Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'master' of https://github.com/hosom/zeek

Browse source 
* 'master' of https://github.com/hosom/zeek:
  Add fuid to SSL:Invalid_Server_Cert notice
This commit is contained in:
Johanna Amann 2019-01-29 14:49:10 -08:00
commit 2e2f611df5
3 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
2.6-110 | 2019-01-29 14:49:10 -0800
* Add fuid to SSL:Invalid_Server_Cert notice (Stephen Hosom)
2.6-108 | 2019-01-28 14:11:19 -0600 2.6-108 | 2019-01-28 14:11:19 -0600
* GH-210: improve call stack tracking w/ argument info (Jon Siwek, Corelight) * GH-210: improve call stack tracking w/ argument info (Jon Siwek, Corelight)

2
VERSION
View file

@ -1 +1 @@
2.6-108 2.6-110

1
scripts/policy/protocols/ssl/validate-certs.bro
View file

@ -191,6 +191,7 @@ hook ssl_finishing(c: connection) &priority=20
local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status); local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status);
NOTICE([$note=Invalid_Server_Cert, $msg=message, NOTICE([$note=Invalid_Server_Cert, $msg=message,
$sub=c$ssl$cert_chain[0]$x509$certificate$subject, $conn=c, $sub=c$ssl$cert_chain[0]$x509$certificate$subject, $conn=c,
$fuid=c$ssl$cert_chain[0]$fuid,
$identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_code)]); $identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_code)]);
} }
} }