Add two more ssl events - one triggered for each handshake message and one

triggered for the tls change cipherspec message. Also - fix small bug. In case SSL::disable_analyzer_after_detection was set to F, the ssl_established event would fire after each data packet after the session is established.
2025-10-15 13:08:20 +00:00 · 2014-06-06 12:50:54 -07:00 · 2014-06-06 12:50:54 -07:00 · 67c0cc118d
commit 67c0cc118d
parent cfda4113f4
5 changed files with 155 additions and 5 deletions
--- a/testing/btest/scripts/base/protocols/ssl/handshake-events.test
+++ b/testing/btest/scripts/base/protocols/ssl/handshake-events.test
@ -0,0 +1,28 @@
+# This tests events not covered by other tests
+
+# @TEST-EXEC: bro -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/ssl
+
+redef SSL::disable_analyzer_after_detection=F;
+
+event ssl_established(c: connection)
+	{
+	print "Established", c$id$orig_h, c$id$resp_h;
+	}
+
+event ssl_handshake_message(c: connection, is_orig: bool, msg_type: count, length: count)
+	{
+	print "Handshake", c$id$orig_h, c$id$resp_h, is_orig, msg_type, length;
+	}
+
+event ssl_change_cipher_spec(c: connection, is_orig: bool)
+	{
+	print "CCS", c$id$orig_h, c$id$resp_h, is_orig;
+	}
+
+event ssl_encrypted_data(c: connection, is_orig: bool, content_type: count, length: count)
+	{
+	print "Encrypted data", c$id$orig_h, c$id$resp_h, is_orig, content_type, length;
+	}