cz7!?#}%lo0oa-n)%Udo^<)<O2sYF3MH~w^ui0V{aX4>
zc%|bv->IxK+OWv-+EJzvN!<UbPlosEO@qFMpW`y_>wR+nahxxzP;h?wEN$^;dKxcI
zZoBaA9J<MhxFGeE#@Dw{J<EW4{@#d_W&gn5dq1ao$_?$z0QHpH!l|CmDl)S!GhI6^
zVz)b8*mH8O*qNZ~uB-e)qG{*+k6B7iS2z&tv~{OmrhU3u*)gTlH71wy?m3)HT(|$W
zr>H`fne~b0PwI0nT)$t#v@@f1xGx_FT9b3*{GpwuuXnr^W13V)nK}#Uxt;rrZ-_C%
zRQM~NzjhPr$lG`*u6opngNtgNvdECv!Xl%qI<d&efh|S3vm)@n8`!_?HybT7@1{ho
zD}{&w_a-7zWdPy_5z~o?3mUl)3~aE%W5Tv)@zyekSYkaXBG|(g9o_&2n^(555RNh8
zuH;v)C%Ard&-`bvou0XTuArmI-5ZbO9By8bA2=0mdbR!Q&W#Fu4hcC*9(G7nwQAFT
zO5n#74apbN`<zzpn3puhP<njVYg<FzTbEMmiQ+4^feTOPOTJpJE@*W<=x<rE4RWXI
zu5ZzH5O|XUV{XySHH8r;%l@ssw+<(fs4}1o?}A25Zu2OS7;sJh!-%`MBxkO#qhqkR
z@Tm)>yzkPsZe99L_)a=4Q$Uq)ThmKI!@X{0vHgz~52DMOTO4@eBY6lx_?H0=#Oeh$
z>%4LwU_MSqxN5ce)D5=>@@BIt*R&fcw>#1A?rr57&^cVv<lb>%xy_6ZZwu!(TAu$9
zXKJ(TU=_B?F0FW{SU&$lnL9D1LMh2iB1K0SpOot_-eVu0kT)i7Fs1O599XGPU?KhL
z`NDa5wR=qerUrT(H(J)ublIEy_*imABaB-zh}-WUh~DW#9@yKA<H4?=HhBVI))%3g
zQD&_MJYf6_5C<xGr!eB~Z-j{S_DK-|v$Clph?Y7Kk!{2c6Tww1(f)}{kmi!sWu7ui
zW%l1+Ze>9z{^|!uO$Psg@OvXpmH}Vdz5O}!FHZpZFM|1hlr)lmO-HF3OC1g)E^za7
zS7%LS@#yzk&^4(8*PDD>Y6<yPm#eZOgh@Y$x|y20mmaDQ>X7dZX*J1Xl3cttzI_%D
zbIDZKeqTH{musK2lyDv;>NdKMpVA(pQzjRGO}Gd%I?b)MXUUG1tkAYK&ob27qXKja
z>`Z0E%w=S~N;->X$QI8y9}?E)BON;3pe<=lXUzQbO-E`~aV?m(wS4Jz-gxVGAFOy~
zde3RW<?jW{A4%gRJKVtCoam3p7qOQQjJTP*IF}C*-;Y6@AP_ps2{4VFapTfh1c*@t
zi1CdJI4(mXW@%tztmz05+owd-)`f`Nc9S5UWh2g>h{$}#JB1NvWdspFsZ5FpsAe~u
zbdYfN9N9+PFxA#8KaXv@9CAzXbEauop^}KMMJHUsMlj$=m?s8BIuQ;iH!yC%dmt!h
rp%F*^F>wj;UB3_~NgVrkd_EH6czYHkt{z$wGl2yO!wf>~0+;cBs*Zrj

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/ssl.v3.trace b/testing/btest/Traces/tls/ssl.v3.trace
similarity index 100%
rename from testing/btest/Traces/ssl.v3.trace
rename to testing/btest/Traces/tls/ssl.v3.trace
diff --git a/testing/btest/Traces/tls-1.2-handshake-failure.trace b/testing/btest/Traces/tls/tls-1.2-handshake-failure.trace
similarity index 100%
rename from testing/btest/Traces/tls-1.2-handshake-failure.trace
rename to testing/btest/Traces/tls/tls-1.2-handshake-failure.trace
diff --git a/testing/btest/Traces/tls-conn-with-extensions.trace b/testing/btest/Traces/tls/tls-conn-with-extensions.trace
similarity index 100%
rename from testing/btest/Traces/tls-conn-with-extensions.trace
rename to testing/btest/Traces/tls/tls-conn-with-extensions.trace
diff --git a/testing/btest/Traces/tls/tls-expired-cert.trace b/testing/btest/Traces/tls/tls-expired-cert.trace
new file mode 100644
index 0000000000000000000000000000000000000000..2c26b52b3377417eb7240780f3b71fbfd06888d3
GIT binary patch
literal 14054
zcmeHt2{cyU`|o)N^E}VInKC=3jLDb`$q+&+^E_lIL&=n=&>$s*l$2ynhUygwNoiCe
z3L#Mv6>;}|#W(Wp_y6C!*1hZAbz5t%yyu+#dG<5x&vW+koTm+CxmW~`EdHCHM-UA7
zfn6hLDbGran1a9IKtvPXCq)+!+%~nEQzH5ZqGh>B3(+DUyGty<pR#f4q8^RF)H>Pf
zcEN{Bu=DdrT>uK6tOA3>;V~FWYOXR|2fT;JE}-u^NRJqS-*7D8F32FEYXAX=B)JVU
zM1~SDwWASLw~t!@3Eer&D#v=Q7trxoN^15K!fg;8NFsyl{sxeB04f}RtXr|-I9zv9
z!isfw19ZzMMuMd1dtd?5dhr1e86u{~(<3p!EO4wu!~~B!LqzjEt0Hm|B%RuqBeLT#
z7<CMSQO4m;y^r{`NsY)JYC@dap2e9qn#!C$)X(wWIaNH^O-z>xL2`&FQHm%=6eh9~
zsfmKbHAo(kjd&woh$^CjBp`=~@<bV;1W}a8KqN!5koAZX5=UevQWANIJP13&LZl<&
z5Ne_<QIfcpC`4o-QV|7+{K$Fa9O4d)tboWPXOVQ^Qaz#^QJN@D6d}?R@kl13fyg3h
zh&Dn&WFk@!X^B{b3<L@r!i-QMtOyfAiI5{WWF8A_;)~EAcpQSkBGiZ?0HjCg5H4_y
z7U2XBQ-fu2kRGQ16WIU=8317cafSr|3<x6t69R^%LkI{zIffidjw8d6VaY(;;IVid
z4uiwua99i$i-k{PFgV~5`Wu)fAO8_Oij|jO^yCJvh#pHPTYbJLM$DjY<AO(ke<!)h
z@Bt7}`wa#eAwx)GB_df@WdTIYX!$op0m&uADToMsj3{9dL=K0s6kLN#G#y>%TjS^D
z8=9YMICJd;8JjTCs)hcNkU!Nu1b7mmng;=aKr?`uRJ}9^RTo0_62X5&WAMXh46Y-G
zWC12*BDuhrs768VsntF*#XmQL(vee1#BYk9ro&*!$PhF@js~S7$64XYS+E8=ay%#(
z{6WdWY!K+`80;EI*zD-%?BN;&{*+@x>ETTZ779y8A2<I%7ddW}6JDWaVba~Qd5hi_
zg042f#M9R^*wsaj9c6|0a4dAc?pa!zfcq#v2c4V(Dvv6nq<?ncry{C=D#|M;sVb@3
zp=NSxPyslThJ{nl-`CO8kD%-C7aZvCL$G%A@pJ*Ja*<;}nHC<Q{s;UwiF^0%l?e*)
zbn%e!4|GRkFoM6UjUhvDF&G8}T&KpyU@*u%>RhyaKs)utYb_6fHZQfi84_Lfxsn?q
zC!3F_8eaGEAF^(fxNy|)QepHin&{xVG^(j|Z99%F%wsI|Cv%KVXR7y!m#ufqqM%k^
z=Xy>+@XqT}>RT^UPP~c>42zO-#$<jpI+!19*jVR8HE8rHu6U+Rh`X}aYrle(zsGTh
zeb{X5RMo><JO-Uyk98#M_SfcyR5iZpm1Q_?=kOrL`D;uqGMVw|-pMV3g9m%C$NXO<
zH+C4MaE)K9I!J%&+UqM%i#6{SMGJ-r?t0Ms#%?c_FX3u!Z8s(-IpK1vn$EPeZ$@Fg
zG84UbbMD7?au%JT7g4k5cE$Rcj%!=9>WAnkE@DCOVe(=ynZP1vNVew_!gHeRQLH@P
zHw6wGa;9!owyGd-d{nO9%ef!r1D5Bb$Ft*EGw&RG?^)PzvnPRHeZqlZLxs-Mc2bP+
zF<>zBcsveEmV?s5$64TSEQ%~l7Qw^dpp+yBAxMG4Ed7N=x4?%9_)X|WRE?YlJb=fP
z$$_m*fl8v{i_c*(?0g=<!2v;Pva&(0&LM%WGS2?K{x1ITKUrNfOO%qF+&!8WgT<gK
z5KsUwhsvVTIg&Zz@oV8sFwr^C=hrM}$Ax*M2nIo_t1Sa=qMnQ5Fc`c8YL6-`{zkFC
zfdu~zBp4N5nuLkx{3Y4nIVfP+EK~?Ck_pd?a>vju3*8v1f1-H##sv|KLButC*G_IT
zLFY`E+I?D-Mr#I*d70i@jE2xWL)5Lt%0EQ&+~1rYu7@$Gd_FIq@j1Rw$|B}1Reo|^
z*!B4vigh6gMKgs~`Rs{)cKo9|@^Ol1yX+WEZVMaxcaZPZ75!doLO*{ftkr+>t*lI(
z%|!cId`4fBsLxscylvh4Q;mJC@GtDHosU(${`T|dySe#~+$BfyP98Y@J<=d!hGS=1
zt$)}!jY5OsUfmWwvt#dO+SUp_nxhFwj2C{`=NxOWXH;=h=eFQ)_1+@4C8;!0JKcwM
zT(iGDQ7}rUUN>Awp(3l|`aScICNG<WkfS3pq|M>>w@&@Q-DB)rC;4WH_D}93_(8yT
zZvo%6F7O?rU(KhKu-G42eP#Y>vwml8|Gw`b-TD7Ucb58ctSB=uJ>V}IZ5NlVfgwS`
z1Z^ETQQ$Tb|L`qc)ei*(=;!DIncwj5%zv50{LRamKW%0)m(-%mnV+zAs~N%6HF&Ro
zptqbLN`R7aEL?v`hSX}|?;lL!PdQXYUSWwp<xx~g0hL1)RTNb0{tqzvf8y7tk}|xH
z^S&LhV%6%I*6WV5nm!m|<>q;5!1jY{?Btg{rEU#dOwXL8s?sX&;K*U7Dv0V6cRr0h
zDwjo#?X|V9{fJhMM>-T!nkF5&qiW55CMY$Ox+Q;$SXF_d@@tVbr5fo|z08_HBQEmU
zI^-H$oz(bn6B|Rx$9uycA$2=`B#*V->1Xj1+1aIWAtA5J@Lt_LhHfrmY2e4uag|tV
zeGZ<M{aGL16iP|ug<P|b;Y)~3YNvFibrZEA%cXrYND)U9m)BhQ?3BUnuC6)0S?ozY
zOzU7}l{Y(zaTrddI(6>b4)N{X_pFXiBoj=v!u!AK<0{TbHbzBS9`e8Q*rsH7kze-$
zehpg2uSGY{gez8vPXA~W-8zoD*(-d1EB9~wx+?v`9K6J@7;;hsFYqfRN)BiiykL=%
zBcM@g6kH<514czqJvdDOzaCXbRdbYcl;RbBBf^j%*T7&H{v;+`jJ?I6*VTrBM<T`O
z@<l=etQeh-M(3d$7Owza{0B2w=D&m)pzMsQ{sthuw5Wdru-a;BX`oBu=wMW2X(}e3
z>vwuxCVT}6kf>8vL{*3ae>L5~)_wh;tmA$=>xfzMq;lh|AJ524=-euAYTP?7;a&M~
zuqIY>*Rgf9&+dFYeCp*19U)%a9?d(OK8FNml^=arzD?2EkS|w8a(&s59plCxm&(o8
zjQwUYRcjcZovQjEb&Hj}O<Shl=k3O0^G#xrL30BfH8Bm0WYKPSj)<w`=xGl3w=0zF
z`_^Zfb)(|`s}`A;Cj*lA(Yy=NOixew(8r{w)VV9#N&jh&zWp&7Lmr;j7Z{?P)&zNe
ze%IsMxoMv@v#21G0j6mO*PV(}r^g%-tIv3q*|@>b3Oe0ex(eMMPXz6e8P=E~W2Z3m
z;geI@<<)VRr`->Qn7@J7Ml2mIf~7*Dp6~D1x?kJHweI=JCq_T1pV7uWR=u#(g62ka
z@clD&!{%|>$7P%|17}z&Dqe6zvOlw{53A9kkr1DgH`*BPyd!$v7NZ>TvFoP-`{9k;
zMe2dChT@S>ygkLG*R7$!l>6BjN3z?px)sPMx}9DpT)PsyzjyNa+nXLG?^QJ!gx4gO
z!*f7Xc+ZCK^>I@tyd(rRmE(ymhexKn?P*RoiH<W!V&$WxA5xW)r|wRsF16m^Z1bb+
zWSHFNQY*r^QuDkvK6T=W38j?H9f2L}d#X75Gah0}=oM`fUw$??F{(bqQq)vR7uri@
zYGR?l7AA!j-#XpU-P!K5Kflyx_=^B)J8F@0=OzZ(UH$37`%uvmo1Hs4EL0S=@4Vrt
zf5gD45dR=-_fz{|$o!iD^Gku(Za7xH^JDlcuR!L{Ik=qpGxJEy&xsk_Ubme2v#si$
zk?$X?655w<AWyUnSlj4xu;(S=iGoLpL$u5V?ot+9<@bG@KeQq#+X6k*zpgdVw!MmP
zqA}(|j|z(-2OWKGs-(60My1P98a<e`I^f-rJoPTgdq>m^+B+0>fg|G8mZZYsxlbpj
zE2L?@&NZu>ayz`%s<>CFT=0|i<goK)>b_9&N8XxsO%3%e86E7jZroqnLtD)n_g(+u
z*zD8bKxO}N*1l6-%uy-)$*n!gZ^w4`+8w57QT2~SMUFkl$!DmknD^X$fI|1}mFWz}
zLD_T8>0x8Fb;(6i4(rX#XK3J|22T%8YS4D2z;^J24adqeF``J^4bQ~U1<TLG`g~Ql
zGxMSt1@>^OEZB~#jEozc!loc%<zEpKgdt+}*FO=nk^rJRm&2ckaYGn{68IL5Ki2r8
z<pf0BTfZtICjn73TSDZ8YlP~@GlD7r5|yx}xu}%=S>&sFf=?nDjxVKy``e`}9S_;x
zXYNox?Rkjz;&wxR+Rk@YH+G$<8C$cRo~iEC4(uC4W#zijgsQv^2C`!>^0zd{y-lbU
zFR*{1BzalqZO+C{^U2nO*Q~ebJSw0$6u#}=^ECqn5gjqyQ8oJ=Lp@Y?N^qz6#Xg#x
zY#3#QZ}=FvAe6h`Eq(S=hQv0*+4|jj#{>L)3oS4e8`cUdojGQw8!LH%&p+vrYa=C#
z$M+9pn)GGR(icMUhzYO>9Dl^UW@RBM?p>D0eO3~P`*%^CSjrJ_UWFAB_7frm;6Glt
zj8;%WYJ!n~5SgdU%35=S1H<gjREuu+iEPx8I?L}M)R1?^zF<=)<vO|yp^FWSL~QJ-
zPvcUpFUC9azw13OFu8r{B!@)OxU-F}Fy{-pI=gqeV%c~07I)Gx|4hG-DgQ0mzTx8S
z>D>CUZegi`=G>Gq*=NrRqHdWtw+W3LS|2oGzS}P(WzXKW2>sHbdm(v;3NGk+?b!4F
zk{@R)w+L}v!(%)9<7$emZ=K5>&xa2@y)5yT7n|+oPTh?i&=WnXMSskTkde~&uGsuH
z+g|xjY3w$8cfx3A#UxoQhOACt^tI@umcw@j#%J3<Z#&cP?kw-n{)CLGwosHl{o_Mu
zTjntQU-reI5{x<f{uMFzuIl!=(;$k++2xmFt^wMY93V2x(SvdfLK=TWaq_!;5OIg@
zs)!(pO~8g-sAsW?K|~JVEkcLdE>`M<Po{!XH%B@8r6hKDhn{NmJmW^A=kD*kJ^eO(
z2z{wq`?Mu=*FDKV&Xejyo_Ejqyj@=@tw~X)6P&&7h?gFV_sq=ubax*j91&uX&uvBl
z)_SfAyQKZf$U+n=ufoX6^<5rW=T1A>Zd@P5h^1VUv=~`pAGyj{#USEOfOr&W562(c
zN2c{a?XP@ZuKmXKBzpqws}3(||AGC4*hiA~-X7K0pPAQ+W^KVT3UuE-A%QdM_ZT@c
zagOmC4{b>BcG5%fRu7Y$db@2dCrp@bC}+^(q--e@9#ri+@Qy4zI~E~>Ys-=#`<u2!
zByD|G(e@D3mSDT6tvD;t_5(!R0&1@AU{}Ji(ta4*%4?*Zxp7rQurp7yEg{B3M4$+U
zaDZdhh^0@mLiws29q!v25z9@OYpfF<lsJD;Lmmyr$?K&Az57&&XQoT8e*9SdB7%ax
z#JS9ymNtV<Li1v@;NF=moO%IP#XOAm5#8MBWaV`JNw=^Ma?%oOhs_fbE**I)P<Vwc
z*Hw%DXN~{u*MkQg*4DOp&ecSEvM5|x&mnkkp7Bdsbz*A1#pA>D>}tI(FQ08Re9#a*
z+Z}&&M}|gOTj#n|l)<+;$+F1fz^$}!(;2c84|wV+qjp&^PwGatS%snv-ud4B*E3%E
zoUpvaM7?p?XhZ6QOJ~HgLytYWq<{X#BaO3V54()2gEpt<QqA9fbFl8P65)gi$7T*c
zPgc>fzJ~D<qbl?5I>S9#$i6FvSIE__G_a1J_xn_l8<rNH2F-2*%?{!Vj+JIdY%7aN
zj?`an_Ut+kwuc}go&d$@1ws@jnVk)8F*fFx;*posTlXZ4MF|a_k5qm2zIwA;$J-fk
z&2vuzxP+ltJ0Ny3hyEc}v9g3D)^ml}K9X1_EG0i6h2O<O#OJ>u{;^vWm2Kf}p<a>k
zHXf?Fom~gm=i^-10wPx#hbj9B@py>%@~?=-Ef8_aY{mYAh<yO@!`v^^{Ej&KS43{0
zwHEnWuT>D=k`S%_T;mD0f86(n*0$*gL@bzG6%lX*Pw#R>lKYMh*VP|tb?)1G%H?}n
z_NerCXMy|AY-KF(jMCigIX>A5O_K`5F1qgzv5IbAq1e~LE5u#}rg<C1L_p@amy3mn
zs)zn*U91uirKEuHSP>9!K|oxEgu*krfCyZ74H_IGvL^l&v5bW1z6xRy3Gu^nL}q|^
z6Q%x3TZr-&)EYAmwGPL8Y8%~$somZw^#*J#Qd>yj*vht$c0IfY+d>fCkoljc(;pVl
z`YH<7D-jQop#;zt+V_V0IvbGCTf#g)pYFAUj)7Z4#jP!ht4zCo5xotd|GURZW8vCu
zl~%017f4`-t)UxW?F*??M;#)=_3mS#{Yz`8Mh7BpS+^=8XboL@y&Ms|N-egAstYFr
z5EbF>C%wHFHHhzR`akTmEV`eQmR?Gm-luXy;{UgXR%s1Ej~vF*|D}=hRT@T+@VgZe
z#J;^#h7iRV!}$s{DSt)IELWM1I()e`0<pP~)W~5T*rSpf(af_ibXfT8r!SnX=Y|6}
z-@DaXqZzrLgCLt#gk}<K1eraDZ>Dc3Qn*sye6giwQz@q8G+UTVt{P~~0XRk-8iY|3
zVN^%R{LmOOFHrHc_*LyxQwoqj-=@XB{rEBIx_H!cMWF+YuKcasX=N$LfwIB!A~g%W
zwQHcKrKh`}6v5EXSw>EPRCEFz7xu*)goSG8Vqp>#jo?fg7Wu8NfxbZme>Vasu@D@C
z39#w{3-PdSy$7HM0aQ{IDKNm1Am%JChsuG{JDiMT5nV#p^>GXeA}A0nN#%R+Um%zZ
zOPtaK1BIm)k;+nu6Sj!tmRdy77k<;r$V`r&)MNl%E3&Qr-eLZ7%qSxiNWn^F8R82%
zM$+CPa{MSSNq1JZty^@g2o~CgCN|o(ptU3;WfJTn16opYBn??5R%-ZfnxRT^pkhzb
zjFkmG6zuO5A`Mz)phE>M0IGd|?>pTVFJ|4Fh2+fJ@!)rUmJaRdxpzNm25T?EC2DxO
zoVC15;?=a5<JAt=)bQs?vpTZnFJ`Y-^LO%gKEWCBUT$$WY>iAvxE|>nX3eqNSSkMC
zzJX4<77Vw@{i7Tof@4Qdg`ZE{*)#Iodn><krYEN$)?rFMz6j6f{=wv-4aLZXF_G-^
zX7L@fmoJK5N!wATH76!`ES-AI?O0HYnE1M5=k0BKWIOfkSiJcAgkwsM-;F11*6y2;
z(Kt44kT~Mp{Z_~`d6dh1M~tleaGprlXPcg|4I%f46>R;K_e&_ed^rXBUkJ229x8Ma
zU8}mDUOuFA<Fy*r;?pL#Op@z4ur%d#i*?ahV5tKrKd>Zdf`Ax}S=E}bOUcJVY9cKw
zfr1v3KD;G>*F-f?wH%e4b@7V7YJry477Gz3ZJ;0xJ3h-Ibm^{v0;#yE3t<R&00P=Z
z)Vtz0VdB5(V<^_45~$c>p%L_+c>guzodbgYQ-ce3HW#~Vbb8y_E%oYSBKZh~B9j>B
z&Rby@(LIZjK!Mc@_4xM=((kIET8pzl5q4GO9X%cYqP%P13hE%$NRL-Ow7XIAn3cXd
zFaH+J`5MASiU1#JE8O8>0deCNUL&u|&y)%a(`Aj=D0T@b`Rl8E#~8GThrd)%ejBcA
zr%Jn{u~GF#Dr;83AtxP|enx)BracTS(-ncj7umNBq<zv53Ry3nGB=>-*CORVcy6DH
z+Wy!eLQ`H-eb$Gg<C{fqYK6O<JF&sqGNRSto-%L1RRi-MUigNAXps;yHMzF!BONSE
zq48}E1i{w3m(O)<vYxfb>rMS}xL7x3+=#sZH~BcM@8~EE5Bq_E<L}P8bDSv)k8~Is
zD##^2TssDtpBML6=9eKc|J&uvUwdnj`G5X8j)BZhV*Z{wT8AO?dG&&IT9Sj_(cuo>
zKawPQZ^t@NN2L8U=AVslZ1zCNJ^>0J1r+{tv0>E~e(@5HKy{<NZgSY->G2hQK%-lK
zqq_ek3Wq^WqHsCD$^_6eT1Qx<<Ap2$xOby}Ai*&t*uy{2Gu+jMMDhN9K4EhDDBK%>
z!8I1A5EdESEX2vj)0tov=;`Yi7)H<qjRa3OPiMzqPk%px_5xOL802*&60f76_5TmA
zgJsC0%8RZ4|6B9be<J$QLvaFkX!XC=6^fj`RCHc5vu3JZ^~RCbJ6Eln25McC^|owo
z_y0&`^t9NNG1KFS%&CaP43^fnii-7L?7tXBIK^&?4(><@^}$+xuREYCYO_rtR$YOb
zqvVn4ap9u){VvR1!A6R?eAFXpd^BvcdB*DP&IymcNz<mrGqzqoyT0{<awf7#DPG(x
zbV%R%0hjicuct;M&OB}0U2b+utUM*B+A{NNtCY~?pRD9VoE2w>H2k7}_CHWsS8o2q
zbCkKp+Rs13=I#;J_w@I`rwm)YS~lOk%~X1g*FE~ao|QuS0pW}dmih<cxxZ-q@I4Uy
z^@h=tuLqTREAt;w^>aq3nEqf`B>Fdi=wG9Xi(Ca5P7H<3)?Z%&peuUh%NPzeYFD<o
z0^l_Q-V=34UCC*d2%7_kTK_i~TVhc@7K`$8|2w;b7aFj3AW;A>je^e+a@OXE#0&k(
zG=C(Q0B1)9X?G=3Vp*22K+Dc|Q6h#G?}+Zqb;z+tZBZN4ik%AVB6n9=cTYET4Jv?A
zkdsN$<FMR#)|7!K-0@eFlD!)qMtMEm#3>cQC4-8vFN*i^clTe;?|Xts*C3J@Tr?9N
z0AAojdE~fI4sZc%X2!+MyxGjyP+DGk-EXbORddtt$?L!q*GqT0M{7T!R9|#ee_)Fh
zz$?@$-zd<=3XgX;(7xQ3Ik)cmhr?0E9eLAPU)n6kW6tH}4xX;xmKEaD%g1B#qoZD$
zj5y*~CKzD#lAxfaKyk-4_D71Ya>fY#S)YKhsmv(#m&%jjzN3#g_Zu3urr+ZdJAbQl
zukiFi(RklOWLnzp9c$G-c5UJld_Y5Uq;9e_;%7yA!SEi5K5pqle!))?y7>j0-mqVX
z%zqj%|G%H>4hh0jSZvzzQ<x0l4R^g8C@JhItX(>VRYUe?0f?3t5#%`d91M<?=TNfP
zuPDqVBC5-CNxd5>mvF{#UL9FHMLdWAr-*9F7*^`k?Gt9B#qIM>%5+7pPsp_`KVn&%
zE4PW|UhTCXEkAI|Xa?6@B>H;LEtJ{lWwy>t-<d(3*o>4Eci|yNuFCEQl{BJc$qjyu
z%^^27K77kbzT@(>g6Ojb>^-z%J|b(Yd#d8LH3_KjUueAVhTxxql=KJ;)n92zgm$PG
zb(G1LOq?d$yzkr36`n<R{ui^7GO7e)jfO?$zn3pyszBGtf$toajsWs<;O9T7;{T<*
z_@DAeu`ng2c(~HJU9?x;8>^dk?W@z!=dG3OofF4?x1r2)Imov5>*u0oxkLxSA&D#b
zI^`+fs;#O@tBlL%QX(mAM#ptuyE(BrKHNojp|j^(Z-W!%`mHP<3|not9uysrOySA?
z@HO}N9R<TqU1u)~<HspO0p^=K5<MgC1x%H9F$cena4@!hl6ISIZ*Ixtd69`?-V^Se
z1C!+V@nhBfNPo9lCD%N*W>RCU_s9q3Bcqcqu1-vST3_59a$JFnk5}t{urSw}lP_84
zu1Z+kOL>Mj>`!twNYL<%y+3DgQ!;YP-BZ`-vz~V765WH|u~J43Y{(9}p+No6VT0nK
zw8LYTLn3U8`6C15kJBgvq%+b7Wn?I*f6S8(Zh(}*TRJM5Bb*}`Pdb$T`o`<`Bq9q*
zc~wSU4>1Y&b>OQ+`ClJQ{I_5FNuR{6N{j!S`Tl<{!D>Pih~VLlUFFNXrE55Hs)a<W
zgU9@HNTS57U<h1vG{S=I{sz7Un6UfyjX-Og;6%~hK5hEF);9OdK%YvtX`LJAlcEot
z6Lc-UnntOF2927Vu3MXm^~xEGq`Wl?Ur=1X5$$~U`wp1_3HSB~3bYb060LDU0_C@c
z)F^E$M)j4Z58KbXJv1wB^0i6g3azR>-(fQ%aMrlErX`s<vgzhLti_P}&yb*B0D}H^
z%D1F|lwVc)C*?O)0?IGExPFoHbrn_I9z;OI?#l?0fLRzT%ek0vW;2L5Ex0Nos3O0L
zUP4rYh_IAL&IrDR0G+fvwdoViHws=(mUN5ky_uFcckyv=;tzc+OV7vr)1%+k{-6~4
zoSl;x?LwYx-E`rqy3zXZkmkY|7C-Vc%-Svt#WtEQe$2CN3Rm2pjhqbr(V?~Zew%Me
zd5r3d_KR9`veAX5&e&kDNEN?Stu#Eo`SJm+F9K{=w?AlIYu<gRy7O+%Zc|-dY{u7w
z0jY_#gOR1XWM1!=FWL2GeWbyGkO0--n`iX*x_j;(3(^v}a(64&#n!g9)|8u#teIU3
zSfAW_qcBz_mpm{&U30^q-HUqTSL>p4d$;Y7kkGk*+&_b^BE#mOT>Uk-t-d{Mrwo1=
zcv0rLo!9doF>|fobi=3aLI&G!9o6o^zT-1G+5I8Tbs`rX1u1r44H@l;Lmfq18_(&M
zcGTNzaYS!j(@oR*eOMz(_iirqOFa0rd_O1=!?7|IBmQ6INF`yD<*B%-a(kz&TNFse
z{h%|wP|$1V<SNru`fV}kAyn1$Hhlv0U3yJa^pfvC_*C`m)3iN18+W6OZgTd1+j}bY
z7NsP;Fb1bV)hTj5xELH6?k{0C+6RM#@5S;Uk#&2+-Si2B-RybAr66fnack#f2Z&$1
z$^X*ctv&z|&EBkv2*OUsX%W%P9wL%@m;5D;A9)Smyqn1Me@oMdG`3Qfy*aV#vh(Ms
zr{-ePrqtj=X!ZQ(a}UHeO8hK$9<68<wpW~db=I&(x#<Ciz|RSbUcT>xQPQ{;BcU6^
z3?7jKXFcIs#oMWtwEx2uic{Rs72@YsxZ)FV1rgR(Md}t^@j8jC%*-AlRsclU+J$4~
zrb8l|Dxvne)ho0olI#hzUst-Qy}7cA+v_Bf_C>;>rc&%N!ihU9Khu9noT8>+7gOSD
zwDS036&I5<tV??63%(9HGR3&RL_YHI5k(&JT@jO!J^Z80Rpk9c&nr(_!?ooU(;!y?
zA;7UxTg<sB9;mID!k^lr)G+Xv@)x!3qU0(wS0;%q3#Mq6r`=xBIg9O_cMa<3dB=U(
zcCARw>u<O86B*W7f`>3#n<yiS?p&5Mf4}ij#vAIp$=%ca+D*!9jui<#x=g>bAyRS|
ztw6!sxsjgPvJ5M~(67y&*$kMBV&3415H7m1qUpFTw9Q68Z^n!^h)l=DI;fGm4;A@P
z<~!b(QxoB(3iUB28>o3cXDyt?;~nQu9-uPQ>NFj$T*I`+cVe4fdia|HwGA@cGb2PY
zsqV~OuX3Dqc1gVGZSr2pJlWUQ92an)3)c`?FcCYic|?nl&FsVes^R?1Oi74ddwx>X
z`PW;m3(loqIL&mnc((E6^rnN`+ooKfY9f(?K_hpJOg?4^Yi%u$PTjXIGAU&)>D(TH
z_xj;cmzgG>?mn$lB-?&=K9kCRio>>ayxgO5TjTQyZep<SW@qH5VE5fq&plhbGPndi
z6QtbvKbxdp9o-S-A+Hti#5bAwR=Vu)?pukT79~|I(05mW?-tX;O5Y)hQ@o@|&0Oxg
zX1nd3z;{eBoPs6GeFqV@l>CGEN2DsgPJodri!P5;l==;KvmMy^!*Om)ky@(a)<p>s
zE&hs_t_~4*?_UMco`mT7C*oCrxY)=3V~w_!f)KH4_o|3sHyzxz9Ff!r72p|Bi0F3B
zAUnDFfun-Rr>Lq%4HHwX!y$rc@$A=W&7mTte^rDb4~m^(TOn2!n8qG9LgU1ii-m}E
jC+Ys?K0cEBGFG_H9=Hz$L_@X)Wby^h?}`Ciuk?Qa`rl0}

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/tls1.2.trace b/testing/btest/Traces/tls/tls1.2.trace
similarity index 100%
rename from testing/btest/Traces/tls1.2.trace
rename to testing/btest/Traces/tls/tls1.2.trace
diff --git a/testing/btest/bifs/x509_verify.bro b/testing/btest/bifs/x509_verify.bro
new file mode 100644
index 0000000000..7fe9a69c6e
--- /dev/null
+++ b/testing/btest/bifs/x509_verify.bro
@@ -0,0 +1,25 @@
+# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT 
+# @TEST-EXEC: btest-diff .stdout
+
+event ssl_established(c: connection) &priority=3
+	{
+	local chain: vector of opaque of x509 = vector();
+	for ( i in c$ssl$cert_chain )
+		{
+		chain[i] = c$ssl$cert_chain[i]$x509$handle;
+		}
+
+	local result = x509_verify(chain, SSL::root_certs);
+	print fmt("Validation result: %s", result$result_string);
+	if ( result$result != 0 ) # not ok
+		return;
+
+	print "Resulting chain:";
+	for ( i in result$chain_certs )
+		{
+		local cert = result$chain_certs[i];
+		local certinfo = x509_parse(cert);
+		local sha1 = sha1_hash(x509_get_certificate_string(cert));
+		print fmt("Fingerprint: %s, Subject: %s", sha1, certinfo$subject);
+		}
+	}
diff --git a/testing/btest/scripts/base/protocols/ftp/gridftp.test b/testing/btest/scripts/base/protocols/ftp/gridftp.test
index 494729cf5f..18b3bd956b 100644
--- a/testing/btest/scripts/base/protocols/ftp/gridftp.test
+++ b/testing/btest/scripts/base/protocols/ftp/gridftp.test
@@ -2,6 +2,7 @@
 # @TEST-EXEC: btest-diff notice.log
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff x509.log
 
 @load base/protocols/ftp/gridftp
 
diff --git a/testing/btest/scripts/base/protocols/ssl/basic.test b/testing/btest/scripts/base/protocols/ssl/basic.test
index 94b0e87ec1..05dad1dca7 100644
--- a/testing/btest/scripts/base/protocols/ssl/basic.test
+++ b/testing/btest/scripts/base/protocols/ssl/basic.test
@@ -1,4 +1,5 @@
 # This tests a normal SSL connection and the log it outputs.
 
-# @TEST-EXEC: bro -r $TRACES/tls-conn-with-extensions.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
 # @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff x509.log
diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test
index be1a2c2c2d..d69bd31563 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test
@@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -r $TRACES/tls1.2.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
 event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) 
diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test
index 9cceca70b1..74acf3224a 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test
@@ -1,2 +1,2 @@
-# @TEST-EXEC: bro -r $TRACES/tls-1.2-handshake-failure.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT
 # @TEST-EXEC: btest-diff ssl.log
diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test
index d2f82c4bc0..7434b289cc 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test
@@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -r $TRACES/tls1.2.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
 event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) 
diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test
index 25b9083587..4c577db403 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test
@@ -1,2 +1,3 @@
-# @TEST-EXEC: bro -r $TRACES/tls1.2.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
 # @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff x509.log
diff --git a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test
index c5e0b1b407..425afbb2c8 100644
--- a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test
+++ b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test
@@ -1,7 +1,7 @@
-# @TEST-EXEC: bro -r $TRACES/tls1.2.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
-event x509_extension(c: connection, is_orig: bool, cert:X509, extension: X509_extension_info) 
+event x509_extension(f: fa_file, extension: X509::Extension)
 {
 	# The formatting of CRL Distribution Points varies between OpenSSL versions. Skip it
 	# for the test.
diff --git a/testing/btest/scripts/policy/misc/dump-events.bro b/testing/btest/scripts/policy/misc/dump-events.bro
index e91d234d21..59834b6854 100644
--- a/testing/btest/scripts/policy/misc/dump-events.bro
+++ b/testing/btest/scripts/policy/misc/dump-events.bro
@@ -1,6 +1,6 @@
-# @TEST-EXEC: bro -r $TRACES/ssl.v3.trace policy/misc/dump-events.bro >all-events.log
-# @TEST-EXEC: bro -r $TRACES/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include_args=F >all-events-no-args.log
-# @TEST-EXEC: bro -r $TRACES/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include=/ssl_/ >ssl-events.log
+# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro >all-events.log
+# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include_args=F >all-events-no-args.log
+# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include=/ssl_/ >ssl-events.log
 # 
 # @TEST-EXEC: btest-diff all-events.log
 # @TEST-EXEC: btest-diff all-events-no-args.log
diff --git a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.bro b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.bro
new file mode 100644
index 0000000000..9278e11de0
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.bro
@@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT
+# @TEST-EXEC: btest-diff notice.log
+
+@load protocols/ssl/expiring-certs
+
+redef SSL::notify_certs_expiration = ALL_HOSTS;
+
diff --git a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.bro b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.bro
index acc414a33c..ad99e2e143 100644
--- a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.bro
+++ b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.bro
@@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -r $TRACES/ssl.v3.trace %INPUT 
+# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT
 # @TEST-EXEC: btest-diff certs-remote.pem
 
 @load protocols/ssl/extract-certs-pem
diff --git a/testing/btest/scripts/policy/protocols/ssl/known-certs.bro b/testing/btest/scripts/policy/protocols/ssl/known-certs.bro
new file mode 100644
index 0000000000..f5ff187164
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/ssl/known-certs.bro
@@ -0,0 +1,9 @@
+# @TEST-EXEC: bro -r $TRACES/tls/google-duplicate.trace %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff x509.log
+# @TEST-EXEC: btest-diff known_certs.log
+
+@load protocols/ssl/known-certs
+
+redef Known::cert_tracking = ALL_HOSTS;
+
diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
new file mode 100644
index 0000000000..56408483f0
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
@@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+
+@load protocols/ssl/validate-certs

From 3f52eeacdad1ca03ab2d850ff8e3529065efeac7 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 13 Mar 2014 15:41:57 -0700
Subject: [PATCH 13/18] Fix dump-events - it cannot be used with ssl anymore,
 because openssl does not give the same string results in all versions.

Add leak test for x509 verify and fix small leak (type).
---
 src/file_analysis/analyzer/x509/functions.bif |   2 +-
 .../all-events-no-args.log                    | 231 ++---
 .../all-events.log                            | 907 ++++++++++--------
 .../smtp-events.log                           | 190 ++++
 .../ssl-events.log                            |  60 --
 testing/btest/core/leaks/x509_verify.bro      |  27 +
 .../btest/scripts/policy/misc/dump-events.bro |   8 +-
 7 files changed, 827 insertions(+), 598 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
 delete mode 100644 testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log
 create mode 100644 testing/btest/core/leaks/x509_verify.bro

diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index 40af444a98..e20028cc60 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -209,7 +209,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 			}
 		
 		int num_certs = sk_X509_num(chain);
-		chainVector = new VectorVal(new VectorType(base_type(TYPE_ANY)));
+		chainVector = new VectorVal(internal_type("any_vec")->AsVectorType());
 
 		for ( int i = 0; i < num_certs; i++ ) 
 			{
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
index 4e01411971..6de44b1fbf 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
@@ -1,117 +1,118 @@
          0.000000 bro_init
          0.000000 filter_change_tracking
-1170717505.366729 ChecksumOffloading::check
-1170717505.366729 filter_change_tracking
-1170717505.366729 new_connection
-1170717505.548308 connection_established
-1170717505.549109 protocol_confirmation
-1170717505.549109 ssl_client_hello
-1170717505.734145 ssl_server_hello
-1170717505.735416 get_file_handle
-1170717505.735416 file_new
-1170717505.735416 file_over_new_connection
-1170717505.735416 x509_certificate
-1170717505.735416 x509_extension
-1170717505.735416 x509_ext_basic_constraints
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 file_hash
-1170717505.735416 file_hash
-1170717505.735416 file_state_remove
-1170717505.735416 get_file_handle
-1170717505.735416 file_new
-1170717505.735416 file_over_new_connection
-1170717505.735416 x509_certificate
-1170717505.735416 x509_extension
-1170717505.735416 x509_ext_basic_constraints
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 file_hash
-1170717505.735416 file_hash
-1170717505.735416 file_state_remove
-1170717505.934612 ssl_established
-1170717508.515696 new_connection
-1170717508.696747 connection_established
-1170717508.697180 protocol_confirmation
-1170717508.697180 ssl_client_hello
-1170717508.881857 ssl_server_hello
-1170717508.883051 get_file_handle
-1170717508.883051 file_new
-1170717508.883051 file_over_new_connection
-1170717508.883051 x509_certificate
-1170717508.883051 x509_extension
-1170717508.883051 x509_ext_basic_constraints
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 file_hash
-1170717508.883051 file_hash
-1170717508.883051 file_state_remove
-1170717508.883051 get_file_handle
-1170717508.883051 file_new
-1170717508.883051 file_over_new_connection
-1170717508.883051 x509_certificate
-1170717508.883051 x509_extension
-1170717508.883051 x509_ext_basic_constraints
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 file_hash
-1170717508.883051 file_hash
-1170717508.883051 file_state_remove
-1170717509.082241 ssl_established
-1170717511.541455 new_connection
-1170717511.722589 connection_established
-1170717511.722913 protocol_confirmation
-1170717511.722913 ssl_client_hello
-1170717511.908619 ssl_server_hello
-1170717511.909717 get_file_handle
-1170717511.909717 file_new
-1170717511.909717 file_over_new_connection
-1170717511.909717 x509_certificate
-1170717511.909717 x509_extension
-1170717511.909717 x509_ext_basic_constraints
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 file_hash
-1170717511.909717 file_hash
-1170717511.909717 file_state_remove
-1170717511.909717 get_file_handle
-1170717511.909717 file_new
-1170717511.909717 file_over_new_connection
-1170717511.909717 x509_certificate
-1170717511.909717 x509_extension
-1170717511.909717 x509_ext_basic_constraints
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 file_hash
-1170717511.909717 file_hash
-1170717511.909717 file_state_remove
-1170717512.108799 ssl_established
-1170717528.851698 ChecksumOffloading::check
-1170717528.851698 connection_state_remove
-1170717531.882302 net_done
-1170717531.882302 filter_change_tracking
-1170717531.882302 connection_state_remove
-1170717531.882302 connection_state_remove
-1170717531.882302 bro_done
-1170717531.882302 ChecksumOffloading::check
+1254722767.492060 protocol_confirmation
+1254722767.492060 ChecksumOffloading::check
+1254722767.492060 filter_change_tracking
+1254722767.492060 new_connection
+1254722767.492060 dns_message
+1254722767.492060 dns_request
+1254722767.492060 dns_end
+1254722767.526085 dns_message
+1254722767.526085 dns_CNAME_reply
+1254722767.526085 dns_A_reply
+1254722767.526085 dns_end
+1254722767.529046 new_connection
+1254722767.875996 connection_established
+1254722768.219663 smtp_reply
+1254722768.219663 smtp_reply
+1254722768.219663 smtp_reply
+1254722768.224809 protocol_confirmation
+1254722768.224809 smtp_request
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.568729 smtp_request
+1254722768.911081 smtp_reply
+1254722768.911655 smtp_request
+1254722769.253544 smtp_reply
+1254722769.254118 smtp_request
+1254722769.613798 smtp_reply
+1254722769.614414 smtp_request
+1254722769.956765 smtp_reply
+1254722769.957250 smtp_request
+1254722770.319708 smtp_reply
+1254722770.320203 smtp_request
+1254722770.320203 mime_begin_entity
+1254722770.661679 smtp_reply
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_begin_entity
+1254722770.692743 mime_one_header
+1254722770.692743 mime_begin_entity
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 get_file_handle
+1254722770.692743 mime_end_entity
+1254722770.692743 get_file_handle
+1254722770.692743 file_new
+1254722770.692743 file_over_new_connection
+1254722770.692743 file_state_remove
+1254722770.692743 get_file_handle
+1254722770.692743 mime_begin_entity
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692786 get_file_handle
+1254722770.692786 file_new
+1254722770.692786 file_over_new_connection
+1254722770.692804 get_file_handle
+1254722770.692804 mime_end_entity
+1254722770.692804 get_file_handle
+1254722770.692804 file_state_remove
+1254722770.692804 get_file_handle
+1254722770.692804 mime_end_entity
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 mime_begin_entity
+1254722770.692804 mime_one_header
+1254722770.692804 mime_one_header
+1254722770.692804 mime_one_header
+1254722770.692823 get_file_handle
+1254722770.692823 file_new
+1254722770.692823 file_over_new_connection
+1254722770.692823 get_file_handle
+1254722770.695115 new_connection
+1254722771.469814 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858334 get_file_handle
+1254722771.858334 mime_end_entity
+1254722771.858334 get_file_handle
+1254722771.858334 file_state_remove
+1254722771.858334 get_file_handle
+1254722771.858334 mime_end_entity
+1254722771.858334 get_file_handle
+1254722771.858334 get_file_handle
+1254722771.858334 get_file_handle
+1254722771.858334 get_file_handle
+1254722771.858334 smtp_request
+1254722772.248789 smtp_reply
+1254722774.763825 smtp_request
+1254722775.105467 smtp_reply
+1254722776.690444 new_connection
+1254722776.690444 net_done
+1254722776.690444 ChecksumOffloading::check
+1254722776.690444 connection_state_remove
+1254722776.690444 filter_change_tracking
+1254722776.690444 connection_state_remove
+1254722776.690444 connection_state_remove
+1254722776.690444 connection_state_remove
+1254722776.690444 bro_done
+1254722776.690444 ChecksumOffloading::check
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
index f383249428..dc4e0fd8e5 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
@@ -1,479 +1,550 @@
          0.000000 bro_init
          0.000000 filter_change_tracking
-1170717505.366729 ChecksumOffloading::check
-1170717505.366729 filter_change_tracking
-1170717505.366729 new_connection
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717505.366729, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717505.548308 connection_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717505.366729, duration=0.181579, service={^J^J}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717505.549109 protocol_confirmation
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] atype: enum        = Analyzer::ANALYZER_SSL
+1254722767.492060 protocol_confirmation
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] atype: enum        = Analyzer::ANALYZER_DNS
                   [2] aid: count         = 3
 
-1170717505.549109 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 2
-                  [2] possible_ts: time  = 0.0
-                  [3] client_random: string = \xe6\xb8\xef\xdf\x91\xcfD\xf7\xea\xe4<\x839\x8f\xdc\xb2
-                  [4] session_id: string = \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
+1254722767.492060 ChecksumOffloading::check
+1254722767.492060 filter_change_tracking
+1254722767.492060 new_connection
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717505.734145 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717505.366729, duration=0.367416, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717513.0
-                  [3] server_random: string = +e\x8dQ\x83\xbb\xae\xdb\xf3^\x8f^Ro\xf9&\xb1Iy\xcdp=$*\xea\x99j_\xda
-                  [4] session_id: string = \xa8\xc1\xc5h^Y$\xe8^J2\xa1]^^? \xbc^?Q>V\xb2^U^C\x9d^MU\xde\xfd\xa5\xa3 \xc0
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
+1254722767.492060 dns_message
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
+                  [3] len: count         = 34
 
-1170717505.735416 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+1254722767.492060 dns_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=<uninitialized>, qclass=<uninitialized>, qclass_name=<uninitialized>, qtype=<uninitialized>, qtype_name=<uninitialized>, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=F, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=<uninitialized>, qclass=<uninitialized>, qclass_name=<uninitialized>, qtype=<uninitialized>, qtype_name=<uninitialized>, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=F, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
+                  [2] query: string      = mail.patriots.in
+                  [3] qtype: count       = 1
+                  [4] qclass: count      = 1
 
-1170717505.735416 file_new
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+1254722767.492060 dns_end
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
 
-1170717505.735416 file_over_new_connection
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+1254722767.526085 dns_message
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=T, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
+                  [3] len: count         = 100
 
-1170717505.735416 x509_certificate
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722767.526085 dns_CNAME_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
+                  [2] ans: dns_answer    = [answer_type=1, query=mail.patriots.in, qtype=5, qclass=1, TTL=3.0 hrs 27.0 secs]
+                  [3] name: string       = patriots.in
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
+1254722767.526085 dns_A_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in], TTLs=[3.0 hrs 27.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
+                  [2] ans: dns_answer    = [answer_type=1, query=patriots.in, qtype=1, qclass=1, TTL=3.0 hrs 28.0 secs]
+                  [3] a: addr            = 74.53.140.153
 
-1170717505.735416 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
+1254722767.526085 dns_end
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in, 74.53.140.153], TTLs=[3.0 hrs 27.0 secs, 3.0 hrs 28.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
+1254722767.529046 new_connection
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
+1254722767.875996 connection_established
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.34695, service={^J^J}, addl=, hot=0, history=Sh, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 
+                  [5] cont_resp: bool    = T
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = We do not authorize the use of this system to transport unsolicited, 
+                  [5] cont_resp: bool    = T
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = and/or bulk e-mail.
+                  [5] cont_resp: bool    = F
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
-
-1170717505.735416 file_hash
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
-
-1170717505.735416 file_hash
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
-
-1170717505.735416 file_state_remove
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717505.735416 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
-
-1170717505.735416 file_new
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
-
-1170717505.735416 file_over_new_connection
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
-
-1170717505.735416 x509_certificate
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
-
-1170717505.735416 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
-
-1170717505.735416 file_hash
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
-
-1170717505.735416 file_hash
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
-
-1170717505.735416 file_state_remove
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717505.934612 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=269, state=4, num_pkts=5, num_bytes_ip=541, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717505.366729, duration=0.567883, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717508.515696 new_connection
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717508.515696, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717508.696747 connection_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717508.515696, duration=0.181051, service={^J^J}, addl=, hot=0, history=Sh, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717508.697180 protocol_confirmation
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] atype: enum        = Analyzer::ANALYZER_SSL
+1254722768.224809 protocol_confirmation
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] atype: enum        = Analyzer::ANALYZER_SMTP
                   [2] aid: count         = 7
 
-1170717508.697180 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 2486404.0
-                  [3] client_random: string = \xa8\xa2\xabs\x9ad\xab\xb4\xe6\x8c\xfc\xfc4p\xffbi\xb1\xa8hXP\x1f\xbb\xd12~\xd8
-                  [4] session_id: string = \xa8\xc1\xc5h^Y$\xe8^J2\xa1]^^? \xbc^?Q>V\xb2^U^C\x9d^MU\xde\xfd\xa5\xa3 \xc0
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
+1254722768.224809 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = EHLO
+                  [3] arg: string        = GP
 
-1170717508.881857 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717508.515696, duration=0.366161, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717516.0
-                  [3] server_random: string = ^O\xac^?x#X|hC\x8c\x87\x87e3\xaf{^K\xaa*\x8f^Px\xeb\x8d^X"G\xe9
-                  [4] session_id: string = \x9eQ\xca\xef@\xad\x85\xf9\xf0=\xbb\x8c\x1f\xdc\x866!\x80\x8c1^Rr\xe1^BB\xcb@k\xf9^W\xbc\xd9
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = xc90.websitewelcome.com Hello GP [122.162.143.157]
+                  [5] cont_resp: bool    = T
 
-1170717508.883051 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = SIZE 52428800
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = PIPELINING
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = AUTH PLAIN LOGIN
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = STARTTLS
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = HELP
+                  [5] cont_resp: bool    = F
+
+1254722768.568729 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = AUTH
+                  [3] arg: string        = LOGIN
+
+1254722768.911081 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 334
+                  [3] cmd: string        = AUTH
+                  [4] msg: string        = VXNlcm5hbWU6
+                  [5] cont_resp: bool    = F
+
+1254722768.911655 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = **
+                  [3] arg: string        = Z3VycGFydGFwQHBhdHJpb3RzLmlu
+
+1254722769.253544 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 334
+                  [3] cmd: string        = AUTH_ANSWER
+                  [4] msg: string        = UGFzc3dvcmQ6
+                  [5] cont_resp: bool    = F
+
+1254722769.254118 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = **
+                  [3] arg: string        = cHVuamFiQDEyMw==
+
+1254722769.613798 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 235
+                  [3] cmd: string        = AUTH_ANSWER
+                  [4] msg: string        = Authentication succeeded
+                  [5] cont_resp: bool    = F
+
+1254722769.614414 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = MAIL
+                  [3] arg: string        = FROM: <gurpartap@patriots.in>
+
+1254722769.956765 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = MAIL
+                  [4] msg: string        = OK
+                  [5] cont_resp: bool    = F
+
+1254722769.957250 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = RCPT
+                  [3] arg: string        = TO: <raj_deol2002in@yahoo.co.in>
+
+1254722770.319708 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = RCPT
+                  [4] msg: string        = Accepted
+                  [5] cont_resp: bool    = F
+
+1254722770.320203 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = DATA
+                  [3] arg: string        = 
+
+1254722770.320203 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722770.661679 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 354
+                  [3] cmd: string        = DATA
+                  [4] msg: string        = Enter message, ending with "." on a line by itself
+                  [5] cont_resp: bool    = F
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=FROM, value="Gurpartap Singh" <gurpartap@patriots.in>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=TO, value=<raj_deol2002in@yahoo.co.in>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=SUBJECT, value=SMTP]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=DATE, value=Mon, 5 Oct 2009 11:36:07 +0530]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=MESSAGE-ID, value=<000301ca4581$ef9e57f0$cedb07d0$@in>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=MIME-VERSION, value=1.0]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/mixed;^Iboundary="----=_NextPart_000_0004_01CA45B0.095693F0"]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=X-MAILER, value=Microsoft Office Outlook 12.0]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=THREAD-INDEX, value=AcpFgem9BvjjZEDeR1Kh8i+hUyVo0A==]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-LANGUAGE, value=en-us]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=X-CR-HASHEDPUZZLE, value=SeA= AAR2 ADaH BpiO C4G1 D1gW FNB1 FPkR Fn+W HFCP HnYJ JO7s Kum6 KytW LFcI LjUt;1;cgBhAGoAXwBkAGUAbwBsADIAMAAwADIAaQBuAEAAeQBhAGgAbwBvAC4AYwBvAC4AaQBuAA==;Sosha1_v1;7;{CAA37F59-1850-45C7-8540-AA27696B5398};ZwB1AHIAcABhAHIAdABhAHAAQABwAGEAdAByAGkAbwB0AHMALgBpAG4A;Mon, 05 Oct 2009 06:06:01 GMT;UwBNAFQAUAA=]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=X-CR-PUZZLEID, value={CAA37F59-1850-45C7-8540-AA27696B5398}]
+
+1254722770.692743 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/alternative;^Iboundary="----=_NextPart_001_0005_01CA45B0.095693F0"]
+
+1254722770.692743 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;^Icharset="us-ascii"]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=7bit]
+
+1254722770.692743 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717508.883051 file_new
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+1254722770.692743 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717508.883051 file_over_new_connection
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692743 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722770.692743 file_new
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J^M^J, mime_type=text/plain, info=<uninitialized>, u2_events=<uninitialized>]
+
+1254722770.692743 file_over_new_connection
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J^M^J, mime_type=text/plain, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717508.883051 x509_certificate
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722770.692743 file_state_remove
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=79, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J^M^J, mime_type=text/plain, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=3, analyzers={^J^J}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
 
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
-
-1170717508.883051 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
-
-1170717508.883051 file_hash
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
-
-1170717508.883051 file_hash
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
-
-1170717508.883051 file_state_remove
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717508.883051 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692743 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717508.883051 file_new
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+1254722770.692743 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717508.883051 file_over_new_connection
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/html;^Icharset="us-ascii"]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=quoted-printable]
+
+1254722770.692786 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=3070, state=4, num_pkts=10, num_bytes_ip=2018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.16374, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717508.883051 x509_certificate
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722770.692786 file_new
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=3070, state=4, num_pkts=10, num_bytes_ip=2018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.16374, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692786, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">^M^J^M^J<head>^M^J<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii">^M^J<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">^M^J<style>^M^J<!--^M^J /* Font Definitions */^M^J @font-face^M^J^I{font-family:"Cambria Math";^M^J^Ipanose-1:2 4 5 3 5 4 6 3 2 4;}^M^J@font-face^M^J^I{font-family:Calibri;^M^J^Ipanose-1:2 15 5 2 2 2 4 3 2 4;}^M^J /* Style Definitions */^M^J p.MsoNormal, li.MsoNormal, div.MsoNormal^M^J^I{margin:0in;^M^J^Imargin-bottom:.0001pt;^M^J^Ifont-size:11.0pt;^M^J^Ifont-family:"Calibri","sans-serif";}^M^Ja:link, span.MsoHyperlink^M^J^I{mso-style-priority:99;^M^J^Icolor:blue;^M^J^Itext-decoration:underline;}^M^Ja:visited, span.MsoHyperlinkFollowed^M^J^I{mso-style-priority:99;^M^J^Icolor:purple;^M^J^Itext-decoration:underline;}^M^Jspan.EmailStyle17^M^J^I{mso-style-type:personal-c, mime_type=text/html, info=<uninitialized>, u2_events=<uninitialized>]
 
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
-
-1170717508.883051 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
-
-1170717508.883051 file_hash
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
-
-1170717508.883051 file_hash
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
-
-1170717508.883051 file_state_remove
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717509.082241 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717508.515696, duration=0.566545, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717511.541455 new_connection
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717511.541455, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717511.722589 connection_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717511.541455, duration=0.181134, service={^J^J}, addl=, hot=0, history=Sh, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717511.722913 protocol_confirmation
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] atype: enum        = Analyzer::ANALYZER_SSL
-                  [2] aid: count         = 11
-
-1170717511.722913 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 2486407.0
-                  [3] client_random: string = $^F^D\xbe/VD\xc8\xdf\xd2\xe5\x1c\xc2\xb3\xa3^Aq\xbdX\x85>\xd7\xc6\xe3\xfc\xd1\x88F
-                  [4] session_id: string = \x9eQ\xca\xef@\xad\x85\xf9\xf0=\xbb\x8c\x1f\xdc\x866!\x80\x8c1^Rr\xe1^BB\xcb@k\xf9^W\xbc\xd9
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
-
-1170717511.908619 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717511.541455, duration=0.367164, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717519.0
-                  [3] server_random: string = \xfd\x1b\x8c^S^H\xa2\xca\xac^A^O\xcbv\xe9\xbd!\x98}\x89|\xb6\xc0(\xcd\xb3^WmY^D
-                  [4] session_id: string = /\xaa(\x8eH\x1b\x1fO^GK^Z\xd9\x91\xa1T\xbc\x9c/^Q^R\xc3NY;\x8e^N\xd2\xec\xa6=\xc7\xb0
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
-
-1170717511.909717 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692786 file_over_new_connection
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=3070, state=4, num_pkts=10, num_bytes_ip=2018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.16374, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692786, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">^M^J^M^J<head>^M^J<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii">^M^J<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">^M^J<style>^M^J<!--^M^J /* Font Definitions */^M^J @font-face^M^J^I{font-family:"Cambria Math";^M^J^Ipanose-1:2 4 5 3 5 4 6 3 2 4;}^M^J@font-face^M^J^I{font-family:Calibri;^M^J^Ipanose-1:2 15 5 2 2 2 4 3 2 4;}^M^J /* Style Definitions */^M^J p.MsoNormal, li.MsoNormal, div.MsoNormal^M^J^I{margin:0in;^M^J^Imargin-bottom:.0001pt;^M^J^Ifont-size:11.0pt;^M^J^Ifont-family:"Calibri","sans-serif";}^M^Ja:link, span.MsoHyperlink^M^J^I{mso-style-priority:99;^M^J^Icolor:blue;^M^J^Itext-decoration:underline;}^M^Ja:visited, span.MsoHyperlinkFollowed^M^J^I{mso-style-priority:99;^M^J^Icolor:purple;^M^J^Itext-decoration:underline;}^M^Jspan.EmailStyle17^M^J^I{mso-style-type:personal-c, mime_type=text/html, info=[ts=1254722770.692786, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=text/html, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=3070, state=4, num_pkts=10, num_bytes_ip=2018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.16374, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717511.909717 file_new
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
-
-1170717511.909717 file_over_new_connection
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717511.909717 x509_certificate
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722770.692804 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
 
-1170717511.909717 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
+1254722770.692804 file_state_remove
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692804, seen_bytes=1918, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">^M^J^M^J<head>^M^J<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii">^M^J<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">^M^J<style>^M^J<!--^M^J /* Font Definitions */^M^J @font-face^M^J^I{font-family:"Cambria Math";^M^J^Ipanose-1:2 4 5 3 5 4 6 3 2 4;}^M^J@font-face^M^J^I{font-family:Calibri;^M^J^Ipanose-1:2 15 5 2 2 2 4 3 2 4;}^M^J /* Style Definitions */^M^J p.MsoNormal, li.MsoNormal, div.MsoNormal^M^J^I{margin:0in;^M^J^Imargin-bottom:.0001pt;^M^J^Ifont-size:11.0pt;^M^J^Ifont-family:"Calibri","sans-serif";}^M^Ja:link, span.MsoHyperlink^M^J^I{mso-style-priority:99;^M^J^Icolor:blue;^M^J^Itext-decoration:underline;}^M^Ja:visited, span.MsoHyperlinkFollowed^M^J^I{mso-style-priority:99;^M^J^Icolor:purple;^M^J^Itext-decoration:underline;}^M^Jspan.EmailStyle17^M^J^I{mso-style-type:personal-c, mime_type=text/html, info=[ts=1254722770.692786, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=4, analyzers={^J^J}, mime_type=text/html, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
-
-1170717511.909717 file_hash
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
-
-1170717511.909717 file_hash
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
-
-1170717511.909717 file_state_remove
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717511.909717 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717511.909717 file_new
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+1254722770.692804 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717511.909717 file_over_new_connection
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717511.909717 x509_certificate
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722770.692804 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
+1254722770.692804 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;^Iname="NEWS.txt"]
 
-1170717511.909717 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
+1254722770.692804 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=quoted-printable]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
+1254722770.692804 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-DISPOSITION, value=attachment;^Ifilename="NEWS.txt"]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
+1254722770.692823 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
+1254722770.692823 file_new
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692823, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: 20^M^J  - Strip executable^M^J  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, 20^M^J    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J  - Enable use of processor specific built-in function, mime_type=text/plain, info=<uninitialized>, u2_events=<uninitialized>]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
+1254722770.692823 file_over_new_connection
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692823, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: 20^M^J  - Strip executable^M^J  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, 20^M^J    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J  - Enable use of processor specific built-in function, mime_type=text/plain, info=[ts=1254722770.692823, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
+1254722770.692823 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717511.909717 file_hash
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
+1254722770.695115 new_connection
+                  [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717511.909717 file_hash
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
+1254722771.469814 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=7410, state=4, num_pkts=17, num_bytes_ip=12486, flow_label=0], resp=[size=462, state=4, num_pkts=12, num_bytes_ip=950, flow_label=0], start_time=1254722767.529046, duration=3.940768, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717511.909717 file_state_remove
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+1254722771.494181 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=8862, state=4, num_pkts=18, num_bytes_ip=13978, flow_label=0], resp=[size=462, state=4, num_pkts=13, num_bytes_ip=990, flow_label=0], start_time=1254722767.529046, duration=3.965135, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717512.108799 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717511.541455, duration=0.567344, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722771.494181 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=8862, state=4, num_pkts=18, num_bytes_ip=13978, flow_label=0], resp=[size=462, state=4, num_pkts=13, num_bytes_ip=990, flow_label=0], start_time=1254722767.529046, duration=3.965135, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717528.851698 ChecksumOffloading::check
-1170717528.851698 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=6012, state=5, num_pkts=61, num_bytes_ip=9160, flow_label=0], resp=[size=121583, state=5, num_pkts=101, num_bytes_ip=126847, flow_label=0], start_time=1170717508.515696, duration=3.001729, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFRfR, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722771.494199 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=10314, state=4, num_pkts=19, num_bytes_ip=15470, flow_label=0], resp=[size=462, state=4, num_pkts=13, num_bytes_ip=990, flow_label=0], start_time=1254722767.529046, duration=3.965153, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717531.882302 net_done
-                  [0] t: time            = 1170717531.882302
+1254722771.834628 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=11766, state=4, num_pkts=20, num_bytes_ip=16962, flow_label=0], resp=[size=462, state=4, num_pkts=14, num_bytes_ip=1030, flow_label=0], start_time=1254722767.529046, duration=4.305582, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717531.882302 filter_change_tracking
-1170717531.882302 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=4879, state=5, num_pkts=32, num_bytes_ip=6555, flow_label=0], resp=[size=32965, state=6, num_pkts=36, num_bytes_ip=34813, flow_label=0], start_time=1170717505.366729, duration=23.667015, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFr, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722771.834655 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=13218, state=4, num_pkts=21, num_bytes_ip=18454, flow_label=0], resp=[size=462, state=4, num_pkts=14, num_bytes_ip=1030, flow_label=0], start_time=1254722767.529046, duration=4.305609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717531.882302 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=842, state=5, num_pkts=11, num_bytes_ip=1414, flow_label=0], resp=[size=3613, state=5, num_pkts=11, num_bytes_ip=4197, flow_label=0], start_time=1170717511.541455, duration=20.340781, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFfR, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722771.834655 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=13218, state=4, num_pkts=21, num_bytes_ip=18454, flow_label=0], resp=[size=462, state=4, num_pkts=14, num_bytes_ip=1030, flow_label=0], start_time=1254722767.529046, duration=4.305609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717531.882302 bro_done
-1170717531.882302 ChecksumOffloading::check
+1254722771.858316 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14670, state=4, num_pkts=22, num_bytes_ip=19946, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.32927, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722771.858334 file_state_remove
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722771.858334, seen_bytes=10823, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: 20^M^J  - Strip executable^M^J  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, 20^M^J    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J  - Enable use of processor specific built-in function, mime_type=text/plain, info=[ts=1254722770.692823, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=5, analyzers={^J^J}, mime_type=text/plain, filename=NEWS.txt, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = .
+                  [3] arg: string        = .
+
+1254722772.248789 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = .
+                  [4] msg: string        = OK id=1Mugho-0003Dg-Un
+                  [5] cont_resp: bool    = F
+
+1254722774.763825 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = QUIT
+                  [3] arg: string        = 
+
+1254722775.105467 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 221
+                  [3] cmd: string        = QUIT
+                  [4] msg: string        = xc90.websitewelcome.com closing connection
+                  [5] cont_resp: bool    = F
+
+1254722776.690444 new_connection
+                  [0] c: connection      = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CsRx2w45OKnoww6xl4, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 net_done
+                  [0] t: time            = 1254722776.690444
+
+1254722776.690444 ChecksumOffloading::check
+1254722776.690444 connection_state_remove
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=1, num_bytes_ip=128, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 filter_change_tracking
+1254722776.690444 connection_state_remove
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0], resp=[size=538, state=5, num_pkts=25, num_bytes_ip=1546, flow_label=0], start_time=1254722767.529046, duration=7.576953, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaFf, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=221 xc90.websitewelcome.com closing connection, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 connection_state_remove
+                  [0] c: connection      = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=201, state=1, num_pkts=1, num_bytes_ip=229, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CsRx2w45OKnoww6xl4, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 connection_state_remove
+                  [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_bytes_ip=2304, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.001519, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 bro_done
+1254722776.690444 ChecksumOffloading::check
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
new file mode 100644
index 0000000000..4e01996097
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
@@ -0,0 +1,190 @@
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 
+                  [5] cont_resp: bool    = T
+
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = We do not authorize the use of this system to transport unsolicited, 
+                  [5] cont_resp: bool    = T
+
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = and/or bulk e-mail.
+                  [5] cont_resp: bool    = F
+
+1254722768.224809 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = EHLO
+                  [3] arg: string        = GP
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = xc90.websitewelcome.com Hello GP [122.162.143.157]
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = SIZE 52428800
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = PIPELINING
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = AUTH PLAIN LOGIN
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = STARTTLS
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = HELP
+                  [5] cont_resp: bool    = F
+
+1254722768.568729 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = AUTH
+                  [3] arg: string        = LOGIN
+
+1254722768.911081 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 334
+                  [3] cmd: string        = AUTH
+                  [4] msg: string        = VXNlcm5hbWU6
+                  [5] cont_resp: bool    = F
+
+1254722768.911655 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = **
+                  [3] arg: string        = Z3VycGFydGFwQHBhdHJpb3RzLmlu
+
+1254722769.253544 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 334
+                  [3] cmd: string        = AUTH_ANSWER
+                  [4] msg: string        = UGFzc3dvcmQ6
+                  [5] cont_resp: bool    = F
+
+1254722769.254118 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = **
+                  [3] arg: string        = cHVuamFiQDEyMw==
+
+1254722769.613798 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 235
+                  [3] cmd: string        = AUTH_ANSWER
+                  [4] msg: string        = Authentication succeeded
+                  [5] cont_resp: bool    = F
+
+1254722769.614414 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = MAIL
+                  [3] arg: string        = FROM: <gurpartap@patriots.in>
+
+1254722769.956765 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = MAIL
+                  [4] msg: string        = OK
+                  [5] cont_resp: bool    = F
+
+1254722769.957250 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = RCPT
+                  [3] arg: string        = TO: <raj_deol2002in@yahoo.co.in>
+
+1254722770.319708 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = RCPT
+                  [4] msg: string        = Accepted
+                  [5] cont_resp: bool    = F
+
+1254722770.320203 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = DATA
+                  [3] arg: string        = 
+
+1254722770.661679 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 354
+                  [3] cmd: string        = DATA
+                  [4] msg: string        = Enter message, ending with "." on a line by itself
+                  [5] cont_resp: bool    = F
+
+1254722771.858334 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = .
+                  [3] arg: string        = .
+
+1254722772.248789 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = .
+                  [4] msg: string        = OK id=1Mugho-0003Dg-Un
+                  [5] cont_resp: bool    = F
+
+1254722774.763825 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = QUIT
+                  [3] arg: string        = 
+
+1254722775.105467 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 221
+                  [3] cmd: string        = QUIT
+                  [4] msg: string        = xc90.websitewelcome.com closing connection
+                  [5] cont_resp: bool    = F
+
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log
deleted file mode 100644
index 1cab8fa5f2..0000000000
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log
+++ /dev/null
@@ -1,60 +0,0 @@
-1170717505.549109 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 2
-                  [2] possible_ts: time  = 0.0
-                  [3] client_random: string = \xe6\xb8\xef\xdf\x91\xcfD\xf7\xea\xe4<\x839\x8f\xdc\xb2
-                  [4] session_id: string = \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
-
-1170717505.734145 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717505.366729, duration=0.367416, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717513.0
-                  [3] server_random: string = +e\x8dQ\x83\xbb\xae\xdb\xf3^\x8f^Ro\xf9&\xb1Iy\xcdp=$*\xea\x99j_\xda
-                  [4] session_id: string = \xa8\xc1\xc5h^Y$\xe8^J2\xa1]^^? \xbc^?Q>V\xb2^U^C\x9d^MU\xde\xfd\xa5\xa3 \xc0
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
-
-1170717505.934612 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=269, state=4, num_pkts=5, num_bytes_ip=541, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717505.366729, duration=0.567883, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717508.697180 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 2486404.0
-                  [3] client_random: string = \xa8\xa2\xabs\x9ad\xab\xb4\xe6\x8c\xfc\xfc4p\xffbi\xb1\xa8hXP\x1f\xbb\xd12~\xd8
-                  [4] session_id: string = \xa8\xc1\xc5h^Y$\xe8^J2\xa1]^^? \xbc^?Q>V\xb2^U^C\x9d^MU\xde\xfd\xa5\xa3 \xc0
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
-
-1170717508.881857 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717508.515696, duration=0.366161, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717516.0
-                  [3] server_random: string = ^O\xac^?x#X|hC\x8c\x87\x87e3\xaf{^K\xaa*\x8f^Px\xeb\x8d^X"G\xe9
-                  [4] session_id: string = \x9eQ\xca\xef@\xad\x85\xf9\xf0=\xbb\x8c\x1f\xdc\x866!\x80\x8c1^Rr\xe1^BB\xcb@k\xf9^W\xbc\xd9
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
-
-1170717509.082241 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717508.515696, duration=0.566545, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717511.722913 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 2486407.0
-                  [3] client_random: string = $^F^D\xbe/VD\xc8\xdf\xd2\xe5\x1c\xc2\xb3\xa3^Aq\xbdX\x85>\xd7\xc6\xe3\xfc\xd1\x88F
-                  [4] session_id: string = \x9eQ\xca\xef@\xad\x85\xf9\xf0=\xbb\x8c\x1f\xdc\x866!\x80\x8c1^Rr\xe1^BB\xcb@k\xf9^W\xbc\xd9
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
-
-1170717511.908619 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717511.541455, duration=0.367164, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717519.0
-                  [3] server_random: string = \xfd\x1b\x8c^S^H\xa2\xca\xac^A^O\xcbv\xe9\xbd!\x98}\x89|\xb6\xc0(\xcd\xb3^WmY^D
-                  [4] session_id: string = /\xaa(\x8eH\x1b\x1fO^GK^Z\xd9\x91\xa1T\xbc\x9c/^Q^R\xc3NY;\x8e^N\xd2\xec\xa6=\xc7\xb0
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
-
-1170717512.108799 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717511.541455, duration=0.567344, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
diff --git a/testing/btest/core/leaks/x509_verify.bro b/testing/btest/core/leaks/x509_verify.bro
new file mode 100644
index 0000000000..5dd1e97f4e
--- /dev/null
+++ b/testing/btest/core/leaks/x509_verify.bro
@@ -0,0 +1,27 @@
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 15
+
+@load base/protocols/ssl
+
+event ssl_established(c: connection) &priority=3
+	{
+	local chain: vector of opaque of x509 = vector();
+	for ( i in c$ssl$cert_chain )
+		{
+		chain[i] = c$ssl$cert_chain[i]$x509$handle;
+		}
+
+	local result = x509_verify(chain, SSL::root_certs);
+	print fmt("Validation result: %s", result$result_string);
+	if ( result$result != 0 ) # not ok
+		return;
+
+	print "Resulting chain:";
+	for ( i in result$chain_certs )
+		{
+		local cert = result$chain_certs[i];
+		local certinfo = x509_parse(cert);
+		local sha1 = sha1_hash(x509_get_certificate_string(cert));
+		print fmt("Fingerprint: %s, Subject: %s", sha1, certinfo$subject);
+		}
+	}
diff --git a/testing/btest/scripts/policy/misc/dump-events.bro b/testing/btest/scripts/policy/misc/dump-events.bro
index 59834b6854..49d3a47aee 100644
--- a/testing/btest/scripts/policy/misc/dump-events.bro
+++ b/testing/btest/scripts/policy/misc/dump-events.bro
@@ -1,7 +1,7 @@
-# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro >all-events.log
-# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include_args=F >all-events-no-args.log
-# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include=/ssl_/ >ssl-events.log
+# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro >all-events.log
+# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro DumpEvents::include_args=F >all-events-no-args.log
+# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro DumpEvents::include=/smtp_/ >smtp-events.log
 # 
 # @TEST-EXEC: btest-diff all-events.log
 # @TEST-EXEC: btest-diff all-events-no-args.log
-# @TEST-EXEC: btest-diff ssl-events.log
+# @TEST-EXEC: btest-diff smtp-events.log

From d42d9bbc3fda1b3424cf715b590c1c78874c53d6 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 13 Mar 2014 16:10:59 -0700
Subject: [PATCH 14/18] (hopefully) last change -> return real opaque vec
 instead of any_vec

---
 src/file_analysis/analyzer/x509/functions.bif | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index e20028cc60..df0832616d 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -209,7 +209,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 			}
 		
 		int num_certs = sk_X509_num(chain);
-		chainVector = new VectorVal(internal_type("any_vec")->AsVectorType());
+		chainVector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType());
 
 		for ( int i = 0; i < num_certs; i++ ) 
 			{

From 285de1390a6c513f95e81e88ca4ab405ed08ca21 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 13 Mar 2014 16:20:49 -0700
Subject: [PATCH 15/18] Forgot the preamble for the new leak test

---
 testing/btest/core/leaks/x509_verify.bro | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/testing/btest/core/leaks/x509_verify.bro b/testing/btest/core/leaks/x509_verify.bro
index 5dd1e97f4e..426a95d2c2 100644
--- a/testing/btest/core/leaks/x509_verify.bro
+++ b/testing/btest/core/leaks/x509_verify.bro
@@ -1,3 +1,9 @@
+# Needs perftools support.
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT
 # @TEST-EXEC: btest-bg-wait 15
 

From b32c7c7a882a6f0ee3a75b20f376b2ddea409ab4 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Wed, 19 Mar 2014 21:32:01 -0700
Subject: [PATCH 16/18] Add policy script to suppress non host-certificate
 logging in x509.log

Addresses BIT-1150
---
 .../protocols/ssl/log-hostcerts-only.bro      | 65 +++++++++++++++++++
 scripts/site/local.bro                        |  3 +
 scripts/test-all-policy.bro                   |  1 +
 .../x509.log                                  | 11 ++++
 .../protocols/ssl/log-hostcerts-only.bro      |  4 ++
 5 files changed, 84 insertions(+)
 create mode 100644 scripts/policy/protocols/ssl/log-hostcerts-only.bro
 create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log
 create mode 100644 testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.bro

diff --git a/scripts/policy/protocols/ssl/log-hostcerts-only.bro b/scripts/policy/protocols/ssl/log-hostcerts-only.bro
new file mode 100644
index 0000000000..75b1ae0423
--- /dev/null
+++ b/scripts/policy/protocols/ssl/log-hostcerts-only.bro
@@ -0,0 +1,65 @@
+##! When this script is loaded, only the host certificates (client and server)
+##! will be logged to x509.log. Logging of all other certificates will be suppressed.
+
+module X509;
+
+export {
+	redef record Info += {
+	# Logging is suppressed if field is set to F
+		logcert: bool &default=T;
+	};
+}
+
+# We need both the Info and the fa_file record modified.
+# The only instant when we have both, the connection and the
+# file available without having to loop is in the file_over_new_connection
+# event.
+# When that event is raised, the x509 record in f$info (which is the only
+# record the logging framework gets) is not yet available. So - we
+# have to do this two times, sorry.
+# Alternatively, we could place it info Files::Info first - but we would
+# still have to copy it.
+redef record fa_file += {
+	logcert: bool &default=T;
+};
+
+function host_certs_only(rec: X509::Info): bool
+	{
+	return rec$logcert;
+	}
+
+event bro_init() &priority=2
+	{
+	local f = Log::get_filter(X509::LOG, "default");
+	Log::remove_filter(X509::LOG, "default"); # disable default logging
+	f$pred=host_certs_only; # and add our predicate
+	Log::add_filter(X509::LOG, f);
+	}
+
+event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=2
+	{
+	if ( ! c?$ssl )
+		return;
+
+	local chain: vector of string;
+
+	if ( is_orig )
+		chain = c$ssl$client_cert_chain_fuids;
+	else
+		chain = c$ssl$cert_chain_fuids;
+
+	if ( |chain| == 0 )
+		{
+		Reporter::warning(fmt("Certificate not in chain? (fuid %s)", f$id));
+		return;
+		}
+
+	# Check if this is the host certificate
+	if ( f$id != chain[0] )
+		f$logcert=F;
+}
+
+event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=2
+	{
+	f$info$x509$logcert = f$logcert; # info record available, copy information.
+	}
diff --git a/scripts/site/local.bro b/scripts/site/local.bro
index ddaee42a93..e1a3574424 100644
--- a/scripts/site/local.bro
+++ b/scripts/site/local.bro
@@ -55,6 +55,9 @@
 # This script enables SSL/TLS certificate validation.
 @load protocols/ssl/validate-certs
 
+# This script prevents the logging of SSL CA certificates in x509.log
+@load protocols/ssl/log-hostcerts-only
+
 # Uncomment the following line to check each SSL certificate hash against the ICSI
 # certificate notary service; see http://notary.icsi.berkeley.edu .
 # @load protocols/ssl/notary
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index ee540c86bb..895a9a8901 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -86,6 +86,7 @@
 @load protocols/ssl/expiring-certs.bro
 @load protocols/ssl/extract-certs-pem.bro
 @load protocols/ssl/known-certs.bro
+@load protocols/ssl/log-hostcerts-only.bro
 #@load protocols/ssl/notary.bro
 @load protocols/ssl/validate-certs.bro
 @load tuning/__load__.bro
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log
new file mode 100644
index 0000000000..13f8280fa9
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	x509
+#open	2014-03-20-04-29-44
+#fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
+#types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
+1394747126.862409	FlaIzV19yTmBYwWwc6	2	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+1394747129.512954	FOye6a4kt8a7QChqw3	2	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+#close	2014-03-20-04-29-44
diff --git a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.bro b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.bro
new file mode 100644
index 0000000000..37f9f7592b
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.bro
@@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -r $TRACES/tls/google-duplicate.trace %INPUT
+# @TEST-EXEC: btest-diff x509.log
+
+@load protocols/ssl/log-hostcerts-only

From a185631e1e1baec69d7e783b09576d36f3fe5fbd Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Wed, 19 Mar 2014 21:46:19 -0700
Subject: [PATCH 17/18] Fix x509 certificate Version (the +1 was missing...).

This was wrong all along in the ssl protocol parser and no one ever
noticed :)

(And I missed it in the new logfiles until now *cough*)
---
 .../x509.log                                  | 28 +++++++++----------
 .../scripts.base.protocols.ssl.basic/x509.log |  8 +++---
 .../x509.log                                  | 10 +++----
 .../x509.log                                  | 16 +++++------
 .../x509.log                                  |  8 +++---
 5 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log
index 827bfd97de..02d7edf3a5 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log
@@ -3,19 +3,19 @@
 #empty_field	(empty)
 #unset_field	-
 #path	x509
-#open	2014-03-13-20-45-24
+#open	2014-03-20-04-42-11
 #fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
 #types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
-1348168976.510615	FBtbj87tgpyeDSj31	2	01	CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161979.000000	1379697979.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
-1348168976.510615	F8TfgZ31c1dFu8Kt2k	2	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
-1348168976.514202	FVNYOh2BeQBb7MpCPe	2	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
-1348168976.514202	FwjBou1e5DbpE0eOgk	2	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
-1348168976.514202	FbYQmk4x4M4Bx3PZme	2	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
-1348168976.551554	F4SSqN31HDIrrH5Q8h	2	3792E385	CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348168676.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
-1348168976.551554	FJHp5Pf6VLQsRQK3	2	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
-1348168976.551554	FHACqa3dX9BXRV2av	2	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
-1348168976.551554	FNnDVT1NURRWeoLLN3	2	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
-1348168976.554445	FFWYVj4BcvQb35WIaf	2	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
-1348168976.554445	Fj16G835fnJgnVlKU6	2	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
-1348168976.554445	FGONoc1Nj0Ka5zlxDa	2	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
-#close	2014-03-13-20-45-24
+1348168976.510615	FBtbj87tgpyeDSj31	3	01	CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161979.000000	1379697979.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
+1348168976.510615	F8TfgZ31c1dFu8Kt2k	3	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
+1348168976.514202	FVNYOh2BeQBb7MpCPe	3	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
+1348168976.514202	FwjBou1e5DbpE0eOgk	3	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
+1348168976.514202	FbYQmk4x4M4Bx3PZme	3	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
+1348168976.551554	F4SSqN31HDIrrH5Q8h	3	3792E385	CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348168676.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
+1348168976.551554	FJHp5Pf6VLQsRQK3	3	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
+1348168976.551554	FHACqa3dX9BXRV2av	3	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
+1348168976.551554	FNnDVT1NURRWeoLLN3	3	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
+1348168976.554445	FFWYVj4BcvQb35WIaf	3	36B07110	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162941.000000	1348206441.000000	rsaEncryption	sha1WithRSAEncryption	rsa	512	65537	-	-	-	-	-	-	-
+1348168976.554445	Fj16G835fnJgnVlKU6	3	02	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348162263.000000	1379698263.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	-	-
+1348168976.554445	FGONoc1Nj0Ka5zlxDa	3	EA83D17188B68E4D	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	1348161502.000000	1505841502.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	-
+#close	2014-03-20-04-42-11
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log
index 350673c2c8..4a187b3d11 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	x509
-#open	2014-03-13-20-45-46
+#open	2014-03-20-04-42-26
 #fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
 #types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
-1335538392.343624	F6wfNWn8LR755SYo7	2	36F5DA5300000000505E	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	1334102677.000000	1365639277.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	*.gstatic.com,gstatic.com,*.metric.gstatic.com	-	-	-	-	-
-1335538392.343624	FJl60T1mOolaez9T0h	2	0B6771	CN=Google Internet Authority,O=Google Inc,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1244493807.000000	1370634207.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	0
-#close	2014-03-13-20-45-46
+1335538392.343624	F6wfNWn8LR755SYo7	3	36F5DA5300000000505E	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	1334102677.000000	1365639277.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	*.gstatic.com,gstatic.com,*.metric.gstatic.com	-	-	-	-	-
+1335538392.343624	FJl60T1mOolaez9T0h	3	0B6771	CN=Google Internet Authority,O=Google Inc,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1244493807.000000	1370634207.000000	rsaEncryption	sha1WithRSAEncryption	rsa	1024	65537	-	-	-	-	-	T	0
+#close	2014-03-20-04-42-26
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log
index 5aeca0e664..3bc9870ec6 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log
@@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	x509
-#open	2014-03-13-20-46-09
+#open	2014-03-20-04-42-42
 #fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
 #types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
-1357328848.591964	FlnQzb2dJK4p9jXwmd	2	99FAA8037A4EB2FAEF84EB5E55D5B8C8	CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	1304467200.000000	1467676799.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.taleo.net,taleo.net	-	-	-	F	-
-1357328848.591964	FaDzX22O4j3kFF6Jqg	2	1690C329B6780607511F05B0344846CB	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	1271376000.000000	1590835718.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
-1357328848.591964	F9Tsjm3OdCmGGw43Yh	2	01	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	959683718.000000	1590835718.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
-#close	2014-03-13-20-46-09
+1357328848.591964	FlnQzb2dJK4p9jXwmd	3	99FAA8037A4EB2FAEF84EB5E55D5B8C8	CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	1304467200.000000	1467676799.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.taleo.net,taleo.net	-	-	-	F	-
+1357328848.591964	FaDzX22O4j3kFF6Jqg	3	1690C329B6780607511F05B0344846CB	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	1271376000.000000	1590835718.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
+1357328848.591964	F9Tsjm3OdCmGGw43Yh	3	01	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE	959683718.000000	1590835718.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
+#close	2014-03-20-04-42-42
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log
index df68558d9b..8be6aab171 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log
@@ -3,13 +3,13 @@
 #empty_field	(empty)
 #unset_field	-
 #path	x509
-#open	2014-03-13-21-47-24
+#open	2014-03-20-04-42-54
 #fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
 #types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
-1394747126.862409	FlaIzV19yTmBYwWwc6	2	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
-1394747126.862409	F0BeiV3cMsGkNML0P2	2	023A69	CN=Google Internet Authority G2,O=Google Inc,C=US	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	1365174955.000000	1428160555.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
-1394747126.862409	F6PfYi2WUoPdIJrhpg	2	12BBE6	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1021953600.000000	1534824000.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
-1394747129.512954	FOye6a4kt8a7QChqw3	2	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
-1394747129.512954	FytlLr3jOQenFAVtYi	2	023A69	CN=Google Internet Authority G2,O=Google Inc,C=US	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	1365174955.000000	1428160555.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
-1394747129.512954	FEmnxy4DGbxkmtQJS1	2	12BBE6	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1021953600.000000	1534824000.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
-#close	2014-03-13-21-47-24
+1394747126.862409	FlaIzV19yTmBYwWwc6	3	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+1394747126.862409	F0BeiV3cMsGkNML0P2	3	023A69	CN=Google Internet Authority G2,O=Google Inc,C=US	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	1365174955.000000	1428160555.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
+1394747126.862409	F6PfYi2WUoPdIJrhpg	3	12BBE6	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1021953600.000000	1534824000.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
+1394747129.512954	FOye6a4kt8a7QChqw3	3	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+1394747129.512954	FytlLr3jOQenFAVtYi	3	023A69	CN=Google Internet Authority G2,O=Google Inc,C=US	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	1365174955.000000	1428160555.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
+1394747129.512954	FEmnxy4DGbxkmtQJS1	3	12BBE6	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1021953600.000000	1534824000.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
+#close	2014-03-20-04-42-54
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log
index 13f8280fa9..2a2fb3ba83 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	x509
-#open	2014-03-20-04-29-44
+#open	2014-03-20-04-43-07
 #fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
 #types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
-1394747126.862409	FlaIzV19yTmBYwWwc6	2	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
-1394747129.512954	FOye6a4kt8a7QChqw3	2	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
-#close	2014-03-20-04-29-44
+1394747126.862409	FlaIzV19yTmBYwWwc6	3	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+1394747129.512954	FOye6a4kt8a7QChqw3	3	4A2C8628C1010633	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1393341558.000000	1401062400.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+#close	2014-03-20-04-43-07

From ae165fb2627ea568f2e903435b8c438cf27f56e1 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Wed, 19 Mar 2014 21:50:02 -0700
Subject: [PATCH 18/18] x509 version always has to be incremented. Baselines
 already committed.

---
 src/file_analysis/analyzer/x509/X509.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 9b4a90dcf9..3bdfb034ac 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -94,7 +94,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val)
 	RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate);
 	BIO *bio = BIO_new(BIO_s_mem());
 
-	pX509Cert->Assign(0, new Val((uint64) X509_get_version(ssl_cert), TYPE_COUNT));
+	pX509Cert->Assign(0, new Val((uint64) X509_get_version(ssl_cert) + 1, TYPE_COUNT));
 	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
 	int len = BIO_read(bio, &(*buf), sizeof(buf));
 	pX509Cert->Assign(1, new StringVal(len, buf));