Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Finishing touches of the x509 file analyzer.

Browse source 
Mostly baseline updates and new tests.

addresses BIT-953, BIT-760, BIT-1150
This commit is contained in:
Bernhard Amann 2014-03-13 15:17:25 -07:00
parent 74d728656d
commit 4da0718511
44 changed files with 712 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

10
testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path ssl
#open 2014-03-04-22-02-50
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id subject issuer_subject not_valid_before not_valid_after last_alert client_subject client_issuer_subject established
#types time string addr port addr port string string string string string string time time string string string bool
1335538392.319381 CXWv6p3arKYeMETxOg 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA ssl.gstatic.com - CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US 1334102677.000000 1365639277.000000 - - - T
#close 2014-03-04-22-02-50
#open 2014-03-13-20-45-46
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string string bool vector[string] vector[string] string string string string
1335538392.319381 CXWv6p3arKYeMETxOg 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA ssl.gstatic.com - - T F6wfNWn8LR755SYo7,FJl60T1mOolaez9T0h (empty) CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US - -
#close 2014-03-13-20-45-46

11
testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open 2014-03-13-20-45-46
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
1335538392.343624 F6wfNWn8LR755SYo7 2 36F5DA5300000000505E CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US 1334102677.000000 1365639277.000000 rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - *.gstatic.com,gstatic.com,*.metric.gstatic.com - - - - -
1335538392.343624 FJl60T1mOolaez9T0h 2 0B6771 CN=Google Internet Authority,O=Google Inc,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US 1244493807.000000 1370634207.000000 rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T 0
#close 2014-03-13-20-45-46