From e30a02e1863089b7c705160e5bacbb5b5c030c37 Mon Sep 17 00:00:00 2001
From: Stephen Hosom <0xhosom@gmail.com>
Date: Tue, 29 Jan 2019 13:34:51 -0500
Subject: [PATCH] Add fuid to SSL:Invalid_Server_Cert notice

This is a very basid quality of life improvement. It should make it
much easier to find additional information about the certificate
in question.
---
 scripts/policy/protocols/ssl/validate-certs.bro | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro
index 3f0d18a1c5..a2918db065 100644
--- a/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/scripts/policy/protocols/ssl/validate-certs.bro
@@ -190,7 +190,8 @@ hook ssl_finishing(c: connection) &priority=20
 		{
 		local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status);
 		NOTICE([$note=Invalid_Server_Cert, $msg=message,
-		        $sub=c$ssl$cert_chain[0]$x509$certificate$subject, $conn=c,
-		        $identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_code)]);
+		        $sub=c$ssl$cert_chain[0]$x509$certificate$subject, $conn=c, 
+				$fuid=c$ssl$cert_chain[0]$fuid, 
+				$identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_code)]);
 		}
 	}