Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Delete SSL certificates from memory after ssl_established event.

Browse source 
- This is an attempt at fixing the memory issues brought about by
  the introduction of the new SSL analyzer.  My initial testing
  shows a hefty memory saving.
This commit is contained in:
Seth Hall 2011-09-08 01:52:25 -04:00
parent e07e4ca117
commit 4931aa815f
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
scripts/base/protocols/ssl/main.bro
View file

@ -28,6 +28,11 @@ export {
## This is where the default root CA bundle is defined. By loading the ## This is where the default root CA bundle is defined. By loading the
## mozilla-ca-list.bro script it will be set to Mozilla's root CA list. ## mozilla-ca-list.bro script it will be set to Mozilla's root CA list.
const root_certs: table[string] of string = {} &redef; const root_certs: table[string] of string = {} &redef;
## This determines if the c$ssl record is deleted after the record is
## logged. You probably want this to be deleted since it contains
## the full certificate and all of the chain certificates in it.
const delete_certs_after_logging = T &redef;
global log_ssl: event(rec: Info); global log_ssl: event(rec: Info);
@ -121,5 +126,13 @@ event ssl_established(c: connection) &priority=5
event ssl_established(c: connection) &priority=-5 event ssl_established(c: connection) &priority=-5
{ {
Log::write(SSL::LOG, c$ssl); Log::write(SSL::LOG, c$ssl);
if ( delete_certs_after_logging )
{
if ( c$ssl?$cert )
delete c$ssl$cert;
if ( c$ssl?$cert_chain )
delete c$ssl$cert_chain;
}
} }