Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/johanna/gh-859'

Browse source 
* origin/topic/johanna/gh-859:
  Add X509/SSL changes to NEWS
  X509: add check if function succeeds
  GH-1634: Address feedback
  Small indentation fixes in ssl-log-ext.zeek
  Fix memory leak in x509_check_cert_hostname bif
  Small bugfix and updates for external test hashes (SSL/X509)
  Baseline updates for recent SSL changes.
  Add ability to check if hostname is valid for a specific cert
  Add ssl_history field to ssl.log
  Add policy script suppressing certificate events
  Add new ssl-log-ext policy script
  Deprecate extract-certs-pem.zeek and add log-certs-base64.zeek
  Implement X509 certificate log caching
  Deprecate ICSI SSL notary script.
  Change SSL and X.509 logging format
  Enable OCSP logging by default.
  Split the code that handles X509 event hashing into its own file

Closes GH-859
This commit is contained in:
Johanna Amann 2021-07-05 10:06:59 +01:00
commit 7ec50bf434
130 changed files with 2358 additions and 711 deletions
Download patch file Download diff file Expand all files Collapse all files

94
CHANGES
View file

@ -1,3 +1,97 @@
4.1.0-dev.884 | 2021-07-05 10:06:59 +0100
* Add ability to check if hostname is valid for a specific cert (Johanna Amann, Corelight)
This commit adds two new bifs, x509_check_hostname and
x509_check_cert_hostname. These bifs can be used to check if a given
hostname which can, e.g., be sent in a SNI is valid for a specific
certificate.
This PR furthermore modifies the ssl logs again, and adds information
about this to the log-file. Furthermore we now by default remove the
server certificate information from ssl.log - I doubt that this is often
looked at, it is not present in TLS 1.3, we do still have the SNI, and
if you need it you have the information in x509.log.
This also fixes a small potential problem in X509.cc assuming there
might be SAN-entries that contain null-bytes.
* Add ssl_history field to ssl.log (Johanna Amann)
This is the equivalent to a connection history for SSL - and contains
information about which protocol messages were exchanged in which order.
* Add policy script suppressing certificate events (Johanna Amann, Corelight)
The added disable-certificate-events-known-certs.zeek disables repeated
X509 events in SSL connections, given that the connection terminates at
the same server and used the samt SNI as a previously seen connection
with the same certificate.
For people that see significant amounts of TLS 1.2 traffic, this could
reduce the amount of raised events significantly - especially when a
lot of connections are repeat connections to the same servers.
The practical impact of not raising these events is actually very little
- unless a script directly interacts with the x509 events, everything
works as before - the x509 variables in the connection records are still
being set (from the cache).
* Add new ssl-log-ext policy script (Johanna Amann, Corelight)
This policy script significantly extends the details that are logged
about SSL/TLS handshakes.
* Deprecate extract-certs-pem.zeek and add log-certs-base64.zeek (Johanna Amann, Corelight)
Extract-certs-pem writes pem files to a dedicated file; since it does
not really work in cluster-environments it was never super helpful.
This commit deprecates this file and, instead, adds
log-certs-base64.zeek, which adds the base64-encoded certificate (which
is basically equivalent with a PEM) to the log-file. Since, nowadays,
the log-files are deduplicates this should not add a huge overhead.
* Implement X509 certificate log caching (Johanna Amann, Corelight)
By default, each certificate is now output only once per hour. This also
should work in cluster mode, where we use the net broker-table-syncing
feature to distribute the information about already seen certificates
across the entire cluster.
Log caching is also pretty configureable and can be changed using a
range of confiuration options and hooks.
Note that this is currently completely separate from X509 events
caching, which prevents duplicate parsing of X509 certificates.
* Deprecate ICSI SSL notary script. (Johanna Amann, Corelight)
The ICSI notary is pretty much inactive. Furthermore - this approach
does no longer make much sense at this point of time - performing, e.g.,
signed certificate timestamp validation is much more worthwhile.
* Change SSL and X.509 logging format (Johanna Amann, Corelight)
This commit changes the SSL and X.509 logging formats. Logs are
now indexed by their hash and no longer by the file ID.
This commit introduces two new options, which determine if certificate
issuers and subjects are still logged in ssl.log. The default is to have
the host subject/issuer logged, but to remove client-certificate
information. Client-certificates are not a typically used feature
nowadays.
* Enable OCSP logging by default. (Johanna Amann, Corelight)
It turns out that this can actually contain a slew of interesting
information - like operating systems querying for the revocation of
software signing certificates, e.g.
* Split the code that handles X509 event hashing into its own file (Johanna Amann, Corelight)
This also improves documentation of this feature.
4.1.0-dev.864 | 2021-07-02 12:50:40 -0700
* Add a global log policy hook to the logging framework (Christian Kreibich, Corelight)

67
NEWS
View file

@ -73,6 +73,12 @@ New Functionality
takes a semicolon separated list of paths containing plugins that will be
statically built into Zeek.
- The X509 analyzer now can check if a specific hostname is valid for a
certificate. Two new BIFs were added for this, ``x509_check_hostname`` and
``x509_check_cert_hostname``. A new field ``sni_matches_cert`` that tracks
this information was added to ``ssl.log``.
Changed Functionality
---------------------
@ -103,8 +109,67 @@ Changed Functionality
- Add page and email administrator to mails processed by hostnames extension.
- SSL and X509 handling was significantly overhauled with the goal to make
the data that is logged by Zeek more helpful and compact.
This change means that there are significant changes to the default log files,
as well as changes to functionality:
- ``x509.log`` is now indexed by the sha256 of the certificate, with deduplication
being automatically performed. By default, the same certificate is only logged
once per day.
This also means that the file ID is no longer present in X509 log. Similarly,
``ssl.log`` now contains hashes for X509 certificates.
The hash function that is used for indexing the certificates is changeable by
changing the ``X509::hash_function`` option.
The time period after which a certificate is logged again can be configured by
changing ``X509::relog_known_certificates_after``.
By default deduplication of certificates is done across the entire cluster using
broker. If this is not desired due to the higher communication overhead, this
behavior can be disabled using ``X509::known_log_certs_use_broker``.
- X509 certificates are, by default, no longer logged into files.log. This
behavior is configurable and the previous default can be restored by changing
the ``X509::log_x509_in_files_log`` option.
- ``x509.log`` now tracks if a certificate was encountered as a end-host certificate
or as a client certificate.
- OCSP logging is now enabled by default.
- ``ssl.log`` now no longer includes information about the certificate issuer and
subject. This information is still available in X509.log. If you need this
information in ``ssl.log``, the old behavior can be restored by changing the
``SSL::log_include_server_certificate_subject_issuer`` and
``SSL::log_include_client_certificate_subject_issuer`` configuration options.
- ``ssl.log`` now contains a ``ssl_history`` field, which tracks which protocol
messages were seen in an SSL/TLS connection.
- We added a policy script ``ssl-log-ext.zeek`` which greatly extends the amount
of protocol information logged to SSL.log. The script is not loaded by default.
- We added a ``disable-certificate-events-known-certs.zeek`` policy script. This script
will completely disable X509 events for known certificates over SSL/TLS connections.
For Zeek installations in settings where you encounter a lot of certificates,
this could improve the performance of your installation. Before enabling this
script, make sure that you do not use any third-party scripts that depend on the
X509 events. The script is not loaded by default.
- The ICSI SSL Notary script was deprecated. This functionality is superseeded by newer
approaches, like SCT validation (which is supported by Zeek).
- ``extract-certs-pem.zeek`` was deprecated - it never really worked in cluster modes.
A new policy script, ``log-certs-base64.zeek`` that can be used to log raw certificates
was added instead.
- The CT logs listed in ``ct-list.zeek`` are now derived from the list of CT
logs thar are accepted by Google Chrome. In the past, we allowed the list
logs that are accepted by Google Chrome. In the past, we allowed the list
of all known CT logs. This no longer makes sense since nowadays logs exist that
contain, e.g., only outdated or invalid certificates. If the old behavior is
desired, you can re-add Logs to ``SSL::ct_logs``.

2
VERSION
View file

@ -1 +1 @@
4.1.0-dev.864
4.1.0-dev.884

3
scripts/base/files/x509/__load__.zeek
View file

@ -1 +1,4 @@
@load ./main
@load ./certificate-event-cache
@load ./log-ocsp

112
scripts/base/files/x509/certificate-event-cache.zeek Normal file
View file

@ -0,0 +1,112 @@
##! This script sets up the certificate event cache handling of Zeek.
##!
##! The Zeek core provided a method to skip certificate processing for known certificates.
##! For more details about this functionality, see :zeek:see:`x509_set_certificate_cache`.
##!
##! This script uses this feature to lower the amount of processing that has to be performed
##! by Zeek by caching all certificate events for common certificates. For these certificates,
##! the parsing of certificate information in the core is disabled. Instead, the cached events
##! and data structures from the previous certificates are used.
@load ./main
module X509;
export {
## How often do you have to encounter a certificate before
## caching the events for it. Set to 0 to disable caching of certificates.
option caching_required_encounters : count = 10;
## The timespan over which caching_required_encounters has to be reached
option caching_required_encounters_interval : interval = 62 secs;
## After a certificate has not been encountered for this time, it
## may be evicted from the certificate event cache.
option certificate_cache_minimum_eviction_interval : interval = 62 secs;
## Maximum size of the certificate event cache
option certificate_cache_max_entries : count = 10000;
## This hook performs event-replays in case a certificate that already
## is in the cache is encountered.
##
## It is possible to change this behavior/skip sending the events by
## installing a higher priority hook instead.
global x509_certificate_cache_replay: hook(f: fa_file, e: X509::Info, sha256: string);
}
# Table tracking potential certificates to cache - indexed by the SHA256 of the
# raw on-the-wire representation (DER).
global certificates_encountered: table[string] of count &create_expire=caching_required_encounters_interval;
# Table caching the output of the X509 analyzer for commonly seen certificates.
# This is indexed by SHA256 and contains the Info record of the first certificate
# encountered. We use this info record to re-play the events.
global certificate_cache: table[string] of X509::Info &read_expire=certificate_cache_minimum_eviction_interval;
event zeek_init() &priority=5
{
x509_set_certificate_cache(certificate_cache);
x509_set_certificate_cache_hit_callback(x509_certificate_cache_replay);
}
hook x509_certificate_cache_replay(f: fa_file, e: X509::Info, sha256: string)
{
# we encountered a cached cert. The X509 analyzer will skip it. Let's raise all the events that it typically
# raises by ourselfes.
# first - let's checked if it already has an x509 record. That would mean that someone raised the file_hash event
# several times for the certificate - in which case we bail out.
if ( f$info?$x509 )
return;
event x509_certificate(f, e$handle, e$certificate);
for ( i in e$extensions_cache )
{
local ext = e$extensions_cache[i];
if ( ext is X509::Extension )
event x509_extension(f, (ext as X509::Extension));
else if ( ext is X509::BasicConstraints )
event x509_ext_basic_constraints(f, (ext as X509::BasicConstraints));
else if ( ext is X509::SubjectAlternativeName )
event x509_ext_subject_alternative_name(f, (ext as X509::SubjectAlternativeName));
else if ( ext is X509::SctInfo )
{
local s = ( ext as X509::SctInfo);
event x509_ocsp_ext_signed_certificate_timestamp(f, s$version, s$logid, s$timestamp, s$hash_alg, s$sig_alg, s$signature);
}
else
Reporter::error(fmt("Encountered unknown extension while replaying certificate with fuid %s", f$id));
}
}
event file_state_remove(f: fa_file) &priority=5
{
if ( ! f$info?$x509 )
return;
if ( f$info?$sha256 && f$info$sha256 !in certificate_cache &&
caching_required_encounters > 0 &&
f$info$sha256 in certificates_encountered &&
certificates_encountered[f$info$sha256] >= caching_required_encounters &&
|certificate_cache| < certificate_cache_max_entries )
{
delete certificates_encountered[f$info$sha256];
certificate_cache[f$info$sha256] = f$info$x509;
}
}
event file_hash(f: fa_file, kind: string, hash: string)
{
if ( ! f?$info || "X509" !in f$info$analyzers || kind != "sha256" )
return;
if ( caching_required_encounters == 0 || hash in certificate_cache )
return;
if ( hash !in certificates_encountered )
certificates_encountered[hash] = 1;
else
certificates_encountered[hash] += 1;
}

61
scripts/base/files/x509/log-ocsp.zeek Normal file
View file

@ -0,0 +1,61 @@
##! Enable logging of OCSP responses.
module OCSP;
export {
redef enum Log::ID += { LOG };
global log_policy: Log::PolicyHook;
## The record type which contains the fields of the OCSP log.
type Info: record {
## Time when the OCSP reply was encountered.
ts: time &log;
## File id of the OCSP reply.
id: string &log;
## Hash algorithm used to generate issuerNameHash and issuerKeyHash.
hashAlgorithm: string &log;
## Hash of the issuer's distingueshed name.
issuerNameHash: string &log;
## Hash of the issuer's public key.
issuerKeyHash: string &log;
## Serial number of the affected certificate.
serialNumber: string &log;
## Status of the affected certificate.
certStatus: string &log;
## Time at which the certificate was revoked.
revoketime: time &log &optional;
## Reason for which the certificate was revoked.
revokereason: string &log &optional;
## The time at which the status being shows is known to have been correct.
thisUpdate: time &log;
## The latest time at which new information about the status of the certificate will be available.
nextUpdate: time &log &optional;
};
## Event that can be handled to access the OCSP record
## as it is sent to the logging framework.
global log_ocsp: event(rec: Info);
}
event zeek_init() &priority=5
{
Log::create_stream(LOG, [$columns=Info, $ev=log_ocsp, $path="ocsp", $policy=log_policy]);
Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
}
event ocsp_response_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string, certStatus: string, revoketime: time, revokereason: string, thisUpdate: time, nextUpdate: time)
{
local wr = OCSP::Info($ts=f$info$ts, $id=f$id, $hashAlgorithm=hashAlgorithm, $issuerNameHash=issuerNameHash,
$issuerKeyHash=issuerKeyHash, $serialNumber=serialNumber, $certStatus=certStatus,
$thisUpdate=thisUpdate);
if ( revokereason != "" )
wr$revokereason = revokereason;
if ( time_to_double(revoketime) != 0 )
wr$revoketime = revoketime;
if ( time_to_double(nextUpdate) != 0 )
wr$nextUpdate = nextUpdate;
Log::write(LOG, wr);
}

160
scripts/base/files/x509/main.zeek
View file

@ -1,6 +1,7 @@
@load base/frameworks/files
@load base/files/hash
@load base/frameworks/cluster
module X509;
@ -9,26 +10,32 @@ export {
global log_policy: Log::PolicyHook;
## How often do you have to encounter a certificate before
## caching it. Set to 0 to disable caching of certificates.
option caching_required_encounters : count = 10;
## The hash function used for certificate hashes. By default this is sha256; you can use
## any other hash function and the hashes will change in ssl.log and in x509.log.
option hash_function: function(cert: string): string = sha256_hash;
## The timespan over which caching_required_encounters has to be reached
option caching_required_encounters_interval : interval = 62 secs;
## This option specifies if X.509 certificates are logged in file.log. Typically, there
## is not much value to having the entry in files.log - especially since, by default, the
## file ID is not present in the X509 log.
option log_x509_in_files_log: bool = F;
## After a certificate has not been encountered for this time, it
## may be evicted from the certificate cache.
option certificate_cache_minimum_eviction_interval : interval = 62 secs;
## Maximum size of the certificate cache
option certificate_cache_max_entries : count = 10000;
## Type that is used to decide which certificates are duplicates for logging purposes.
## When adding entries to this, also change the create_deduplication_index to update them.
type LogCertHash: record {
## Certificate fingerprint
fingerprint: string;
## Indicates if this certificate was a end-host certificate, or sent as part of a chain
host_cert: bool;
## Indicates if this certificate was sent from the client
client_cert: bool;
};
## The record type which contains the fields of the X.509 log.
type Info: record {
## Current timestamp.
ts: time &log;
## File id of this certificate.
id: string &log;
## Fingerprint of the certificate - uses chosen algorithm.
fingerprint: string &log;
## Basic information about the certificate.
certificate: X509::Certificate &log;
## The opaque wrapping the certificate. Mainly used
@ -44,8 +51,17 @@ export {
## This is used for caching certificates that are commonly
## encountered and should not be relied on in user scripts.
extensions_cache: vector of any &default=vector();
## Indicates if this certificate was a end-host certificate, or sent as part of a chain
host_cert: bool &log &default=F;
## Indicates if this certificate was sent from the client
client_cert: bool &log &default=F;
## Record that is used to deduplicate log entries.
deduplication_index: LogCertHash &optional;
};
## Hook that is used to create the index value used for log deduplication.
global create_deduplication_index: hook(c: X509::Info);
## This record is used to store information about the SCTs that are
## encountered in Certificates.
type SctInfo: record {
@ -66,25 +82,32 @@ export {
signature: string;
};
## This hook performs event-replays in case a certificate that already
## is in the cache is encountered.
## By default, x509 certificates are deduplicated. This configuration option configures
## the maximum time after which certificates are re-logged. Note - depending on other configuration
## options, this setting might only apply on a per-worker basis and you still might see certificates
## logged several times.
##
## It is possible to change this behavior/skip sending the events by
## installing a higher priority hook instead.
global x509_certificate_cache_replay: hook(f: fa_file, e: X509::Info, sha256: string);
## To disable deduplication completely, set this to 0secs.
option relog_known_certificates_after = 1day;
## The set that stores information about certificates that already have been logged and should
## not be logged again.
global known_log_certs: set[LogCertHash] &create_expire=relog_known_certificates_after;
## Maximum size of the known_log_certs table
option known_log_certs_maximum_size = 1000000;
## Use broker stores to deduplicate certificates across the whole cluster. This will cause log-deduplication
## to work cluster wide, but come at a slightly higher cost of memory and inter-node-communication.
##
## This setting is ignored if Zeek is run in standalone mode.
global known_log_certs_use_broker: bool = T;
## Event for accessing logged records.
global log_x509: event(rec: Info);
}
# Table tracking potential certificates to cache - indexed by the SHA256 of the
# raw on-the-wire representation (DER).
global certificates_encountered: table[string] of count &create_expire=caching_required_encounters_interval;
# Table caching the output of the X509 analyzer for commonly seen certificates.
# This is indexed by SHA256 and contains the Info record of the first certificate
# encountered. We use this info record to re-play the events.
global certificate_cache: table[string] of X509::Info &read_expire=certificate_cache_minimum_eviction_interval;
global known_log_certs_with_broker: set[LogCertHash] &create_expire=relog_known_certificates_after &backend=Broker::MEMORY;
redef record Files::Info += {
## Information about X509 certificates. This is used to keep
@ -114,49 +137,41 @@ event zeek_init() &priority=5
Files::register_for_mime_type(Files::ANALYZER_SHA1, "application/x-x509-ca-cert");
Files::register_for_mime_type(Files::ANALYZER_SHA1, "application/pkix-cert");
# SHA256 is used by us to determine which certificates to cache.
# Please note that SHA256 caching is required to be enabled for the certificate event
# caching that is set up in certificate-event-cache.zeek to work.
Files::register_for_mime_type(Files::ANALYZER_SHA256, "application/x-x509-user-cert");
Files::register_for_mime_type(Files::ANALYZER_SHA256, "application/x-x509-ca-cert");
Files::register_for_mime_type(Files::ANALYZER_SHA256, "application/pkix-cert");
x509_set_certificate_cache(certificate_cache);
x509_set_certificate_cache_hit_callback(x509_certificate_cache_replay);
@if ( Cluster::is_enabled() )
if ( known_log_certs_use_broker )
known_log_certs = known_log_certs_with_broker;
@endif
}
hook x509_certificate_cache_replay(f: fa_file, e: X509::Info, sha256: string)
hook Files::log_policy(rec: Files::Info, id: Log::ID, filter: Log::Filter) &priority=5
{
# we encountered a cached cert. The X509 analyzer will skip it. Let's raise all the events that it typically
# raises by ourselfes.
if ( ( log_x509_in_files_log == F ) && ( "X509" in rec$analyzers ) )
break;
}
# first - let's checked if it already has an x509 record. That would mean that someone raised the file_hash event
# several times for the certificate - in which case we bail out.
if ( f$info?$x509 )
hook create_deduplication_index(i: X509::Info)
{
if ( i?$deduplication_index || relog_known_certificates_after == 0secs )
return;
event x509_certificate(f, e$handle, e$certificate);
for ( i in e$extensions_cache )
{
local ext = e$extensions_cache[i];
if ( ext is X509::Extension )
event x509_extension(f, (ext as X509::Extension));
else if ( ext is X509::BasicConstraints )
event x509_ext_basic_constraints(f, (ext as X509::BasicConstraints));
else if ( ext is X509::SubjectAlternativeName )
event x509_ext_subject_alternative_name(f, (ext as X509::SubjectAlternativeName));
else if ( ext is X509::SctInfo )
{
local s = ( ext as X509::SctInfo);
event x509_ocsp_ext_signed_certificate_timestamp(f, s$version, s$logid, s$timestamp, s$hash_alg, s$sig_alg, s$signature);
}
else
Reporter::error(fmt("Encountered unknown extension while replaying certificate with fuid %s", f$id));
}
i$deduplication_index = LogCertHash($fingerprint=i$fingerprint, $host_cert=i$host_cert, $client_cert=i$client_cert);
}
event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=5
{
f$info$x509 = [$ts=f$info$ts, $id=f$id, $certificate=cert, $handle=cert_ref];
local der_cert = x509_get_certificate_string(cert_ref);
local fp = hash_function(der_cert);
f$info$x509 = [$ts=f$info$ts, $fingerprint=fp, $certificate=cert, $handle=cert_ref];
if ( f$info$mime_type == "application/x-x509-user-cert" )
f$info$x509$host_cert = T;
if ( f$is_orig )
f$info$x509$client_cert = T;
}
event x509_extension(f: fa_file, ext: X509::Extension) &priority=5
@ -197,30 +212,17 @@ event file_state_remove(f: fa_file) &priority=5
if ( ! f$info?$x509 )
return;
if ( ! f$info$x509?$deduplication_index )
hook create_deduplication_index(f$info$x509);
if ( f$info$x509?$deduplication_index )
{
if ( f$info$x509$deduplication_index in known_log_certs )
return;
else if ( |known_log_certs| < known_log_certs_maximum_size )
add known_log_certs[f$info$x509$deduplication_index];
}
Log::write(LOG, f$info$x509);
if ( f$info?$sha256 && f$info$sha256 !in certificate_cache &&
caching_required_encounters > 0 &&
f$info$sha256 in certificates_encountered &&
certificates_encountered[f$info$sha256] >= caching_required_encounters &&
|certificate_cache| < certificate_cache_max_entries )
{
delete certificates_encountered[f$info$sha256];
certificate_cache[f$info$sha256] = f$info$x509;
}
}
event file_hash(f: fa_file, kind: string, hash: string)
{
if ( ! f?$info || "X509" !in f$info$analyzers || kind != "sha256" )
return;
if ( caching_required_encounters == 0 || hash in certificate_cache )
return;
if ( hash !in certificates_encountered )
certificates_encountered[hash] = 1;
else
certificates_encountered[hash] += 1;
}

3
scripts/base/protocols/ftp/gridftp.zeek
View file

@ -107,7 +107,8 @@ event ssl_established(c: connection) &priority=5
function data_channel_initial_criteria(c: connection): bool
{
return ( c?$ssl && c$ssl?$client_subject && c$ssl?$subject &&
return ( c?$ssl && c$ssl?$cert_chain && c$ssl?$client_cert_chain &&
|c$ssl$cert_chain| > 0 && |c$ssl$client_cert_chain| > 0 &&
c$ssl?$cipher && /WITH_NULL/ in c$ssl$cipher );
}

75
scripts/base/protocols/ssl/files.zeek
View file

@ -6,27 +6,37 @@
module SSL;
export {
## Set this to true to includd the server certificate subject and
## issuer from the SSL log file. This information is still available
## in x509.log.
const log_include_server_certificate_subject_issuer = F &redef;
## Set this to true to include the client certificate subject
## and issuer in the SSL logfile. This information is rarely present
## and probably only interesting in very specific circumstances
const log_include_client_certificate_subject_issuer = F &redef;
redef record Info += {
## Chain of certificates offered by the server to validate its
## complete signing chain.
cert_chain: vector of Files::Info &optional;
## An ordered vector of all certificate file unique IDs for the
## An ordered vector of all certificate fingerprints for the
## certificates offered by the server.
cert_chain_fuids: vector of string &optional &log;
cert_chain_fps: vector of string &optional &log;
## Chain of certificates offered by the client to validate its
## complete signing chain.
client_cert_chain: vector of Files::Info &optional;
## An ordered vector of all certificate file unique IDs for the
## An ordered vector of all certificate fingerprints for the
## certificates offered by the client.
client_cert_chain_fuids: vector of string &optional &log;
client_cert_chain_fps: vector of string &optional &log;
## Subject of the X.509 certificate offered by the server.
subject: string &log &optional;
## Subject of the signer of the X.509 certificate offered by the
## Issuer of the signer of the X.509 certificate offered by the
## server.
issuer: string &log &optional;
@ -37,6 +47,11 @@ export {
## client.
client_issuer: string &log &optional;
## Set to true if the hostname sent in the SNI matches the certificate.
## Set to false if they do not match. Unset if the client did not send
## an SNI.
sni_matches_cert: bool &log &optional;
## Current number of certificates seen from either side. Used
## to create file handles.
server_depth: count &default=0;
@ -88,6 +103,25 @@ event zeek_init() &priority=5
Files::register_protocol(Analyzer::ANALYZER_DTLS,
[$get_file_handle = SSL::get_file_handle,
$describe = SSL::describe_file]);
local ssl_filter = Log::get_filter(SSL::LOG, "default");
if ( ssl_filter$name != "<not found>" )
{
if ( ! ssl_filter?$exclude )
ssl_filter$exclude = set();
if ( ! log_include_server_certificate_subject_issuer )
{
add ssl_filter$exclude["subject"];
add ssl_filter$exclude["issuer"];
}
if ( ! log_include_client_certificate_subject_issuer )
{
add ssl_filter$exclude["client_subject"];
add ssl_filter$exclude["client_issuer"];
}
Log::add_filter(SSL::LOG, ssl_filter);
}
}
event file_sniff(f: fa_file, meta: fa_metadata) &priority=5
@ -114,28 +148,39 @@ event file_sniff(f: fa_file, meta: fa_metadata) &priority=5
{
c$ssl$cert_chain = vector();
c$ssl$client_cert_chain = vector();
c$ssl$cert_chain_fuids = string_vec();
c$ssl$client_cert_chain_fuids = string_vec();
c$ssl$cert_chain_fps = string_vec();
c$ssl$client_cert_chain_fps = string_vec();
}
if ( f$is_orig )
{
c$ssl$client_cert_chain += f$info;
c$ssl$client_cert_chain_fuids += f$id;
}
else
{
c$ssl$cert_chain += f$info;
c$ssl$cert_chain_fuids += f$id;
}
}
event ssl_established(c: connection) &priority=6
hook ssl_finishing(c: connection) &priority=20
{
# update subject and issuer information
if ( c$ssl?$cert_chain)
for ( i in c$ssl$cert_chain )
if ( c$ssl$cert_chain[i]?$x509 && c$ssl$cert_chain[i]$x509?$fingerprint )
c$ssl$cert_chain_fps += c$ssl$cert_chain[i]$x509$fingerprint;
if ( c$ssl?$client_cert_chain )
for ( i in c$ssl$client_cert_chain )
if ( c$ssl$client_cert_chain[i]?$x509 && c$ssl$client_cert_chain[i]$x509?$fingerprint )
c$ssl$client_cert_chain_fps += c$ssl$client_cert_chain[i]$x509$fingerprint;
if ( c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 &&
c$ssl$cert_chain[0]?$x509 )
{
if ( c$ssl?$server_name )
{
if ( x509_check_cert_hostname(c$ssl$cert_chain[0]$x509$handle, c$ssl$server_name) != "" )
c$ssl$sni_matches_cert = T;
else
c$ssl$sni_matches_cert = F;
}
c$ssl$subject = c$ssl$cert_chain[0]$x509$certificate$subject;
c$ssl$issuer = c$ssl$cert_chain[0]$x509$certificate$issuer;
}

118
scripts/base/protocols/ssl/main.zeek
View file

@ -68,6 +68,36 @@ export {
## Flag to indicate if this record already has been logged, to
## prevent duplicates.
logged: bool &default=F;
## SSL history showing which types of packets we received in which order.
## Letters have the following meaning with client-sent letters being capitalized:
## H hello_request
## C client_hello
## S server_hello
## V hello_verify_request
## T NewSessionTicket
## X certificate
## K server_key_exchange
## R certificate_request
## N server_hello_done
## Y certificate_verify
## G client_key_exchange
## F finished
## W certificate_url
## U certificate_status
## A supplemental_data
## Z unassigned_handshake_type
## I change_cipher_spec
## B heartbeat
## D application_data
## E end_of_early_data
## O encrypted_extensions
## P key_update
## M message_hash
## J hello_retry_request
## L alert
## Q unknown_content_type
ssl_history: string &log &default="";
};
## The default root CA bundle. By default, the mozilla-ca-list.zeek
@ -145,7 +175,8 @@ const dtls_ports = { 443/udp };
redef likely_server_ports += { ssl_ports, dtls_ports };
event zeek_init() &priority=5
# Priority needs to be higher than priority of zeek_init in ssl/files.zeek
event zeek_init() &priority=6
{
Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl", $policy=log_policy]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports);
@ -161,6 +192,14 @@ function set_session(c: connection)
}
}
function add_to_history(c: connection, is_orig: bool, char: string)
{
if ( is_orig )
c$ssl$ssl_history = c$ssl$ssl_history+to_upper(char);
else
c$ssl$ssl_history = c$ssl$ssl_history+to_lower(char);
}
function delay_log(info: Info, token: string)
{
if ( ! info?$delay_tokens )
@ -295,6 +334,75 @@ event ssl_handshake_message(c: connection, is_orig: bool, msg_type: count, lengt
if ( is_orig && msg_type == SSL::CLIENT_KEY_EXCHANGE )
c$ssl$client_key_exchange_seen = T;
switch ( msg_type )
{
case SSL::HELLO_REQUEST:
add_to_history(c, is_orig, "h");
break;
case SSL::CLIENT_HELLO:
add_to_history(c, is_orig, "c");
break;
case SSL::SERVER_HELLO:
add_to_history(c, is_orig, "s");
break;
case SSL::HELLO_VERIFY_REQUEST:
add_to_history(c, is_orig, "v");
break;
case SSL::SESSION_TICKET:
add_to_history(c, is_orig, "t");
break;
# end of early data
case 5:
add_to_history(c, is_orig, "e");
break;
case SSL::HELLO_RETRY_REQUEST:
add_to_history(c, is_orig, "j");
break;
case SSL::ENCRYPTED_EXTENSIONS:
add_to_history(c, is_orig, "o");
break;
case SSL::CERTIFICATE:
add_to_history(c, is_orig, "x");
break;
case SSL::SERVER_KEY_EXCHANGE:
add_to_history(c, is_orig, "k");
break;
case SSL::CERTIFICATE_REQUEST:
add_to_history(c, is_orig, "r");
break;
case SSL::SERVER_HELLO_DONE:
add_to_history(c, is_orig, "n");
break;
case SSL::CERTIFICATE_VERIFY:
add_to_history(c, is_orig, "y");
break;
case SSL::CLIENT_KEY_EXCHANGE:
add_to_history(c, is_orig, "g");
break;
case SSL::FINISHED:
add_to_history(c, is_orig, "f");
break;
case SSL::CERTIFICATE_URL:
add_to_history(c, is_orig, "w");
break;
case SSL::CERTIFICATE_STATUS:
add_to_history(c, is_orig, "u");
break;
case SSL::SUPPLEMENTAL_DATA:
add_to_history(c, is_orig, "a");
break;
case SSL::KEY_UPDATE:
add_to_history(c, is_orig, "p");
break;
# message hash
case 254:
add_to_history(c, is_orig, "m");
break;
default:
add_to_history(c, is_orig, "z");
break;
}
}
# Extension event is fired _before_ the respective client or server hello.
@ -318,6 +426,7 @@ event ssl_extension(c: connection, is_orig: bool, code: count, val: string) &pri
event ssl_change_cipher_spec(c: connection, is_orig: bool) &priority=5
{
set_session(c);
add_to_history(c, is_orig, "i");
if ( is_orig && c$ssl$client_ticket_empty_session_seen && ! c$ssl$client_key_exchange_seen )
c$ssl$resumed = T;
@ -326,10 +435,17 @@ event ssl_change_cipher_spec(c: connection, is_orig: bool) &priority=5
event ssl_alert(c: connection, is_orig: bool, level: count, desc: count) &priority=5
{
set_session(c);
add_to_history(c, is_orig, "l");
c$ssl$last_alert = alert_descriptions[desc];
}
event ssl_heartbeat(c: connection, is_orig: bool, length: count, heartbeat_type: count, payload_length: count, payload: string)
{
set_session(c);
add_to_history(c, is_orig, "b");
}
event ssl_established(c: connection) &priority=7
{
c$ssl$established = T;

84
scripts/policy/files/x509/disable-certificate-events-known-certs.zeek Normal file
View file

@ -0,0 +1,84 @@
##! This script disables repeat certificate events for hosts for hosts for which the same
##! certificate was seen in the recent past;
##!
##! This script specifically plugs into the event caching mechanism that is set up by the
##! base X509 script certificate-event-cache.zeek. It adds another layer of tracking that
##! checks if the same certificate was seen for the server IP address before, when the same
##! SNI was used to connect. If the certificate is in the event cache and all of these conditions
##! apply, then no certificate related events will be raised.
##!
##! Please note that while this optimization can lead to a considerable reduction of load in some
##! settings, it also means that certain detection scripts that rely on the certificate events being
##! raised do no longer work - since the events will not be raised for all connections.
##!
##! Currently this script only works for X509 certificates that are sent via SSL/TLS connections.
##!
##! If you use any script that requires certificate events for each single connection,
##! you should not load this script.
@load base/protocols/ssl
@load base/files/x509
module DisableX509Events;
## Let's be a bit more generous with the number of certificates that we allow to be put into
## the cache.
redef X509::certificate_cache_max_entries = 100000;
type CacheIndex: record {
## IP address of the server the certificate was seen on.
ip: addr;
## SNI the client sent in the connection
sni: string &optional;
## sha256 of the certificate
sha256: string;
};
redef record SSL::Info += {
## Set to true to force certificate events to always be raised for this connection.
always_raise_x509_events: bool &default=F;
};
redef record X509::Info += {
## Set to true to force certificate events to always be raised for this certificate.
always_raise_x509_events: bool &default=F;
};
global certificate_replay_tracking: set[CacheIndex] &read_expire=X509::certificate_cache_minimum_eviction_interval;
hook X509::x509_certificate_cache_replay(f: fa_file, e: X509::Info, sha256: string) &priority=5
{
# Bail out if x509 is already set - or if the file tells us that we should always raise events.
if ( f$info?$x509 || e$always_raise_x509_events )
return;
local raise_events = F;
# not sure how that could happen - but let's be safe...
if ( |f$conns| == 0 )
return;
for ( c in f$conns )
{
if ( ! f$conns[c]?$ssl )
return;
local test = CacheIndex($ip=f$conns[c]$id$resp_h, $sha256=sha256);
if ( f$conns[c]$ssl?$server_name )
test$sni = f$conns[c]$ssl$server_name;
if ( test !in certificate_replay_tracking || f$conns[c]$ssl$always_raise_x509_events )
{
raise_events = T;
add certificate_replay_tracking[test];
}
}
if ( ! raise_events )
{
# We don't have to raise the events. :).
# Instead we just already set f$x509. That makes the data available to scripts that might need them - and the x509_certificate_cache_replayh
# hook in certificate-event-cache will just abort.
f$info$x509 = e;
}
}

65
scripts/policy/files/x509/log-ocsp.zeek
View file

@ -1,64 +1 @@
##! Enable logging of OCSP responses.
#
# This script is in policy and not loaded by default because OCSP logging
# does not provide a lot of interesting information in most environments.
module OCSP;
export {
redef enum Log::ID += { LOG };
global log_policy: Log::PolicyHook;
## The record type which contains the fields of the OCSP log.
type Info: record {
## Time when the OCSP reply was encountered.
ts: time &log;
## File id of the OCSP reply.
id: string &log;
## Hash algorithm used to generate issuerNameHash and issuerKeyHash.
hashAlgorithm: string &log;
## Hash of the issuer's distingueshed name.
issuerNameHash: string &log;
## Hash of the issuer's public key.
issuerKeyHash: string &log;
## Serial number of the affected certificate.
serialNumber: string &log;
## Status of the affected certificate.
certStatus: string &log;
## Time at which the certificate was revoked.
revoketime: time &log &optional;
## Reason for which the certificate was revoked.
revokereason: string &log &optional;
## The time at which the status being shows is known to have been correct.
thisUpdate: time &log;
## The latest time at which new information about the status of the certificate will be available.
nextUpdate: time &log &optional;
};
## Event that can be handled to access the OCSP record
## as it is sent to the logging framework.
global log_ocsp: event(rec: Info);
}
event zeek_init() &priority=5
{
Log::create_stream(LOG, [$columns=Info, $ev=log_ocsp, $path="ocsp", $policy=log_policy]);
Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
}
event ocsp_response_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string, certStatus: string, revoketime: time, revokereason: string, thisUpdate: time, nextUpdate: time)
{
local wr = OCSP::Info($ts=f$info$ts, $id=f$id, $hashAlgorithm=hashAlgorithm, $issuerNameHash=issuerNameHash,
$issuerKeyHash=issuerKeyHash, $serialNumber=serialNumber, $certStatus=certStatus,
$thisUpdate=thisUpdate);
if ( revokereason != "" )
wr$revokereason = revokereason;
if ( time_to_double(revoketime) != 0 )
wr$revoketime = revoketime;
if ( time_to_double(nextUpdate) != 0 )
wr$nextUpdate = nextUpdate;
Log::write(LOG, wr);
}
@deprecated("Remove in v5.1. OCSP logging is now enabled by default")

2
scripts/policy/frameworks/intel/seen/ssl.zeek
View file

@ -20,7 +20,7 @@ event ssl_established(c: connection)
if ( c$ssl$cert_chain[0]$x509?$certificate && c$ssl$cert_chain[0]$x509$certificate?$cn )
Intel::seen([$indicator=c$ssl$cert_chain[0]$x509$certificate$cn,
$indicator_type=Intel::DOMAIN,
$fuid=c$ssl$cert_chain_fuids[0],
$fuid=c$ssl$cert_chain[0]$fuid,
$conn=c,
$where=X509::IN_CERT]);
}

2
scripts/policy/protocols/ssl/expiring-certs.zeek
View file

@ -42,7 +42,7 @@ event ssl_established(c: connection) &priority=3
! c$ssl$cert_chain[0]?$x509 || ! c$ssl$cert_chain[0]?$sha1 )
return;
local fuid = c$ssl$cert_chain_fuids[0];
local fuid = c$ssl$cert_chain[0]$fuid;
local cert = c$ssl$cert_chain[0]$x509$certificate;
local hash = c$ssl$cert_chain[0]$sha1;

2
scripts/policy/protocols/ssl/extract-certs-pem.zeek
View file

@ -1,3 +1,5 @@
@deprecated "Remove in v5.1. Use log-certs-base64.zeek instead."
##! This script is used to extract host certificates seen on the wire to disk
##! after being converted to PEM files. The certificates will be stored in
##! a single file, one for local certificates and one for remote certificates.

2
scripts/policy/protocols/ssl/known-certs.zeek
View file

@ -172,7 +172,7 @@ event ssl_established(c: connection) &priority=3
if ( ! c$ssl$cert_chain[0]?$x509 )
return;
local fuid = c$ssl$cert_chain_fuids[0];
local fuid = c$ssl$cert_chain[0]$fuid;
if ( ! c$ssl$cert_chain[0]?$sha1 )
{

19
scripts/policy/protocols/ssl/log-certs-base64.zeek Normal file
View file

@ -0,0 +1,19 @@
##! This script is used to extract certificates seen on the wire to Zeek log files.
##! The certificates are base64-encoded and written to ssl.log, to the newly added cert
##! field.
@load base/protocols/ssl
@load base/files/x509
redef record X509::Info += {
## Base64 endoded X.509 certificate.
cert: string &log &optional;
};
event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=1
{
if ( ! f$info?$x509 )
return;
f$info$x509$cert = encode_base64(x509_get_certificate_string(cert_ref));
}

65
scripts/policy/protocols/ssl/log-hostcerts-only.zeek
View file

@ -6,71 +6,8 @@
module X509;
export {
redef record Info += {
## Logging of certificate is suppressed if set to F
logcert: bool &default=T;
};
}
# We need both the Info and the fa_file record modified.
# The only instant when we have both, the connection and the
# file available without having to loop is in the file_over_new_connection
# event.
# When that event is raised, the x509 record in f$info (which is the only
# record the logging framework gets) is not yet available. So - we
# have to do this two times, sorry.
# Alternatively, we could place it info Files::Info first - but we would
# still have to copy it.
redef record fa_file += {
logcert: bool &default=T;
};
hook X509::log_policy(rec: X509::Info, id: Log::ID, filter: Log::Filter)
{
if ( ! rec$logcert )
if ( ! rec$host_cert )
break;
}
event file_sniff(f: fa_file, meta: fa_metadata) &priority=4
{
if ( ( ! f?$conns ) || ( |f$conns| != 1 ) )
return;
if ( ! f?$info || ! f$info?$mime_type )
return;
if ( ! ( f$info$mime_type == "application/x-x509-ca-cert" || f$info$mime_type == "application/x-x509-user-cert"
|| f$info$mime_type == "application/pkix-cert" ) )
return;
local c: connection &is_assigned;
for ( cid, c in f$conns )
{
if ( ! c?$ssl )
return;
}
local chain: vector of string;
if ( f$is_orig )
chain = c$ssl$client_cert_chain_fuids;
else
chain = c$ssl$cert_chain_fuids;
if ( |chain| == 0 )
{
Reporter::warning(fmt("Certificate not in chain? (fuid %s)", f$id));
return;
}
# Check if this is the host certificate
if ( f$id != chain[0] )
f$logcert=F;
}
event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) &priority=2
{
f$info$x509$logcert = f$logcert; # info record available, copy information.
}

2
scripts/policy/protocols/ssl/notary.zeek
View file

@ -1,3 +1,5 @@
@deprecated("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")
@load base/protocols/ssl
module CertNotary;

176
scripts/policy/protocols/ssl/ssl-log-ext.zeek Normal file
View file

@ -0,0 +1,176 @@
##! This file adds a lot of additional information to the SSL log
##! It is not loaded by default since the information significantly expands
##! the log and is probably not interesting for a majority of people.
@load base/protocols/ssl
redef record SSL::Info += {
## Numeric version of the server in the server hello
server_version: count &log &optional;
## Numeric version of the client in the client hello
client_version: count &log &optional;
## Ciphers that were offered by the client for the connection
client_ciphers: vector of count &log &optional;
## SSL Client extensions
ssl_client_exts: vector of count &log &optional;
## SSL server extensions
ssl_server_exts: vector of count &log &optional;
## Suggested ticket lifetime sent in the session ticket handshake
## by the server.
ticket_lifetime_hint: count &log &optional;
## The diffie helman parameter size, when using DH.
dh_param_size: count &log &optional;
## supported elliptic curve point formats
point_formats: vector of count &log &optional;
## The curves supported by the client.
client_curves: vector of count &log &optional;
## Application layer protocol negotiation extension sent by the client.
orig_alpn: vector of string &log &optional;
## TLS 1.3 supported versions
client_supported_versions: vector of count &log &optional;
## TLS 1.3 supported versions
server_supported_version: count &log &optional;
## TLS 1.3 Pre-shared key exchange modes
psk_key_exchange_modes: vector of count &log &optional;
## Key share groups from client hello
client_key_share_groups: vector of count &log &optional;
## Selected key share group from server hello
server_key_share_group: count &log &optional;
## Client supported compression methods
client_comp_methods: vector of count &log &optional;
## Server chosen compression method
comp_method: count &optional;
## Client supported signature algorithms
sigalgs: vector of count &log &optional;
## Client supported hash algorithms
hashalgs: vector of count &log &optional;
};
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
{
if ( ! c?$ssl )
return;
c$ssl$client_ciphers = ciphers;
c$ssl$client_version = version;
c$ssl$client_comp_methods = comp_methods;
}
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
{
if ( ! c?$ssl )
return;
c$ssl$server_version = version;
c$ssl$comp_method = comp_method;
}
event ssl_session_ticket_handshake(c: connection, ticket_lifetime_hint: count, ticket: string)
{
if ( ! c?$ssl )
return;
c$ssl$ticket_lifetime_hint = ticket_lifetime_hint;
}
event ssl_extension(c: connection, is_orig: bool, code: count, val: string)
{
if ( ! c?$ssl )
return;
if ( is_orig )
{
if ( ! c$ssl?$ssl_client_exts )
c$ssl$ssl_client_exts = vector();
c$ssl$ssl_client_exts[|c$ssl$ssl_client_exts|] = code;
}
else
{
if ( ! c$ssl?$ssl_server_exts )
c$ssl$ssl_server_exts = vector();
c$ssl$ssl_server_exts[|c$ssl$ssl_server_exts|] = code;
}
}
event ssl_extension_ec_point_formats(c: connection, is_orig: bool, point_formats: index_vec)
{
if ( ! c?$ssl || ! is_orig )
return;
c$ssl$point_formats = point_formats;
}
event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec)
{
if ( ! c?$ssl || ! is_orig )
return;
c$ssl$client_curves = curves;
}
event ssl_extension_application_layer_protocol_negotiation(c: connection, is_orig: bool, names: string_vec)
{
if ( ! c?$ssl )
return;
if ( is_orig )
c$ssl$orig_alpn = names;
}
event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string)
{
if ( ! c?$ssl )
return;
local key_length = |Ys| * 8; # key length in bits
c$ssl$dh_param_size = key_length;
}
event ssl_extension_supported_versions(c: connection, is_orig: bool, versions: index_vec)
{
if ( ! c?$ssl )
return;
if ( is_orig )
c$ssl$client_supported_versions = versions;
else
c$ssl$server_supported_version = versions[0];
}
event ssl_extension_psk_key_exchange_modes(c: connection, is_orig: bool, modes: index_vec)
{
if ( ! c?$ssl || ! is_orig )
return;
c$ssl$psk_key_exchange_modes = modes;
}
event ssl_extension_key_share(c: connection, is_orig: bool, curves: index_vec)
{
if ( ! c?$ssl )
return;
if ( is_orig )
c$ssl$client_key_share_groups = curves;
else
c$ssl$server_key_share_group = curves[0];
}
event ssl_extension_signature_algorithm(c: connection, is_orig: bool, signature_algorithms: signature_and_hashalgorithm_vec)
{
if ( ! c?$ssl || ! is_orig )
return;
local sigalgs: index_vec = vector();
local hashalgs: index_vec = vector();
for ( i in signature_algorithms )
{
local rec = signature_algorithms[i];
sigalgs[|sigalgs|] = rec$SignatureAlgorithm;
hashalgs[|hashalgs|] = rec$HashAlgorithm;
}
c$ssl$sigalgs = sigalgs;
c$ssl$hashalgs = hashalgs;
}

8
scripts/policy/protocols/ssl/validate-ocsp.zeek
View file

@ -26,7 +26,7 @@ export {
}
# MD5 hash values for recently validated chains along with the OCSP validation
# SHA256 hash values for recently validated chains along with the OCSP validation
# status are kept in this table to avoid constant validation every time the same
# certificate chain is seen.
global recently_ocsp_validated: table[string] of string = table() &read_expire=5mins;
@ -49,7 +49,11 @@ event ssl_established(c: connection) &priority=3
chain[i] = c$ssl$cert_chain[i]$x509$handle;
}
local reply_id = cat(md5_hash(c$ssl$ocsp_response), join_string_vec(c$ssl$cert_chain_fuids, "."));
local chain_fuids = "";
for ( i in c$ssl$cert_chain )
chain_fuids += cat(c$ssl$cert_chain[i]$fuid, ",");
local reply_id = cat(sha256_hash(c$ssl$ocsp_response), chain_fuids);
if ( reply_id in recently_ocsp_validated )
{

2
scripts/policy/protocols/ssl/weak-keys.zeek
View file

@ -55,7 +55,7 @@ event ssl_established(c: connection) &priority=3
! c$ssl$cert_chain[0]?$x509 )
return;
local fuid = c$ssl$cert_chain_fuids[0];
local fuid = c$ssl$cert_chain[0]$fuid;
local cert = c$ssl$cert_chain[0]$x509$certificate;
local hash = c$ssl$cert_chain[0]$sha1;

4
scripts/site/local.zeek
View file

@ -67,10 +67,6 @@ redef digest_salt = "Please change this value.";
# This script prevents the logging of SSL CA certificates in x509.log
@load protocols/ssl/log-hostcerts-only
# Uncomment the following line to check each SSL certificate hash against the ICSI
# certificate notary service; see http://notary.icsi.berkeley.edu .
# @load protocols/ssl/notary
# If you have GeoIP support built in, do some geographic detections and
# logging for SSH traffic.
@load protocols/ssh/geo-data

5
scripts/test-all-policy.zeek
View file

@ -41,6 +41,7 @@
@load frameworks/notice/extend-email/hostnames.zeek
@load files/unified2/__load__.zeek
@load files/unified2/main.zeek
@load files/x509/disable-certificate-events-known-certs.zeek
@load files/x509/log-ocsp.zeek
@load frameworks/packet-filter/shunt.zeek
@load frameworks/software/version-changes.zeek
@ -102,9 +103,11 @@
@load protocols/ssh/interesting-hostnames.zeek
@load protocols/ssh/software.zeek
@load protocols/ssl/expiring-certs.zeek
@load protocols/ssl/extract-certs-pem.zeek
# @load protocols/ssl/extract-certs-pem.zeek
@load protocols/ssl/heartbleed.zeek
@load protocols/ssl/known-certs.zeek
@load protocols/ssl/log-certs-base64.zeek
@load protocols/ssl/ssl-log-ext.zeek
@load protocols/ssl/log-hostcerts-only.zeek
#@load protocols/ssl/notary.zeek
@load protocols/ssl/validate-certs.zeek

1
scripts/zeekygen/__load__.zeek
View file

@ -7,6 +7,7 @@
@load frameworks/files/extract-all-files.zeek
@load policy/misc/dump-events.zeek
@load policy/protocols/conn/speculative-service.zeek
@load policy/protocols/ssl/extract-certs-pem.zeek
@load ./example.zeek

6
src/Val.cc
View file

@ -991,6 +991,12 @@ string StringVal::ToStdString() const
return string((char*)bs->Bytes(), bs->Len());
}
string_view StringVal::ToStdStringView() const
{
auto* bs = AsString();
return string_view((char*)bs->Bytes(), bs->Len());
}
StringVal* StringVal::ToUpper()
{
string_val->ToUpper();

1
src/Val.h
View file

@ -548,6 +548,7 @@ public:
// { return AsString()->ExpandedString(format); }
std::string ToStdString() const;
std::string_view ToStdStringView() const;
StringVal* ToUpper();
const String* Get() const { return string_val; }

3
src/file_analysis/analyzer/x509/X509.cc
View file

@ -361,12 +361,13 @@ void X509::ParseSAN(X509_EXTENSION* ext)
continue;
}
auto len = ASN1_STRING_length(gen->d.ia5);
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
const char* name = (const char*) ASN1_STRING_data(gen->d.ia5);
#else
const char* name = (const char*) ASN1_STRING_get0_data(gen->d.ia5);
#endif
auto bs = make_intrusive<StringVal>(name);
auto bs = make_intrusive<StringVal>(len, name);
switch ( gen->type )
{

180
src/file_analysis/analyzer/x509/functions.bif
View file

@ -134,6 +134,54 @@ const EVP_MD* hash_to_evp(int hash)
}
}
// Check a given hostname against a name given in a cert (SAN, CN) and
// return if they match.
bool check_hostname(std::string_view hostname, std::string_view certname)
{
// let's start with the easy one
if ( hostname == certname )
return true;
// ok, now there is still the chance that it is a wildcard cert.
// We go according to RFC6128 here:
// * wildcards are allowed in the leftmost label
// * wildcards are only compared against the leftmost label
// * the wildcard character may not be the only part of the label (so abc* is ok)
// * we don't accept wildcards in anything lower than the 3rd level, so *.a.top
// Certificates that use something else cannot legitimately be issued and this
// seems to match other implementations.
// first - let's see if the certname contains a wildcard character.
auto wildpos = certname.find('*');
if ( wildpos == std::string::npos )
return false;
// then let's see if certname contains at least two dots, for three levels of domains
auto firstpos = certname.find('.');
if ( firstpos == std::string::npos || certname.find('.', firstpos+1) == std::string::npos)
return false;
// let's see if the wildcard is directly before the first label separator
if ( wildpos + 1 != firstpos )
return false;
// ok, we have chances. Let's see if the hostname portions match
auto host_firstpos = hostname.find('.');
if ( host_firstpos == std::string::npos )
return false;
if ( hostname.substr(host_firstpos) != certname.substr(firstpos) )
return false;
// ok, the hostnames match and we have a wildcard. Let's see if the characters
// before the wildcard do match. If they do - yup, it is a match. If they don't,
// it is not.
if ( wildpos && hostname.substr(0, wildpos) != certname.substr(0, wildpos) )
return false;
return true;
}
%%}
## Parses a certificate into an X509::Certificate structure.
@ -924,3 +972,135 @@ function x509_set_certificate_cache_hit_callback%(f: string_any_file_hook%) : bo
return zeek::val_mgr->True();
%}
## This function checks a hostname against the name given in a certificate subject/SAN, including
## our interpretation of RFC6128 wildcard expansions. This specifically means that wildcards are
## only allowed in the leftmost label, wildcards only span one label, the wildcard has to be the
## last character before the label-separator, but additional characters are allowed before it, and
## the wildcard has to be at least at the third level (so *.a.b).
##
## hostname: Hostname to test
##
## certname: Name given in the CN/SAN of a certificate; wildcards will be expanded
##
## Returns: True if the hostname matches.
##
## .. zeek:see:: x509_check_cert_hostname
function x509_check_hostname%(hostname: string, certname: string%): bool
%{
if ( check_hostname(hostname->ToStdStringView(), certname->ToStdStringView()) )
return zeek::val_mgr->True();
return zeek::val_mgr->False();
%}
## This function checks if a hostname matches one of the hostnames given in the certificate.
##
## For our matching we adhere to RFC6128 for the labels (see :zeek:id:`x509_check_hostname`).
## Furthermore we adhere to RFC2818 and check only the names given in the SAN, if a SAN is present,
## ignoring CNs in the Subject. If no SAN is present, we will use the last CN in the subject
## for our tests.
##
## cert: The X509 certificate opaque handle.
##
## hostname: Hostname to check
##
## Returns: empty string if the hostname does not match; matched name (which can contain wildcards)
## if it did.
##
## .. zeek:see:: x509_check_hostname
function x509_check_cert_hostname%(cert_opaque: opaque of x509, hostname: string%): string
%{
auto* cert_handle = (zeek::file_analysis::detail::X509Val *) cert_opaque;
std::string_view hostview = hostname->ToStdStringView();
X509* cert = cert_handle->GetCertificate();
if ( ! cert )
{
zeek::emit_builtin_error(zeek::util::fmt("No certificate in opaque"));
return zeek::make_intrusive<zeek::StringVal>("");
}
// According to RFC5280 (4.2.1.6) and RFC2818 (3.1), if the SAN is present, the subject
// of the certificate is ignored. Let's start by looking at the SAN.
auto sanpos = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
if ( sanpos > -1 )
{
auto* ex = X509_get_ext(cert, sanpos);
if ( ! ex )
{
zeek::emit_builtin_error(zeek::util::fmt("Could not get SAN from cert"));
return zeek::make_intrusive<zeek::StringVal>("");
}
auto *altname = reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(ex));
if ( ! altname )
{
zeek::emit_builtin_error(zeek::util::fmt("Could not get names from SAN ext"));
return zeek::make_intrusive<zeek::StringVal>("");
}
auto num_names = sk_GENERAL_NAME_num(altname);
for ( int i = 0; i < num_names; i++ )
{
auto *gen = sk_GENERAL_NAME_value(altname, i);
assert(gen);
if ( gen->type != GEN_DNS )
continue;
if ( ASN1_STRING_type(gen->d.ia5) != V_ASN1_IA5STRING )
continue;
std::size_t len = ASN1_STRING_length(gen->d.ia5);
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
auto* name = reinterpret_cast<const char*>(ASN1_STRING_data(gen->d.ia5));
#else
auto* name = reinterpret_cast<const char*>(ASN1_STRING_get0_data(gen->d.ia5));
#endif
std::string_view nameview {name, len};
if ( check_hostname(hostview, nameview) )
{
auto retval = zeek::make_intrusive<zeek::StringVal>(len, name);
GENERAL_NAMES_free(altname);
return retval;
}
}
GENERAL_NAMES_free(altname);
}
else
{
// ok, we have to get the last CN from the Subject. Let's do that.
auto* subject = X509_get_subject_name(cert);
if ( ! subject )
{
zeek::emit_builtin_error(zeek::util::fmt("Could not get certificate subject"));
return zeek::make_intrusive<zeek::StringVal>("");
}
int lastpos = -1;
int found_nid = -1;
while ( ( lastpos = X509_NAME_get_index_by_NID(subject, NID_commonName, lastpos) ) >= 0 )
found_nid = lastpos;
// found CN
if ( found_nid >= 0 )
{
char buf[2048];
BIO *bio = BIO_new(BIO_s_mem());
if ( ! bio )
{
zeek::emit_builtin_error(zeek::util::fmt("Could create bio"));
return zeek::make_intrusive<zeek::StringVal>("");
}
ASN1_STRING_print(bio, X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, found_nid)));
size_t len = BIO_gets(bio, buf, sizeof(buf));
BIO_free(bio);
std::string_view cn {buf, len};
if ( check_hostname(hostview, cn) )
return zeek::make_intrusive<zeek::StringVal>(len, buf);
}
}
return zeek::make_intrusive<zeek::StringVal>("");
%}

19
testing/btest/Baseline/bifs.x509_check_hostname/.stdout Normal file
View file

@ -0,0 +1,19 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
hi, www.zeek.org, F
ww.zeek.org, www.zeek.org, F
www.zeek.org, www.zeek.org, T
www.zeek.org, *, F
www.zeek.org, zeek.org, F
www.zeek.org, *.zeek.org, T
www.zeek.org, a*.zeek.org, F
www.zeek.org, ww*.zeek.org, T
www.zeek.org, wa*.zeek.org, F
www.zeek.org, ww*.leek.com, F
www.zeek.org, *.*.com, F
, , T
www.zeek.org\x00testing, *.zeek.org, F
zeek.org, zeek.org, T
zeek.org, *.org, F
a.b.zeek.org, *.b.zeek.org, T
a.b.zeek.org, *.zeek.org, F
a.b.zeek.org, *.a.zeek.org, F

7
testing/btest/Baseline/coverage.bare-mode-errors/errors
View file

@ -1,2 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
### NOTE: This file has been sorted with diff-sort.
warning in <...>/extract-certs-pem.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:10 "Remove in v5.1. Use log-certs-base64.zeek instead."
warning in <...>/extract-certs-pem.zeek, line 1: deprecated script loaded from command line arguments "Remove in v5.1. Use log-certs-base64.zeek instead."
warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:45 ("Remove in v5.1. OCSP logging is now enabled by default")
warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:45 ("Remove in v5.1. OCSP logging is now enabled by default")
warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from command line arguments ("Remove in v5.1. OCSP logging is now enabled by default")
warning in <...>/notary.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:4 ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")
warning in <...>/notary.zeek, line 1: deprecated script loaded from command line arguments ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")

2
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -355,6 +355,8 @@ scripts/base/init-default.zeek
scripts/base/files/x509/main.zeek
scripts/base/files/hash/__load__.zeek
scripts/base/files/hash/main.zeek
scripts/base/files/x509/certificate-event-cache.zeek
scripts/base/files/x509/log-ocsp.zeek
scripts/base/protocols/http/__load__.zeek
scripts/base/protocols/http/main.zeek
scripts/base/protocols/http/entities.zeek

60
testing/btest/Baseline/plugins.hooks/output
View file

@ -182,6 +182,7 @@
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/pkix-cert)) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/x-x509-ca-cert)) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/x-x509-user-cert)) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_OCSP_REPLY, application/ocsp-response)) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_PE, application/x-dosexec)) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_SHA1, application/pkix-cert)) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_SHA1, application/x-x509-ca-cert)) -> <no result>
@ -226,6 +227,7 @@
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, path=netcontrol_shunt, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (OCSP::LOG, [name=default, writer=Log::WRITER_ASCII, path=ocsp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, path=openflow, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@ -241,6 +243,7 @@
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, path=socks, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssh, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude={issuer,client_subject,subject,client_issuer}, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, path=signatures, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, path=software, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, path=syslog, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@ -258,7 +261,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd, policy=DPD::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy{ if ((F == X509::log_x509_in_files_log) && (X509 in X509::rec$analyzers)) break }])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -> <no result>
@ -271,6 +274,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (OCSP::LOG, [columns=OCSP::Info, ev=OCSP::log_ocsp, path=ocsp, policy=OCSP::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter, policy=PacketFilter::log_policy])) -> <no result>
@ -317,6 +321,7 @@
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (NetControl::SHUNT)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Notice::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (OCSP::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (OpenFlow::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (PE::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (PacketFilter::LOG)) -> <no result>
@ -362,6 +367,7 @@
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (OCSP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@ -377,6 +383,7 @@
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude={issuer,client_subject,subject,client_issuer}, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_filter, <frame>, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@ -407,6 +414,7 @@
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (NetControl::SHUNT, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (Notice::ALARM_LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (Notice::LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (OCSP::LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (OpenFlow::LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (PE::LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (PacketFilter::LOG, default)) -> <no result>
@ -439,7 +447,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd, policy=DPD::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy{ if ((F == X509::log_x509_in_files_log) && (X509 in X509::rec$analyzers)) break }])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -> <no result>
@ -452,6 +460,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (OCSP::LOG, [columns=OCSP::Info, ev=OCSP::log_ocsp, path=ocsp, policy=OCSP::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter, policy=PacketFilter::log_policy])) -> <no result>
@ -474,6 +483,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::get_filter, <frame>, (SSL::LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
@ -567,6 +577,10 @@
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (X509::hash_function, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (X509::known_log_certs_maximum_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (X509::log_x509_in_files_log, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (X509::relog_known_certificates_after, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (default_file_bof_buffer_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (default_file_timeout_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (ignore_checksums_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
@ -797,6 +811,7 @@
0.000000 MetaHookPost LoadFile(0, ./bloom-filter.bif.zeek, <...>/bloom-filter.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./broker, <...>/broker.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./cardinality-counter.bif.zeek, <...>/cardinality-counter.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./certificate-event-cache, <...>/certificate-event-cache.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./comm.bif.zeek, <...>/comm.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./const-dos-error, <...>/const-dos-error.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./const-nt-status, <...>/const-nt-status.zeek) -> -1
@ -823,6 +838,7 @@
0.000000 MetaHookPost LoadFile(0, ./input.bif.zeek, <...>/input.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./last, <...>/last.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./log, <...>/log.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./log-ocsp, <...>/log-ocsp.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./logging.bif.zeek, <...>/logging.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./magic, <...>/magic) -> -1
0.000000 MetaHookPost LoadFile(0, ./main, <...>/main.zeek) -> -1
@ -1215,6 +1231,7 @@
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/pkix-cert))
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/x-x509-ca-cert))
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/x-x509-user-cert))
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_OCSP_REPLY, application/ocsp-response))
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_PE, application/x-dosexec))
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_SHA1, application/pkix-cert))
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_SHA1, application/x-x509-ca-cert))
@ -1259,6 +1276,7 @@
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, path=netcontrol_shunt, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (OCSP::LOG, [name=default, writer=Log::WRITER_ASCII, path=ocsp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, path=openflow, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@ -1274,6 +1292,7 @@
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, path=socks, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssh, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude={issuer,client_subject,subject,client_issuer}, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, path=signatures, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, path=software, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, path=syslog, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@ -1291,7 +1310,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd, policy=DPD::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy{ if ((F == X509::log_x509_in_files_log) && (X509 in X509::rec$analyzers)) break }]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy]))
@ -1304,6 +1323,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (OCSP::LOG, [columns=OCSP::Info, ev=OCSP::log_ocsp, path=ocsp, policy=OCSP::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter, policy=PacketFilter::log_policy]))
@ -1350,6 +1370,7 @@
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (NetControl::SHUNT))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Notice::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (OCSP::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (OpenFlow::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (PE::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (PacketFilter::LOG))
@ -1395,6 +1416,7 @@
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (OCSP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@ -1410,6 +1432,7 @@
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude={issuer,client_subject,subject,client_issuer}, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (Software::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
0.000000 MetaHookPre CallFunction(Log::add_filter, <frame>, (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@ -1440,6 +1463,7 @@
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (NetControl::SHUNT, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (Notice::ALARM_LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (Notice::LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (OCSP::LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (OpenFlow::LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (PE::LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (PacketFilter::LOG, default))
@ -1472,7 +1496,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd, policy=DPD::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy{ if ((F == X509::log_x509_in_files_log) && (X509 in X509::rec$analyzers)) break }]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy]))
@ -1485,6 +1509,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (OCSP::LOG, [columns=OCSP::Info, ev=OCSP::log_ocsp, path=ocsp, policy=OCSP::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter, policy=PacketFilter::log_policy]))
@ -1507,6 +1532,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]))
0.000000 MetaHookPre CallFunction(Log::get_filter, <frame>, (SSL::LOG, default))
0.000000 MetaHookPre CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
@ -1600,6 +1626,10 @@
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (X509::hash_function, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (X509::known_log_certs_maximum_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (X509::log_x509_in_files_log, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (X509::relog_known_certificates_after, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (default_file_bof_buffer_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (default_file_timeout_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (ignore_checksums_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
@ -1830,6 +1860,7 @@
0.000000 MetaHookPre LoadFile(0, ./bloom-filter.bif.zeek, <...>/bloom-filter.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./broker, <...>/broker.zeek)
0.000000 MetaHookPre LoadFile(0, ./cardinality-counter.bif.zeek, <...>/cardinality-counter.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./certificate-event-cache, <...>/certificate-event-cache.zeek)
0.000000 MetaHookPre LoadFile(0, ./comm.bif.zeek, <...>/comm.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./const-dos-error, <...>/const-dos-error.zeek)
0.000000 MetaHookPre LoadFile(0, ./const-nt-status, <...>/const-nt-status.zeek)
@ -1856,6 +1887,7 @@
0.000000 MetaHookPre LoadFile(0, ./input.bif.zeek, <...>/input.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./last, <...>/last.zeek)
0.000000 MetaHookPre LoadFile(0, ./log, <...>/log.zeek)
0.000000 MetaHookPre LoadFile(0, ./log-ocsp, <...>/log-ocsp.zeek)
0.000000 MetaHookPre LoadFile(0, ./logging.bif.zeek, <...>/logging.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./magic, <...>/magic)
0.000000 MetaHookPre LoadFile(0, ./main, <...>/main.zeek)
@ -2247,6 +2279,7 @@
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/pkix-cert)
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-ca-cert)
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-user-cert)
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, application/ocsp-response)
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_PE, application/x-dosexec)
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/pkix-cert)
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/x-x509-ca-cert)
@ -2291,6 +2324,7 @@
0.000000 | HookCallFunction Log::__add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, path=netcontrol_shunt, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(OCSP::LOG, [name=default, writer=Log::WRITER_ASCII, path=ocsp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, path=openflow, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
@ -2306,6 +2340,7 @@
0.000000 | HookCallFunction Log::__add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, path=socks, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssh, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude={issuer,client_subject,subject,client_issuer}, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, path=signatures, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, path=software, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::__add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, path=syslog, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
@ -2323,7 +2358,7 @@
0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])
0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd, policy=DPD::log_policy])
0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])
0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])
0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy{ if ((F == X509::log_x509_in_files_log) && (X509 in X509::rec$analyzers)) break }])
0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])
0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])
0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])
@ -2336,6 +2371,7 @@
0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])
0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm])
0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])
0.000000 | HookCallFunction Log::__create_stream(OCSP::LOG, [columns=OCSP::Info, ev=OCSP::log_ocsp, path=ocsp, policy=OCSP::log_policy])
0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])
0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])
0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter, policy=PacketFilter::log_policy])
@ -2382,6 +2418,7 @@
0.000000 | HookCallFunction Log::add_default_filter(NetControl::SHUNT)
0.000000 | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG)
0.000000 | HookCallFunction Log::add_default_filter(Notice::LOG)
0.000000 | HookCallFunction Log::add_default_filter(OCSP::LOG)
0.000000 | HookCallFunction Log::add_default_filter(OpenFlow::LOG)
0.000000 | HookCallFunction Log::add_default_filter(PE::LOG)
0.000000 | HookCallFunction Log::add_default_filter(PacketFilter::LOG)
@ -2427,6 +2464,7 @@
0.000000 | HookCallFunction Log::add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(OCSP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
@ -2442,6 +2480,7 @@
0.000000 | HookCallFunction Log::add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, path=ssl, path_func=<uninitialized>, include=<uninitialized>, exclude={issuer,client_subject,subject,client_issuer}, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
0.000000 | HookCallFunction Log::add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
@ -2472,6 +2511,7 @@
0.000000 | HookCallFunction Log::add_stream_filters(NetControl::SHUNT, default)
0.000000 | HookCallFunction Log::add_stream_filters(Notice::ALARM_LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(Notice::LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(OCSP::LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(OpenFlow::LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(PE::LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(PacketFilter::LOG, default)
@ -2504,7 +2544,7 @@
0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])
0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd, policy=DPD::log_policy])
0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])
0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])
0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy{ if ((F == X509::log_x509_in_files_log) && (X509 in X509::rec$analyzers)) break }])
0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])
0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])
0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])
@ -2517,6 +2557,7 @@
0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])
0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm])
0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])
0.000000 | HookCallFunction Log::create_stream(OCSP::LOG, [columns=OCSP::Info, ev=OCSP::log_ocsp, path=ocsp, policy=OCSP::log_policy])
0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])
0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])
0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter, policy=PacketFilter::log_policy])
@ -2539,6 +2580,7 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])
0.000000 | HookCallFunction Log::get_filter(SSL::LOG, default)
0.000000 | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG)
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins()
@ -2632,6 +2674,10 @@
0.000000 | HookCallFunction Option::set_change_handler(X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(X509::hash_function, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(X509::known_log_certs_maximum_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(X509::log_x509_in_files_log, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(X509::relog_known_certificates_after, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(default_file_bof_buffer_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(default_file_timeout_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(ignore_checksums_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
@ -2864,6 +2910,7 @@
0.000000 | HookLoadFile ./bloom-filter.bif.zeek <...>/bloom-filter.bif.zeek
0.000000 | HookLoadFile ./broker <...>/broker.zeek
0.000000 | HookLoadFile ./cardinality-counter.bif.zeek <...>/cardinality-counter.bif.zeek
0.000000 | HookLoadFile ./certificate-event-cache <...>/certificate-event-cache.zeek
0.000000 | HookLoadFile ./comm.bif.zeek <...>/comm.bif.zeek
0.000000 | HookLoadFile ./const-dos-error <...>/const-dos-error.zeek
0.000000 | HookLoadFile ./const-nt-status <...>/const-nt-status.zeek
@ -2897,6 +2944,7 @@
0.000000 | HookLoadFile ./last <...>/last.zeek
0.000000 | HookLoadFile ./libmagic <...>/libmagic.sig
0.000000 | HookLoadFile ./log <...>/log.zeek
0.000000 | HookLoadFile ./log-ocsp <...>/log-ocsp.zeek
0.000000 | HookLoadFile ./logging.bif.zeek <...>/logging.bif.zeek
0.000000 | HookLoadFile ./magic <...>/magic
0.000000 | HookLoadFile ./main <...>/main.zeek

10
testing/btest/Baseline/scripts.base.files.x509.1999/x509.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FiKzRk1X0E3PC2gSja 3 339D9ED8E73927C9 CN=imap.gmx.net,emailAddress=server-certs@1und1.de,L=Montabaur,ST=Rhineland-Palatinate,O=1&1 Mail & Media GmbH,C=DE CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - imap.gmx.net,imap.gmx.de - - - F -
XXXXXXXXXX.XXXXXX FnvDHa2zrKUnoJhaX 3 21B6777E8CBD0EA8 CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX FxzRnm1Q98xEWDXsB1 3 26 CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 5
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX e0129ac9d82beb2ad399c85a2d246c0a5376e1094a5410ba9157cc42c3d514c1 3 339D9ED8E73927C9 CN=imap.gmx.net,emailAddress=server-certs@1und1.de,L=Montabaur,ST=Rhineland-Palatinate,O=1&1 Mail & Media GmbH,C=DE CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - imap.gmx.net,imap.gmx.de - - - F - T F
XXXXXXXXXX.XXXXXX 3c80fe6e6a70e12fae2e7c7b289420f10a69e80dcc88847bb9836ff14a20f872 3 21B6777E8CBD0EA8 CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX b6191a50d0c3977f7da99bcdaac86a227daeb9679ec70ba3b0c9d92271c170d3 3 26 CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 5 F F
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.base.files.x509.caching-hook/x509.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FgN3AE3of2TRIqaeQe 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F -
XXXXXXXXXX.XXXXXX Fv2Agc4z5boBOacQi6 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX Ftmyeg2qgI2V38Dt3g 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

16
testing/btest/Baseline/scripts.base.files.x509.caching/x509.log
View file

@ -1,16 +0,0 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FgN3AE3of2TRIqaeQe 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F -
XXXXXXXXXX.XXXXXX Fv2Agc4z5boBOacQi6 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX Ftmyeg2qgI2V38Dt3g 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
XXXXXXXXXX.XXXXXX FUFNf84cduA0IJCp07 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F -
XXXXXXXXXX.XXXXXX F1H4bd2OKGbLPEdHm4 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX Fgsbci2jxFXYMOHOhi 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
#close XXXX-XX-XX-XX-XX-XX

53
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/.stdout Normal file
View file

@ -0,0 +1,53 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com

18
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log Normal file
View file

@ -0,0 +1,18 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert validation_status
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 167.71.55.249 37680 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 167.71.55.249 37682 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 167.71.55.249 37684 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 167.71.55.249 37686 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 167.71.55.249 37688 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 167.71.55.249 37690 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 167.71.55.249 37692 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 167.71.55.249 37694 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
#close XXXX-XX-XX-XX-XX-XX

14
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/x509.log Normal file
View file

@ -0,0 +1,14 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47 3 FD62E14283CA9DF30A00000000DCA0BE CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - www.google.com - - - F - T F
XXXXXXXXXX.XXXXXX 23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522 3 0203BC53596B34C718F5015066 CN=GTS CA 1C3,O=Google Trust Services LLC,C=US CN=GTS Root R1,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 3 77BD0D6CDB36F91AEA210FC4F058D30D CN=GTS Root R1,O=Google Trust Services LLC,C=US CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - F F
XXXXXXXXXX.XXXXXX c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d 3 9AFA430EE8EEE2FF0A00000000DCA0C8 CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey sha256WithRSAEncryption ecdsa 256 - prime256v1 www.google.com - - - F - T F
#close XXXX-XX-XX-XX-XX-XX

39
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/.stdout Normal file
View file

@ -0,0 +1,39 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
x509_certificate, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
Hook for, CN=www.google.com
Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com

18
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log Normal file
View file

@ -0,0 +1,18 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert validation_status
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 167.71.55.249 37680 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 167.71.55.249 37682 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 167.71.55.249 37684 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 167.71.55.249 37686 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 167.71.55.249 37688 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 167.71.55.249 37690 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 167.71.55.249 37692 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 167.71.55.249 37694 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
#close XXXX-XX-XX-XX-XX-XX

14
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/x509.log Normal file
View file

@ -0,0 +1,14 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47 3 FD62E14283CA9DF30A00000000DCA0BE CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - www.google.com - - - F - T F
XXXXXXXXXX.XXXXXX 23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522 3 0203BC53596B34C718F5015066 CN=GTS CA 1C3,O=Google Trust Services LLC,C=US CN=GTS Root R1,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 3 77BD0D6CDB36F91AEA210FC4F058D30D CN=GTS Root R1,O=Google Trust Services LLC,C=US CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - F F
XXXXXXXXXX.XXXXXX c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d 3 9AFA430EE8EEE2FF0A00000000DCA0C8 CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey sha256WithRSAEncryption ecdsa 256 - prime256v1 www.google.com - - - F - T F
#close XXXX-XX-XX-XX-XX-XX

33
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/.stdout Normal file
View file

@ -0,0 +1,33 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com
x509_certificate, CN=www.google.com
x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US
finishing, CN=www.google.com

18
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log Normal file
View file

@ -0,0 +1,18 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert validation_status
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 167.71.55.249 37680 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 167.71.55.249 37682 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 167.71.55.249 37684 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 167.71.55.249 37686 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T CsxknGIti 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) - ok
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 167.71.55.249 37688 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 167.71.55.249 37690 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 167.71.55.249 37692 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 167.71.55.249 37694 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T CsxknGIti c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) T ok
#close XXXX-XX-XX-XX-XX-XX

14
testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/x509.log Normal file
View file

@ -0,0 +1,14 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47 3 FD62E14283CA9DF30A00000000DCA0BE CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - www.google.com - - - F - T F
XXXXXXXXXX.XXXXXX 23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522 3 0203BC53596B34C718F5015066 CN=GTS CA 1C3,O=Google Trust Services LLC,C=US CN=GTS Root R1,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 3 77BD0D6CDB36F91AEA210FC4F058D30D CN=GTS Root R1,O=Google Trust Services LLC,C=US CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - F F
XXXXXXXXXX.XXXXXX c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d 3 9AFA430EE8EEE2FF0A00000000DCA0C8 CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey sha256WithRSAEncryption ecdsa 256 - prime256v1 www.google.com - - - F - T F
#close XXXX-XX-XX-XX-XX-XX

0
testing/btest/Baseline/scripts.base.files.x509.caching/.stdout → testing/btest/Baseline/scripts.base.files.x509.event-caching/.stdout
View file

16
testing/btest/Baseline/scripts.base.files.x509.event-caching/x509.log Normal file
View file

@ -0,0 +1,16 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
XXXXXXXXXX.XXXXXX 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

16
testing/btest/Baseline/scripts.base.files.x509.files/files.log Normal file
View file

@ -0,0 +1,16 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path files
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string
XXXXXXXXXX.XXXXXX FgN3AE3of2TRIqaeQe 74.125.239.129 192.168.4.149 CHhAvVGS1DHFjwGM9 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-user-cert - 0.000000 - F 1859 - 0 0 F - 7af07aca6d5c6e8e87fe4bb34786edc0 548b9e03bc183d1cd39f93a37985cb3950f8f06f 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
XXXXXXXXXX.XXXXXX Fv2Agc4z5boBOacQi6 74.125.239.129 192.168.4.149 CHhAvVGS1DHFjwGM9 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 - F 1032 - 0 0 F - 9e4ac96474245129d9766700412a1f89 d83c1a7f4d0446bb2081b81a1670f8183451ca24 a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
XXXXXXXXXX.XXXXXX Ftmyeg2qgI2V38Dt3g 74.125.239.129 192.168.4.149 CHhAvVGS1DHFjwGM9 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 - F 897 - 0 0 F - 2e7db2a31d0e3da4b25f49b9542a2e1a 7359755c6df9a0abc3060bce369564c8ec4542a3 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
XXXXXXXXXX.XXXXXX FUFNf84cduA0IJCp07 74.125.239.129 192.168.4.149 ClEkJM2Vm5giqnMf4h SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-user-cert - 0.000000 - F 1859 - 0 0 F - 7af07aca6d5c6e8e87fe4bb34786edc0 548b9e03bc183d1cd39f93a37985cb3950f8f06f 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
XXXXXXXXXX.XXXXXX F1H4bd2OKGbLPEdHm4 74.125.239.129 192.168.4.149 ClEkJM2Vm5giqnMf4h SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 - F 1032 - 0 0 F - 9e4ac96474245129d9766700412a1f89 d83c1a7f4d0446bb2081b81a1670f8183451ca24 a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
XXXXXXXXXX.XXXXXX Fgsbci2jxFXYMOHOhi 74.125.239.129 192.168.4.149 ClEkJM2Vm5giqnMf4h SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 - F 897 - 0 0 F - 2e7db2a31d0e3da4b25f49b9542a2e1a 7359755c6df9a0abc3060bce369564c8ec4542a3 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
#close XXXX-XX-XX-XX-XX-XX

13
testing/btest/Baseline/scripts.base.files.x509.log-caching-cluster/manager-1.x509.log Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad 3 1E58FDC12DE4C703 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

16
testing/btest/Baseline/scripts.base.files.x509.log-caching-disabled-cluster/manager-1.x509.log Normal file
View file

@ -0,0 +1,16 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad 3 1E58FDC12DE4C703 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
XXXXXXXXXX.XXXXXX a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad 3 1E58FDC12DE4C703 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

13
testing/btest/Baseline/scripts.base.files.x509.log-caching/x509.log Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

41
testing/btest/Baseline/scripts.base.files.x509.x509_check_cert_hostname/.stdout Normal file
View file

@ -0,0 +1,41 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, www.google.com, *.google.com
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, www.zeek.org,
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, hello.android.com, *.android.com
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, g.co, g.co
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, Google Internet Authority G2,
CN=Google Internet Authority G2,O=Google Inc,C=US, www.google.com,
CN=Google Internet Authority G2,O=Google Inc,C=US, www.zeek.org,
CN=Google Internet Authority G2,O=Google Inc,C=US, hello.android.com,
CN=Google Internet Authority G2,O=Google Inc,C=US, g.co,
CN=Google Internet Authority G2,O=Google Inc,C=US, Google Internet Authority G2, Google Internet Authority G2
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, www.google.com,
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, www.zeek.org,
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, hello.android.com,
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, g.co,
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, Google Internet Authority G2,
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, www.google.com, *.google.com
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, www.zeek.org,
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, hello.android.com, *.android.com
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, g.co, g.co
CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US, Google Internet Authority G2,
CN=Google Internet Authority G2,O=Google Inc,C=US, www.google.com,
CN=Google Internet Authority G2,O=Google Inc,C=US, www.zeek.org,
CN=Google Internet Authority G2,O=Google Inc,C=US, hello.android.com,
CN=Google Internet Authority G2,O=Google Inc,C=US, g.co,
CN=Google Internet Authority G2,O=Google Inc,C=US, Google Internet Authority G2, Google Internet Authority G2
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, www.google.com,
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, www.zeek.org,
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, hello.android.com,
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, g.co,
CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, Google Internet Authority G2,
CN=Bro, Bro,
CN=Bro, Broo,
CN=Bro, www.zeek.org,
CN=Bro, 9566.alt.helloIamADomain.example, 9566.alt.helloIamADomain.example
CN=WIN2K8R2.awakecoding.ath.cx, WIN2K8R2.awakecoding.ath.cx, WIN2K8R2.awakecoding.ath.cx
CN=WIN2K8R2.awakecoding.ath.cx, awakecoding.ath.cx,
CN=WIN2K8R2.awakecoding.ath.cx, www.zeek.org,
CN=WIN2K8R2.awakecoding.ath.cx, WIN2K8R2.awakecoding.ath.cx, WIN2K8R2.awakecoding.ath.cx
CN=WIN2K8R2.awakecoding.ath.cx, awakecoding.ath.cx,
CN=WIN2K8R2.awakecoding.ath.cx, www.zeek.org,

8
testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - F - - T FS3GCrKFCFYRi9Jn6,FDNCTk15YjwzJ3izUh F3J6SS11dKh9CN00gk,FSZY6n3yBpcaK5xwMg,Fd7vCh3x3aBbtg4gHa CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 TLSv10 TLS_RSA_WITH_NULL_SHA - - F - - T FtUqZH3vHH0xjf1VIg,FZGq83prjw1thEZji,FOdXYZ1LoCapwJwZrb,F4Qpgi4EQhI35oscyj FLarS62nJnQPwy0HVc,FkwRAg2kSuzt2Kzyj9,FbXa36Tcr1aM7wMT9 CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - F - - T CsxrnXGYIti 5d3015916579d36adff0d813c94ab4354cd9ed3d23646b40e4d137b79c77c860,8c8262a5531c85a9fab982301884d7efac0f3ec965fc4c13da960aea713e05df cffb0cdf02d664b3e19c1ce6c4c26aa5215f42c39dfc6759369db03d01b18cee,be4493543bdc5d1430071e8991abc128d143a315f1406fdce6d811269d0801fa,8c8262a5531c85a9fab982301884d7efac0f3ec965fc4c13da960aea713e05df -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 TLSv10 TLS_RSA_WITH_NULL_SHA - - F - - T CsxrnXGYIti 804250d78e23ddbc68115d7b9193501288ba59b63560793849f133a543246355,cffb0cdf02d664b3e19c1ce6c4c26aa5215f42c39dfc6759369db03d01b18cee,be4493543bdc5d1430071e8991abc128d143a315f1406fdce6d811269d0801fa,8c8262a5531c85a9fab982301884d7efac0f3ec965fc4c13da960aea713e05df cffb0cdf02d664b3e19c1ce6c4c26aa5215f42c39dfc6759369db03d01b18cee,be4493543bdc5d1430071e8991abc128d143a315f1406fdce6d811269d0801fa,8c8262a5531c85a9fab982301884d7efac0f3ec965fc4c13da960aea713e05df -
#close XXXX-XX-XX-XX-XX-XX

28
testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log
View file

@ -5,18 +5,18 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FS3GCrKFCFYRi9Jn6 3 01 CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - -
XXXXXXXXXX.XXXXXX FDNCTk15YjwzJ3izUh 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T -
XXXXXXXXXX.XXXXXX F3J6SS11dKh9CN00gk 3 36B07110 CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - -
XXXXXXXXXX.XXXXXX FSZY6n3yBpcaK5xwMg 3 02 CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - -
XXXXXXXXXX.XXXXXX Fd7vCh3x3aBbtg4gHa 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T -
XXXXXXXXXX.XXXXXX FtUqZH3vHH0xjf1VIg 3 3792E385 CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - -
XXXXXXXXXX.XXXXXX FZGq83prjw1thEZji 3 36B07110 CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - -
XXXXXXXXXX.XXXXXX FOdXYZ1LoCapwJwZrb 3 02 CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - -
XXXXXXXXXX.XXXXXX F4Qpgi4EQhI35oscyj 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T -
XXXXXXXXXX.XXXXXX FLarS62nJnQPwy0HVc 3 36B07110 CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - -
XXXXXXXXXX.XXXXXX FkwRAg2kSuzt2Kzyj9 3 02 CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - -
XXXXXXXXXX.XXXXXX FbXa36Tcr1aM7wMT9 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 5d3015916579d36adff0d813c94ab4354cd9ed3d23646b40e4d137b79c77c860 3 01 CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - - T F
XXXXXXXXXX.XXXXXX 8c8262a5531c85a9fab982301884d7efac0f3ec965fc4c13da960aea713e05df 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T - F F
XXXXXXXXXX.XXXXXX cffb0cdf02d664b3e19c1ce6c4c26aa5215f42c39dfc6759369db03d01b18cee 3 36B07110 CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - - T T
XXXXXXXXXX.XXXXXX be4493543bdc5d1430071e8991abc128d143a315f1406fdce6d811269d0801fa 3 02 CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - - F T
XXXXXXXXXX.XXXXXX 8c8262a5531c85a9fab982301884d7efac0f3ec965fc4c13da960aea713e05df 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T - F T
XXXXXXXXXX.XXXXXX 804250d78e23ddbc68115d7b9193501288ba59b63560793849f133a543246355 3 3792E385 CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - - T F
XXXXXXXXXX.XXXXXX cffb0cdf02d664b3e19c1ce6c4c26aa5215f42c39dfc6759369db03d01b18cee 3 36B07110 CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - - F F
XXXXXXXXXX.XXXXXX be4493543bdc5d1430071e8991abc128d143a315f1406fdce6d811269d0801fa 3 02 CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - - F F
XXXXXXXXXX.XXXXXX 8c8262a5531c85a9fab982301884d7efac0f3ec965fc4c13da960aea713e05df 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T - F F
XXXXXXXXXX.XXXXXX cffb0cdf02d664b3e19c1ce6c4c26aa5215f42c39dfc6759369db03d01b18cee 3 36B07110 CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - - T T
XXXXXXXXXX.XXXXXX be4493543bdc5d1430071e8991abc128d143a315f1406fdce6d811269d0801fa 3 02 CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - - F T
XXXXXXXXXX.XXXXXX 8c8262a5531c85a9fab982301884d7efac0f3ec965fc4c13da960aea713e05df 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T - F T
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.imap.starttls/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.53 49640 212.227.17.186 143 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T FnTdv13VPaQJ9ggGWc,FfuxJB2xxRqUGn95Uf,FiuziV1H97yM2ooWD3 (empty) CN=imap.gmx.net,emailAddress=server-certs@1und1.de,L=Montabaur,ST=Rhineland-Palatinate,O=1&1 Mail & Media GmbH,C=DE CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps subject issuer sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] string string bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.53 49640 212.227.17.186 143 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CsxknGIi e0129ac9d82beb2ad399c85a2d246c0a5376e1094a5410ba9157cc42c3d514c1,3c80fe6e6a70e12fae2e7c7b289420f10a69e80dcc88847bb9836ff14a20f872,b6191a50d0c3977f7da99bcdaac86a227daeb9679ec70ba3b0c9d92271c170d3 (empty) CN=imap.gmx.net,emailAddress=server-certs@1und1.de,L=Montabaur,ST=Rhineland-Palatinate,O=1&1 Mail & Media GmbH,C=DE CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE -
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.base.protocols.imap.starttls/x509.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FnTdv13VPaQJ9ggGWc 3 339D9ED8E73927C9 CN=imap.gmx.net,emailAddress=server-certs@1und1.de,L=Montabaur,ST=Rhineland-Palatinate,O=1&1 Mail & Media GmbH,C=DE CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - imap.gmx.net,imap.gmx.de - - - F -
XXXXXXXXXX.XXXXXX FfuxJB2xxRqUGn95Uf 3 21B6777E8CBD0EA8 CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX FiuziV1H97yM2ooWD3 3 26 CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 5
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX e0129ac9d82beb2ad399c85a2d246c0a5376e1094a5410ba9157cc42c3d514c1 3 339D9ED8E73927C9 CN=imap.gmx.net,emailAddress=server-certs@1und1.de,L=Montabaur,ST=Rhineland-Palatinate,O=1&1 Mail & Media GmbH,C=DE CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - imap.gmx.net,imap.gmx.de - - - F - T F
XXXXXXXXXX.XXXXXX 3c80fe6e6a70e12fae2e7c7b289420f10a69e80dcc88847bb9836ff14a20f872 3 21B6777E8CBD0EA8 CN=TeleSec ServerPass DE-1,street=Untere Industriestr. 20,L=Netphen,postalCode=57250,ST=NRW,OU=T-Systems Trust Center,O=T-Systems International GmbH,C=DE CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX b6191a50d0c3977f7da99bcdaac86a227daeb9679ec70ba3b0c9d92271c170d3 3 26 CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 5 F F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.irc.starttls/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 203.143.168.47 55123 185.18.76.170 6667 TLSv12 TLS_RSA_WITH_AES_256_GCM_SHA384 - - F - - T FQAtrF2OWGsMUe1Hfi (empty) CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 203.143.168.47 55123 185.18.76.170 6667 TLSv12 TLS_RSA_WITH_AES_256_GCM_SHA384 - - F - - T CsxrnXGIti a111545f954961d71c1bc8996b623ee8794d54ff0e25c645dcd8ab4f6f045954 (empty) -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.irc.starttls/x509.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FQAtrF2OWGsMUe1Hfi 3 F9435743EF353D9E CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX a111545f954961d71c1bc8996b623ee8794d54ff0e25c645dcd8ab4f6f045954 3 F9435743EF353D9E CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - T F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.pop3.starttls/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 54775 192.168.4.149 110 TLSv12 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - - F - - T FlaNcbNMPGIwOZQ43 (empty) emailAddress=postmaster@lilawelt.de,CN=chimaera.lilawelt.de,OU=Servers,O=Lilawelt,L=Munich,C=DE emailAddress=postmaster@lilawelt.de,CN=Lilawelt,OU=Lilawelt CA,O=Lilawelt,L=Munich,C=DE - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 54775 192.168.4.149 110 TLSv12 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - - F - - T CsxkrnXGIti 5f262710f31214ecdb6ffbfe4b45a8d1c7042e7c87c3eae9bc317035dafeb7ac (empty) -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.pop3.starttls/x509.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FlaNcbNMPGIwOZQ43 3 01 emailAddress=postmaster@lilawelt.de,CN=chimaera.lilawelt.de,OU=Servers,O=Lilawelt,L=Munich,C=DE emailAddress=postmaster@lilawelt.de,CN=Lilawelt,OU=Lilawelt CA,O=Lilawelt,L=Munich,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption md5WithRSAEncryption rsa 2048 65537 - - - - - F -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 5f262710f31214ecdb6ffbfe4b45a8d1c7042e7c87c3eae9bc317035dafeb7ac 3 01 emailAddress=postmaster@lilawelt.de,CN=chimaera.lilawelt.de,OU=Servers,O=Lilawelt,L=Munich,C=DE emailAddress=postmaster@lilawelt.de,CN=Lilawelt,OU=Lilawelt CA,O=Lilawelt,L=Munich,C=DE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption md5WithRSAEncryption rsa 2048 65537 - - - - - F - T F
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/ssl.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.200 49206 192.168.1.150 3389 TLSv10 TLS_RSA_WITH_AES_128_CBC_SHA - 192.168.1.150 F - - T FD3Z4ql82LNfussAf (empty) CN=WIN2K8R2.awakecoding.ath.cx CN=WIN2K8R2.awakecoding.ath.cx - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.1.200 49207 192.168.1.150 3389 TLSv10 TLS_RSA_WITH_AES_128_CBC_SHA - 192.168.1.150 F - - T FCsHch2NvQTl3wSQZk (empty) CN=WIN2K8R2.awakecoding.ath.cx CN=WIN2K8R2.awakecoding.ath.cx - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps subject issuer sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] string string bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.200 49206 192.168.1.150 3389 TLSv10 TLS_RSA_WITH_AES_128_CBC_SHA - 192.168.1.150 F - - T CsxnGIi a5b05d2ae076130aa41060f53ecd72bdf864ea0179250e927549c94d5ab2499a (empty) CN=WIN2K8R2.awakecoding.ath.cx CN=WIN2K8R2.awakecoding.ath.cx F
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.1.200 49207 192.168.1.150 3389 TLSv10 TLS_RSA_WITH_AES_128_CBC_SHA - 192.168.1.150 F - - T CsxnGIi a5b05d2ae076130aa41060f53ecd72bdf864ea0179250e927549c94d5ab2499a (empty) CN=WIN2K8R2.awakecoding.ath.cx CN=WIN2K8R2.awakecoding.ath.cx F
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX F8CoT71x4LLv4MHPIc 3 59EB28CB02B1A0D4 L=TURNBKL+CN=SERVR L=TURNBKL+CN=SERVR XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSA x x x x - - - - T 0
XXXXXXXXXX.XXXXXX F8CoT71x4LLv4MHPIc 3 0100000001 serialNumber=1BcKefYSF97EvkaiCqahPY8uPd0=\\0D\\0A+L=ncalrpc:SERVR+CN=ncalrpc:SERVR L=TURNBKL+CN=SERVR XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX md5WithRSAEncryption sha1WithRSA x x x x - - - - - -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX e3859c4a77098a7b84589e0cb1171662d15699fc84c19d3421f7d52dc0dc59c9 3 59EB28CB02B1A0D4 L=TURNBKL+CN=SERVR L=TURNBKL+CN=SERVR XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSA x x x x - - - - T 0 T F
XXXXXXXXXX.XXXXXX bd97671306086c3393a1bd835340a68043557a7ae131b8ee72f4d015287024ba 3 0100000001 serialNumber=1BcKefYSF97EvkaiCqahPY8uPd0=\\0D\\0A+L=ncalrpc:SERVR+CN=ncalrpc:SERVR L=TURNBKL+CN=SERVR XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX md5WithRSAEncryption sha1WithRSA x x x x - - - - - - T F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.smtp.starttls/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 54170 74.125.142.26 25 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 secp256r1 - F - - T FkutPm1XYTn1xvzoG4,FrjZbCIWZJ1n5SXOb,FKJson3rFI6xiNOrN1 (empty) CN=mx.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 54170 74.125.142.26 25 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 secp256r1 - F - - T CsxknGIti 4f0a1ac1c6e873c8805fe2fc56c7aac77025f1dcbbbf907e768f1ec88c3485db,a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) -
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.base.protocols.smtp.starttls/x509.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FkutPm1XYTn1xvzoG4 3 325D8297987D50B0 CN=mx.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - aspmx.l.google.com,alt1.aspmx.l.google.com,alt2.aspmx.l.google.com,alt3.aspmx.l.google.com,alt4.aspmx.l.google.com,gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmr-smtp-in.l.google.com,alt1.gmr-smtp-in.l.google.com,alt2.gmr-smtp-in.l.google.com,alt3.gmr-smtp-in.l.google.com,alt4.gmr-smtp-in.l.google.com,mx.google.com,aspmx2.googlemail.com,aspmx3.googlemail.com,aspmx4.googlemail.com,aspmx5.googlemail.com - - - F -
XXXXXXXXXX.XXXXXX FrjZbCIWZJ1n5SXOb 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX FKJson3rFI6xiNOrN1 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 4f0a1ac1c6e873c8805fe2fc56c7aac77025f1dcbbbf907e768f1ec88c3485db 3 325D8297987D50B0 CN=mx.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - aspmx.l.google.com,alt1.aspmx.l.google.com,alt2.aspmx.l.google.com,alt3.aspmx.l.google.com,alt4.aspmx.l.google.com,gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmr-smtp-in.l.google.com,alt1.gmr-smtp-in.l.google.com,alt2.gmr-smtp-in.l.google.com,alt3.gmr-smtp-in.l.google.com,alt4.gmr-smtp-in.l.google.com,mx.google.com,aspmx2.googlemail.com,aspmx3.googlemail.com,aspmx4.googlemail.com,aspmx5.googlemail.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA secp256r1 ssl.gstatic.com F - - T FHRcwD4vPs7uj2D7m6,FjrkUT3ceLKRNN1Tnb (empty) CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA secp256r1 ssl.gstatic.com F - - T CsxknGIti a580247a25324adf4add5af648de4ac5798030dfd622f26a5f2280d7528ae244,250da2691be97c9a33ceef7e311c14fb01846e058a99cea9bd1125bd25a0cad5 (empty) T
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.base.protocols.ssl.basic/x509.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FHRcwD4vPs7uj2D7m6 3 36F5DA5300000000505E CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - *.gstatic.com,gstatic.com,*.metric.gstatic.com - - - - -
XXXXXXXXXX.XXXXXX FjrkUT3ceLKRNN1Tnb 3 0B6771 CN=Google Internet Authority,O=Google Inc,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T 0
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX a580247a25324adf4add5af648de4ac5798030dfd622f26a5f2280d7528ae244 3 36F5DA5300000000505E CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - *.gstatic.com,gstatic.com,*.metric.gstatic.com - - - - - T F
XXXXXXXXXX.XXXXXX 250da2691be97c9a33ceef7e311c14fb01846e058a99cea9bd1125bd25a0cad5 3 0B6771 CN=Google Internet Authority,O=Google Inc,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T 0 F F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.cve-2015-3194/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.74 52122 104.236.167.107 4433 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T FBue091jFrvGLH6dW2 (empty) CN=bro.org,L=Berkeley,ST=CA,C=US CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US - - certificate signature failure
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert validation_status
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.74 52122 104.236.167.107 4433 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CsxknGIti 81a29a60dfcea4e4e9e80dd277c1384b002db8601afc57bca2c2ef1377fd9872 (empty) - certificate signature failure
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.dhe/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - F - - T FmFGtr3wNWQWvnwCwj,FR6dZX1ZogBkdGLQD1 (empty) emailAddress=denicadmmail@arcor.de,CN=www.lilawelt.net,C=US CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - F - - T CsxknGIti b706ad178447821cc60aca1e0cd59697333a6178fd1c73f839fbdfb5b76bc507,cb2db573610f401e8d602917bbbe6ab4162255f208efad909d5440691aa0203c (empty) -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.dtls-stun-dpd/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.82 51462 74.201.205.9 43044 DTLSv10 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T FVs2rdZM9gwWRYkPj F82olM1docw7F681c7 CN=mantis.tokbox.com,O=Tokbox,L=San Francisco,ST=California,C=US CN=mantis.tokbox.com,O=Tokbox,L=San Francisco,ST=California,C=US CN=a CN=a
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps subject issuer client_subject client_issuer sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] string string string string bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.82 51462 74.201.205.9 43044 DTLSv10 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T cSXKRNxgyiI d0f7ee6396c98da4e74888006af667bfeaecc8cd1babb67e900558a9bd649b9f 968126882d68eb80b03392edb9cce7260eec15a04b206ddfb5231449b5aaaa2f CN=mantis.tokbox.com,O=Tokbox,L=San Francisco,ST=California,C=US CN=mantis.tokbox.com,O=Tokbox,L=San Francisco,ST=California,C=US CN=a CN=a -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T F9ImFdxcpyKCgRgp2 (empty) CN=bro CN=bro - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T CvCsxknGIti 32e63ffcf5111a3a6337aa00d5186f6d475e962e9400a1dd8ad6eb4a3e177964 (empty) -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl1_2.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T F9SU1s24sf1PTQnPOg (empty) O=Internet Widgits Pty Ltd,ST=Some-State,C=AU O=Internet Widgits Pty Ltd,ST=Some-State,C=AU - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CvCsxknGIti 6f5446a5b23f4e73925de5e6629c09b1c61ed66537d6d8a7818750c9cd0a67d7 (empty) -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x509.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX F9ImFdxcpyKCgRgp2 3 E8E48E456C32945F CN=bro CN=bro XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 32e63ffcf5111a3a6337aa00d5186f6d475e962e9400a1dd8ad6eb4a3e177964 3 E8E48E456C32945F CN=bro CN=bro XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - T F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x5091_2.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX F9SU1s24sf1PTQnPOg 3 87AAFFBCA26E44BF O=Internet Widgits Pty Ltd,ST=Some-State,C=AU O=Internet Widgits Pty Ltd,ST=Some-State,C=AU XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 6f5446a5b23f4e73925de5e6629c09b1c61ed66537d6d8a7818750c9cd0a67d7 3 87AAFFBCA26E44BF O=Internet Widgits Pty Ltd,ST=Some-State,C=AU O=Internet Widgits Pty Ltd,ST=Some-State,C=AU XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T - T F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T FQkXl67dfqqYWGNef,FU197f2xUNBp3Gdxgh,FUNbwU3rQu8iXkAD48 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T CsxknGIti a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad,a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) -
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/x509.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FQkXl67dfqqYWGNef 3 1E58FDC12DE4C703 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F -
XXXXXXXXXX.XXXXXX FU197f2xUNBp3Gdxgh 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX FUNbwU3rQu8iXkAD48 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad 3 1E58FDC12DE4C703 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.ecdsa/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 49422 23.92.19.75 443 TLSv12 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 secp384r1 - F - - T FMSZyB2PMaf4sHLjE1,FIc15qZguv5S0Mlna (empty) CN=pantz.org,OU=PositiveSSL,OU=Domain Control Validated CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 49422 23.92.19.75 443 TLSv12 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 secp384r1 - F - - T CsxknGIti 11db6d4f6e4df14cec874b9d4a306c64c282dacbd479788ee0510b2c99382dc4,7e32368e24a2cc48d3d29e883b260e40ceda22af97189c78fc5b928484e9a010 (empty) -
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.base.protocols.ssl.ecdsa/x509.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FMSZyB2PMaf4sHLjE1 3 F0AFBBF558BF4D1B71FED9CB33793EE4 CN=pantz.org,OU=PositiveSSL,OU=Domain Control Validated CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey ecdsa-with-SHA256 ecdsa 384 - secp384r1 pantz.org,www.pantz.org - - - F -
XXXXXXXXXX.XXXXXX FIc15qZguv5S0Mlna 3 510601E63B50673C55EE4E19DA304CA8 CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey ecdsa-with-SHA384 ecdsa 256 - prime256v1 - - - - T 0
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 11db6d4f6e4df14cec874b9d4a306c64c282dacbd479788ee0510b2c99382dc4 3 F0AFBBF558BF4D1B71FED9CB33793EE4 CN=pantz.org,OU=PositiveSSL,OU=Domain Control Validated CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey ecdsa-with-SHA256 ecdsa 384 - secp384r1 pantz.org,www.pantz.org - - - F - T F
XXXXXXXXXX.XXXXXX 7e32368e24a2cc48d3d29e883b260e40ceda22af97189c78fc5b928484e9a010 3 510601E63B50673C55EE4E19DA304CA8 CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey ecdsa-with-SHA384 ecdsa 256 - prime256v1 - - - - T 0 F F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.fragment/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 61454 104.236.167.107 4433 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 secp256r1 104.236.167.107 F - - F FIZJd734MoIimmbIH9 (empty) - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps subject issuer client_subject client_issuer sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] string string string string bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 61454 104.236.167.107 4433 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 secp256r1 104.236.167.107 F - - F Csxkn af4a46e989dc24078ee2a205490856e059e7f2f9d2114cec4d4c44974add9d34 (empty) CN=Bro CN=Bro - - F
#close XXXX-XX-XX-XX-XX-XX

40
testing/btest/Baseline/scripts.base.protocols.ssl.keyexchange/ssl-all.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - F - - T FmFGtr3wNWQWvnwCwj,FR6dZX1ZogBkdGLQD1 (empty) emailAddress=denicadmmail@arcor.de,CN=www.lilawelt.net,C=US CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL - - TLSv10 1f7f8ae4d8dd45f31ed2e158f5f9ee676b7cb2c92585d8a3e1c2da7e TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv12 535c4db35c3660849d1ba4081e9c5863f11c64233c045d58380ea393bdca5322 bbbc2dcad84674907c43fcf580e9cfdbd958a3f568b42d4b08eed4eb0fb3504c6c030276e710800c5ccbbaa8922614c5beeca565a5fdf1d287a2bc049be6778060e91a92a757e3048f68b076f7d36cc8f29ba5df81dc2ca725ece66270cc9a5035d8ceceef9ea0274a63ab1e58fafd4988d0f65d146757da071df045cfe16b9b 02 af5e4cde6c7ac4ad3f62f9df82e6a378a1c80fccf26abcbd13120339707baae172c0381abde73c3d607c14706bb8ab4d09dd39c5961ea86114c37f6b803554925a3e4c64c54ed1ba171e52f97fa2df2ef7e52725c62635e4c3ab625a018bfa75b266446f24b8e0c13dcc258db35b52e8ed5add68ca54de905395304cf3e1eeac - 1 6 18fd31815d4c5316d23bddb61ada198272ffa76ab0a4f7505b2a232150bd79874a9e5aabd7e39aef8cccdd2eba9cfcef6cc77842c7b359899b976f930e671d9308c3a07eeb6eaf1411a4c91a3523e4a8a4ccf523df2b70d56da5173e862643ad894495f14a94bda7115cedda87d520e524f917197dec625ffa1283d156e39f2daa49424a42aba2e0d0e43ebd537f348db770fe6c901a17432c7dd1a9146a2039c383f293cab5b04cb653332454883396863dd419b63745cc65bfc905c06a5d4283f5ff33a1d59584610293a1b08da9a6884c8e67675568e2c357b3d040350694c8b1c74c4be16e76eafeb8efe69dc501154fd36347d04ffc0c6e9a5646a1902a c3d48226a8f94d3bbb49918ac02187493258e74e - 0080545ca1e5a9978e411a23f7ce3b50d2919cb7da2dfd4c97d1dd20db9535d6240b684751b08845d44b780750371c5f229903cf59216bcfbe255de370f9a801177fa0dd11061a0173cd7fe4d740e3a74cc594a8c2510d03039126388730c2c73ca0db5fdad2a2021e9ea025b86dc0ba87aea5629246a4cf0f98726fcda9c89d4483 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - F - - T CsxknGIti b706ad178447821cc60aca1e0cd59697333a6178fd1c73f839fbdfb5b76bc507,cb2db573610f401e8d602917bbbe6ab4162255f208efad909d5440691aa0203c (empty) - TLSv10 1f7f8ae4d8dd45f31ed2e158f5f9ee676b7cb2c92585d8a3e1c2da7e TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv12 535c4db35c3660849d1ba4081e9c5863f11c64233c045d58380ea393bdca5322 bbbc2dcad84674907c43fcf580e9cfdbd958a3f568b42d4b08eed4eb0fb3504c6c030276e710800c5ccbbaa8922614c5beeca565a5fdf1d287a2bc049be6778060e91a92a757e3048f68b076f7d36cc8f29ba5df81dc2ca725ece66270cc9a5035d8ceceef9ea0274a63ab1e58fafd4988d0f65d146757da071df045cfe16b9b 02 af5e4cde6c7ac4ad3f62f9df82e6a378a1c80fccf26abcbd13120339707baae172c0381abde73c3d607c14706bb8ab4d09dd39c5961ea86114c37f6b803554925a3e4c64c54ed1ba171e52f97fa2df2ef7e52725c62635e4c3ab625a018bfa75b266446f24b8e0c13dcc258db35b52e8ed5add68ca54de905395304cf3e1eeac - 1 6 18fd31815d4c5316d23bddb61ada198272ffa76ab0a4f7505b2a232150bd79874a9e5aabd7e39aef8cccdd2eba9cfcef6cc77842c7b359899b976f930e671d9308c3a07eeb6eaf1411a4c91a3523e4a8a4ccf523df2b70d56da5173e862643ad894495f14a94bda7115cedda87d520e524f917197dec625ffa1283d156e39f2daa49424a42aba2e0d0e43ebd537f348db770fe6c901a17432c7dd1a9146a2039c383f293cab5b04cb653332454883396863dd419b63745cc65bfc905c06a5d4283f5ff33a1d59584610293a1b08da9a6884c8e67675568e2c357b3d040350694c8b1c74c4be16e76eafeb8efe69dc501154fd36347d04ffc0c6e9a5646a1902a c3d48226a8f94d3bbb49918ac02187493258e74e - 0080545ca1e5a9978e411a23f7ce3b50d2919cb7da2dfd4c97d1dd20db9535d6240b684751b08845d44b780750371c5f229903cf59216bcfbe255de370f9a801177fa0dd11061a0173cd7fe4d740e3a74cc594a8c2510d03039126388730c2c73ca0db5fdad2a2021e9ea025b86dc0ba87aea5629246a4cf0f98726fcda9c89d4483 -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -15,9 +15,9 @@ XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T FQkXl67dfqqYWGNef,FU197f2xUNBp3Gdxgh,FUNbwU3rQu8iXkAD48 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - TLSv10 d170a048a025925479f1a573610851d30a1f3e7267836932797def95 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv12 535bdbf95cb1fbd2e5c1f3605984d826eca11a8562b3c36d1f70fa44ba2f723c - - - 04c177ab173fed188d8455b2bd0eeac7c1fc334b5d9d38e651b6a31cbda4a7b62a4a222493711e6aec7590d27292ba300d722841ca52795ca55b9b26d12730b807 1 6 bb8ed698a89f33367af245236d1483c2caa406f61a6e3639a6483c8ed3baadaf18bfdfd967697ad29497dd7f16fde1b5d8933b6f5d72e63f0e0dfd416785a3ee3ad7b6d65e71c67c219740723695136678feaca0db5f1cd00a2f2c5b1a0b83098e796bb6539b486639ab02a288d0f0bf68123151437e1b2ef610af17993a107acfcb3791d00b509a5271ddcf60b31b202571c06ceaf51b846a0ff8fd85cf1bc99f82bb936bae69a13f81727f0810280306abb942fd80e0fdf93a51e7e036c26e429295aa60e36506ab1762d49e31152d02bd7850fcaa251219b3dde81ea5fc61c4c63b940120fa6847ccc43fad0a2ac252153254baa03b0baebb6db899ade45e e2fb0771ee6fc0d0e324bc863c02b57921257c86 - - 4104a92b630b25f4404c632dcf9cf454d1cf685a95f4d7c34e1bed244d1051c6bf9fda52edd0c840620b6ddf7941f9ee8a2684eec11a5a2131a0a3389d1e49122472
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T CsxknGIti a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad,a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) - TLSv10 d170a048a025925479f1a573610851d30a1f3e7267836932797def95 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv12 535bdbf95cb1fbd2e5c1f3605984d826eca11a8562b3c36d1f70fa44ba2f723c - - - 04c177ab173fed188d8455b2bd0eeac7c1fc334b5d9d38e651b6a31cbda4a7b62a4a222493711e6aec7590d27292ba300d722841ca52795ca55b9b26d12730b807 1 6 bb8ed698a89f33367af245236d1483c2caa406f61a6e3639a6483c8ed3baadaf18bfdfd967697ad29497dd7f16fde1b5d8933b6f5d72e63f0e0dfd416785a3ee3ad7b6d65e71c67c219740723695136678feaca0db5f1cd00a2f2c5b1a0b83098e796bb6539b486639ab02a288d0f0bf68123151437e1b2ef610af17993a107acfcb3791d00b509a5271ddcf60b31b202571c06ceaf51b846a0ff8fd85cf1bc99f82bb936bae69a13f81727f0810280306abb942fd80e0fdf93a51e7e036c26e429295aa60e36506ab1762d49e31152d02bd7850fcaa251219b3dde81ea5fc61c4c63b940120fa6847ccc43fad0a2ac252153254baa03b0baebb6db899ade45e e2fb0771ee6fc0d0e324bc863c02b57921257c86 - - 4104a92b630b25f4404c632dcf9cf454d1cf685a95f4d7c34e1bed244d1051c6bf9fda52edd0c840620b6ddf7941f9ee8a2684eec11a5a2131a0a3389d1e49122472
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -25,11 +25,11 @@ XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FaPs2M3vQdQYOJSlia,Fpsckv2Ur4Vh9ftIG3 (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - unknown-0 e6b8efdf91cf44f7eae43c83398fdcb2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb492b658d5183bbaedbf35e8f126ff926b14979cd703d242aea996a5fda - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 008057aaeea52e6d030e54fa9328781fda6f8de80ed8531946bfa8adc4b51ca7502cbce62bae6949f6b865d7125e256643b5ede4dd4cf42107cfa73c418f10881edf38a75f968b507f08f9c1089ef26bfd322cf44c0b746b8e3dff731f2585dcf26abb048d55e661e1d2868ccc9c338e451c30431239f96a00e4843b6aa00ba51785 - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.164 58869 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T Fchqui4jmz6K3XZzq2,FNdruE4ZRfnRBgKlG2 (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - TLSv10 a8a2ab739a64abb4e68cfcfc3470ff6269b1a86858501fbbd1327ed8 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb4c0fac7f7823587c68438c87876533af7b0baa2a8f1078eb8d182247e9 - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 0080891c1b6b5f0ec9da1b38d5ba6efe9c0380219d1ac4e63a0e8993306cddc6944a57c9292beb5652794181f747d0e868b84dca7dfe9783d1baa2ef3bb68d929b2818c5b58b8f47663220f9781fa469fea7e7d17d410d3979aa15a7be651c9f16fbf1a04f87a95e742c3fe20ca6faf0d2e950708533fd3346e17e410f0f86c01f52 - -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.150.187.164 58870 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T F9t9Mo3PvEHEdcasbc,FNGGSL1ZKDUdr3toyb (empty) CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network - - TLSv10 240604be2f5644c8dfd2e51cc2b3a30171bd58853ed7c6e3fcd18846 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb4ffd1b8c1308a2caac010fcb76e9bd21987d897cb6c028cdb3176d5904 - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 008032a6f5fd530f342e4d5b4043765005ba018f488800f897c259b005ad2a544f5800e99812d9a6336e84b07e4595d1b8ae00a582d91804fe715c132d1bdb112e66361db80a57a441fc8ea784ea76ec44b9f3a0f9ddc29be68010ff3bcfffc285a294511991d7952cbbfee88a869818bae31f32f7099b0754d9ce75b8fea887e1b8 - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T sxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - unknown-0 e6b8efdf91cf44f7eae43c83398fdcb2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb492b658d5183bbaedbf35e8f126ff926b14979cd703d242aea996a5fda - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 008057aaeea52e6d030e54fa9328781fda6f8de80ed8531946bfa8adc4b51ca7502cbce62bae6949f6b865d7125e256643b5ede4dd4cf42107cfa73c418f10881edf38a75f968b507f08f9c1089ef26bfd322cf44c0b746b8e3dff731f2585dcf26abb048d55e661e1d2868ccc9c338e451c30431239f96a00e4843b6aa00ba51785 - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.164 58869 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - TLSv10 a8a2ab739a64abb4e68cfcfc3470ff6269b1a86858501fbbd1327ed8 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb4c0fac7f7823587c68438c87876533af7b0baa2a8f1078eb8d182247e9 - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 0080891c1b6b5f0ec9da1b38d5ba6efe9c0380219d1ac4e63a0e8993306cddc6944a57c9292beb5652794181f747d0e868b84dca7dfe9783d1baa2ef3bb68d929b2818c5b58b8f47663220f9781fa469fea7e7d17d410d3979aa15a7be651c9f16fbf1a04f87a95e742c3fe20ca6faf0d2e950708533fd3346e17e410f0f86c01f52 - -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.150.187.164 58870 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - TLSv10 240604be2f5644c8dfd2e51cc2b3a30171bd58853ed7c6e3fcd18846 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_RC4_40_MD5,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLSv10 45c7bb4ffd1b8c1308a2caac010fcb76e9bd21987d897cb6c028cdb3176d5904 - - - - - - - 2c322ae2b7fe91391345e070b63668978bb1c9da 008032a6f5fd530f342e4d5b4043765005ba018f488800f897c259b005ad2a544f5800e99812d9a6336e84b07e4595d1b8ae00a582d91804fe715c132d1bdb112e66361db80a57a441fc8ea784ea76ec44b9f3a0f9ddc29be68010ff3bcfffc285a294511991d7952cbbfee88a869818bae31f32f7099b0754d9ce75b8fea887e1b8 - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -37,9 +37,9 @@ XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.150.187.164 58870 194.127.84.106 443 TL
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T FLBUwc2aH4D4Ird86,FSOqRY3TrLkXCO9iE7,FhWKUbxdmkyBVLdX5 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - TLSv10 ae1b693f91b97315fc38b4b19f600e2aff7f24ce9b11bf538b1667e5 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv11 5a20647e0bdeb3f9e87d53e65a458a89d647f40fab7658f9d4a6ac93a5a65d71 - - - 04c8dd2cfb5dce034588f47acea36d8a0443857ec302c7be2974ce2a5a6d8db18e6161b1ee657dacc3b6ceb92f52dd122f0d466e01f21a39dfe35d48143e41d3cb 256 256 72abf64adf8d025394e3dddab15681f669efc25301458e20a35d2c0c8aa696992c49baca5096656dbae6acd79374aaec2c0be0b85614d8d647f4e56e956d52d959761f3a18ef80a695e6cd549ba4f2802e44983382b07d0fde27296bbb1fa72bb7ceb1b0ae1959bbcf9e4560d9771c2267518b44b9e6f472fa6b9fe6c60d41a57dc0de81d9cc57706a80e0818170e503dd44f221160096593ea2f83bd8755e0ae4a3380b5c52811eb33d95944535148bed5f16817df4b9938be40b4bc8f55f86ded30efe48a0f37fd66316fba484f62dd2f7e1c0825b59b84aa5cbee6c0fd09779023f3e5ea6e7ec337d9acc1cb831c5df5f6499ed97c1f454d31e5a323b541a b453697b78df7c522c3e2bfc889b7fa6674903ca - - 4104887d740719eb306e32bf94ba4b9bf31ecabf9cca860e12f7fa55ac95c6676b0da90513aa453b18b82bf424bf2654a72a46b8d3d19210502a88381ba146533792
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T CsxknGIti 22a920a5ec03c819b569ed0fa8b7df258e3e7ea11fdd15b83b6fa45f3e863036,9b759d41e3de30f9d2f902027d792b65d950a98bbb6d6d56be7f2528453bf8e9,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) - TLSv10 ae1b693f91b97315fc38b4b19f600e2aff7f24ce9b11bf538b1667e5 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLSv11 5a20647e0bdeb3f9e87d53e65a458a89d647f40fab7658f9d4a6ac93a5a65d71 - - - 04c8dd2cfb5dce034588f47acea36d8a0443857ec302c7be2974ce2a5a6d8db18e6161b1ee657dacc3b6ceb92f52dd122f0d466e01f21a39dfe35d48143e41d3cb 256 256 72abf64adf8d025394e3dddab15681f669efc25301458e20a35d2c0c8aa696992c49baca5096656dbae6acd79374aaec2c0be0b85614d8d647f4e56e956d52d959761f3a18ef80a695e6cd549ba4f2802e44983382b07d0fde27296bbb1fa72bb7ceb1b0ae1959bbcf9e4560d9771c2267518b44b9e6f472fa6b9fe6c60d41a57dc0de81d9cc57706a80e0818170e503dd44f221160096593ea2f83bd8755e0ae4a3380b5c52811eb33d95944535148bed5f16817df4b9938be40b4bc8f55f86ded30efe48a0f37fd66316fba484f62dd2f7e1c0825b59b84aa5cbee6c0fd09779023f3e5ea6e7ec337d9acc1cb831c5df5f6499ed97c1f454d31e5a323b541a b453697b78df7c522c3e2bfc889b7fa6674903ca - - 4104887d740719eb306e32bf94ba4b9bf31ecabf9cca860e12f7fa55ac95c6676b0da90513aa453b18b82bf424bf2654a72a46b8d3d19210502a88381ba146533792
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -47,9 +47,9 @@ XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T F9ImFdxcpyKCgRgp2 (empty) CN=bro CN=bro - - DTLSv10 543f24d1a377e53b63d935157e76c81e2067b1333bccaad6c24ce92d TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,TLS_DH_RSA_WITH_DES_CBC_SHA,TLS_DH_DSS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV DTLSv10 54fdfee7e29e9780bd73e567dba0ae66ed5b7fb1ee86efba4b09f98bd7b03ad2 - - - 043c5e4b4508b840ef8ac34f592fba8716445aeb9ab2028695541ea62eb79b735da9dbfdbdd01a7beab2c832a633b7fd1ce278659355d7b8a1c88503bfb938b7ef 256 256 17569f292088d5383ffa009ffd5ae4a34b5aec68a206d68eea910b808831c098e5385b2fcf49bbd5df914d2b9d7efcd67a493c324daf48c929bdb3838e56fef25d67f45d6f03f7b195a9d688ec5efe96f1ffe0d88e73458b87175fac7073ca8d8e340657e805cb1e91db02ee687fe5ce37c57fb177368bf3ac787971591a67eaf1880eabac8307ec74e269539b9894781c0026ea61101dafbac1995bc32d39584a03ef82d413731df06dae085dc5984b7fcbedd860715fb84ebb75e74406b88bee23533eba46fe5b3f0936c130e262dcc48d3809f5e208719a70a2a918c0e9fe60b4e992ac555048ff6c2cd077ca2afdc0c36cde432a38c1058fb6bd9cb2cc39 fa6d780625219f5e1ae0b4c863e8321328241134 - - 4104093d316a7b6bdfdbc28c02516e145b8f52881cbb7a5f327e3d0967fc4303617d03d423277420024e6f89b9ab16414681d47a221998a2ba85c4e2f625a0ad7c49
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T CvCsxknGIti 32e63ffcf5111a3a6337aa00d5186f6d475e962e9400a1dd8ad6eb4a3e177964 (empty) - DTLSv10 543f24d1a377e53b63d935157e76c81e2067b1333bccaad6c24ce92d TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,TLS_DH_RSA_WITH_DES_CBC_SHA,TLS_DH_DSS_WITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV DTLSv10 54fdfee7e29e9780bd73e567dba0ae66ed5b7fb1ee86efba4b09f98bd7b03ad2 - - - 043c5e4b4508b840ef8ac34f592fba8716445aeb9ab2028695541ea62eb79b735da9dbfdbdd01a7beab2c832a633b7fd1ce278659355d7b8a1c88503bfb938b7ef 256 256 17569f292088d5383ffa009ffd5ae4a34b5aec68a206d68eea910b808831c098e5385b2fcf49bbd5df914d2b9d7efcd67a493c324daf48c929bdb3838e56fef25d67f45d6f03f7b195a9d688ec5efe96f1ffe0d88e73458b87175fac7073ca8d8e340657e805cb1e91db02ee687fe5ce37c57fb177368bf3ac787971591a67eaf1880eabac8307ec74e269539b9894781c0026ea61101dafbac1995bc32d39584a03ef82d413731df06dae085dc5984b7fcbedd860715fb84ebb75e74406b88bee23533eba46fe5b3f0936c130e262dcc48d3809f5e208719a70a2a918c0e9fe60b4e992ac555048ff6c2cd077ca2afdc0c36cde432a38c1058fb6bd9cb2cc39 fa6d780625219f5e1ae0b4c863e8321328241134 - - 4104093d316a7b6bdfdbc28c02516e145b8f52881cbb7a5f327e3d0967fc4303617d03d423277420024e6f89b9ab16414681d47a221998a2ba85c4e2f625a0ad7c49
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -57,7 +57,7 @@ XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLS
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T F9SU1s24sf1PTQnPOg (empty) O=Internet Widgits Pty Ltd,ST=Some-State,C=AU O=Internet Widgits Pty Ltd,ST=Some-State,C=AU - - DTLSv12 e701fd74cac15bdb8d0fb735dca354f8e4cc1e65944f8d443a1af9b2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DH_RSA_WITH_AES_256_CBC_SHA256,TLS_DH_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DH_RSA_WITH_AES_128_CBC_SHA256,TLS_DH_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV DTLSv12 07c5aefa1fea3e397e8a4533a9f4fd6e82cd650533269d28dc7b2d62496dc490 - - - 049e5bb8781f90c66cae6b86d7a74977bccd02963bb55631fe7d916ba91c9af9a9562dec1c71b66005503523fbb72a95874bc77394aed429093ad69d7971fb13a9 1 6 e55f866f29d42c23dc5e87acaccff3fd5da17f001fbfcc1060188cc4351101bb53355ee7015edec32874dad840669578101ec98f898b87d1ce5f045ed990e1655dc9562dc83193ec2b6fbcb9410af9efd6d04c434d29cf809ee0be4bde51674ccfc2c662f76a6c2092cae471c0560f3cc358ed4211b8c6da4f2350ed479f82da84ec6d072e2b31cc0b982c2181af2066b502f5cb1b2e6becdd1e8bbd897a1038939121491c39294e3b584b618d5f9ae7dbc4b36b1a6ac99b92799ab2c8600f1698423bdde64e7476db84afaef919655f6b3dda48400995cf9334564ba70606004d805f4d9aeb4f0df42cea6034d42261d03544efeee721204c30de62268a217c 1cb43b5f1de3fe36d595da76210bbf5572a721be - - 41049c7a642fbbd5847c306ee295360442e353d78aef43297523f92be70b68b882ac708aefcb7a224b34130d6c6041030e5b62fc3def72d7774fd61043a0a430a416
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert client_record_version client_random client_cipher_suites server_record_version server_random server_dh_p server_dh_q server_dh_Ys server_ecdh_point server_signature_sig_alg server_signature_hash_alg server_signature server_cert_sha1 client_rsa_pms client_dh_Yc client_ecdh_point
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string string string string string string string string string count count string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CvCsxknGIti 6f5446a5b23f4e73925de5e6629c09b1c61ed66537d6d8a7818750c9cd0a67d7 (empty) - DTLSv12 e701fd74cac15bdb8d0fb735dca354f8e4cc1e65944f8d443a1af9b2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DH_RSA_WITH_AES_256_CBC_SHA256,TLS_DH_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DH_RSA_WITH_AES_256_CBC_SHA,TLS_DH_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DH_RSA_WITH_AES_128_CBC_SHA256,TLS_DH_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DH_RSA_WITH_AES_128_CBC_SHA,TLS_DH_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_SEED_CBC_SHA,TLS_DHE_DSS_WITH_SEED_CBC_SHA,TLS_DH_RSA_WITH_SEED_CBC_SHA,TLS_DH_DSS_WITH_SEED_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_SEED_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_IDEA_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV DTLSv12 07c5aefa1fea3e397e8a4533a9f4fd6e82cd650533269d28dc7b2d62496dc490 - - - 049e5bb8781f90c66cae6b86d7a74977bccd02963bb55631fe7d916ba91c9af9a9562dec1c71b66005503523fbb72a95874bc77394aed429093ad69d7971fb13a9 1 6 e55f866f29d42c23dc5e87acaccff3fd5da17f001fbfcc1060188cc4351101bb53355ee7015edec32874dad840669578101ec98f898b87d1ce5f045ed990e1655dc9562dc83193ec2b6fbcb9410af9efd6d04c434d29cf809ee0be4bde51674ccfc2c662f76a6c2092cae471c0560f3cc358ed4211b8c6da4f2350ed479f82da84ec6d072e2b31cc0b982c2181af2066b502f5cb1b2e6becdd1e8bbd897a1038939121491c39294e3b584b618d5f9ae7dbc4b36b1a6ac99b92799ab2c8600f1698423bdde64e7476db84afaef919655f6b3dda48400995cf9334564ba70606004d805f4d9aeb4f0df42cea6034d42261d03544efeee721204c30de62268a217c 1cb43b5f1de3fe36d595da76210bbf5572a721be - - 41049c7a642fbbd5847c306ee295360442e353d78aef43297523f92be70b68b882ac708aefcb7a224b34130d6c6041030e5b62fc3def72d7774fd61043a0a430a416
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 53525 74.125.239.37 443 - - - - F handshake_failure - F - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 53525 74.125.239.37 443 - - - - F handshake_failure - F Cl - - -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.80 56637 68.233.76.12 443 TLSv12 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FqgKur1u6KdJckxKm4,FhoNPD4pYuEXOkvIjk,Fd1hwV27hYGc3Gdju1 (empty) CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.80 56637 68.233.76.12 443 TLSv12 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi 95cb443934beda97627688546191ab1d3989a835592cebdd2434f9ad41324ce1,7363593d116aafcf804b974465546e1f02ed74b52db529ba7520345e5fed1ed4,687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2 (empty) -
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/x509.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FqgKur1u6KdJckxKm4 3 99FAA8037A4EB2FAEF84EB5E55D5B8C8 CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.taleo.net,taleo.net - - - F -
XXXXXXXXXX.XXXXXX FhoNPD4pYuEXOkvIjk 3 1690C329B6780607511F05B0344846CB CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX Fd1hwV27hYGc3Gdju1 3 01 CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 95cb443934beda97627688546191ab1d3989a835592cebdd2434f9ad41324ce1 3 99FAA8037A4EB2FAEF84EB5E55D5B8C8 CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.taleo.net,taleo.net - - - F - T F
XXXXXXXXXX.XXXXXX 7363593d116aafcf804b974465546e1f02ed74b52db529ba7520345e5fed1ed4 3 1690C329B6780607511F05B0344846CB CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2 3 01 CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.tls13-experiment/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.2 62873 104.196.219.53 443 unknown-32257 TLS_AES_128_GCM_SHA256 x25519 tls.ctf.network T - - T - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.2 62873 104.196.219.53 443 unknown-32257 TLS_AES_128_GCM_SHA256 x25519 tls.ctf.network T - - T CsiI - - -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.tls13-version/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.86.23 63449 52.32.149.186 443 TLSv13-draft23 TLS_AES_128_GCM_SHA256 x25519 tls13.crypto.mozilla.org F - - T - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.86.23 63449 52.32.149.186 443 TLSv13-draft23 TLS_AES_128_GCM_SHA256 x25519 tls13.crypto.mozilla.org F - - T CsiI - - -
#close XXXX-XX-XX-XX-XX-XX

44
testing/btest/Baseline/scripts.base.protocols.ssl.tls13/ssl-out.log
View file

@ -5,10 +5,10 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.203 53226 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.6.203 53227 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.203 53226 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F Cl - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.6.203 53227 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F Cl - - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -16,10 +16,10 @@ XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.6.203 53227 52.32.149.186 443 - - -
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.203 53994 138.68.41.77 443 TLSv13-draft14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x25519 - F - - T - - - - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.6.203 53996 138.68.41.77 443 TLSv13-draft14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x25519 - F - - T - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.203 53994 138.68.41.77 443 TLSv13-draft14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x25519 - F - - T Cs - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.6.203 53996 138.68.41.77 443 TLSv13-draft14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x25519 - F - - T Cs - - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -27,10 +27,10 @@ XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.6.203 53996 138.68.41.77 443 TLSv13
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.20 54980 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.20 54982 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.20 54980 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F Cl - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.20 54982 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F Cl - - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -38,10 +38,10 @@ XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.20 54982 52.32.149.186 443 - -
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.20 36778 138.68.41.77 443 TLSv13-draft16 TLS_CHACHA20_POLY1305_SHA256 secp384r1 - F unknown_ca - F - - - - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.20 36782 138.68.41.77 443 TLSv13-draft16 TLS_CHACHA20_POLY1305_SHA256 secp384r1 - F - - T - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.20 36778 138.68.41.77 443 TLSv13-draft16 TLS_CHACHA20_POLY1305_SHA256 secp384r1 - F unknown_ca - F CsL - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.20 36782 138.68.41.77 443 TLSv13-draft16 TLS_CHACHA20_POLY1305_SHA256 secp384r1 - F - - T Cs - - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -49,9 +49,9 @@ XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.20 36782 138.68.41.77 443 TLSv1
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.178.80 54220 174.138.9.219 443 TLSv13 TLS_CHACHA20_POLY1305_SHA256 x25519 - T - - T - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.178.80 54220 174.138.9.219 443 TLSv13 TLS_CHACHA20_POLY1305_SHA256 x25519 - T - - T CsiI - - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
@ -59,7 +59,7 @@ XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.178.80 54220 174.138.9.219 443 TLSv1
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.192.48.168 63564 64.233.185.139 443 TLSv13 TLS_AES_256_GCM_SHA384 secp256r1 - F - - T - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.192.48.168 63564 64.233.185.139 443 TLSv13 TLS_AES_256_GCM_SHA384 secp256r1 - F - - T CsiICs - - -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.186.133 43056 192.168.186.134 9090 TLSv13 TLS_AES_256_GCM_SHA384 secp256r1 - F - - T - - - - - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.186.133 43056 192.168.186.134 9090 TLSv13 TLS_AES_256_GCM_SHA384 secp256r1 - F - - T Cs - - -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.ssl.tls1_1/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T FLBUwc2aH4D4Ird86,FSOqRY3TrLkXCO9iE7,FhWKUbxdmkyBVLdX5 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T CsxknGIti 22a920a5ec03c819b569ed0fa8b7df258e3e7ea11fdd15b83b6fa45f3e863036,9b759d41e3de30f9d2f902027d792b65d950a98bbb6d6d56be7f2528453bf8e9,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) -
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.base.protocols.ssl.tls1_1/x509.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FLBUwc2aH4D4Ird86 3 3D1DE44E346ECE68 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.db833953.google.cn,*.g.co,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,yt.be - - - F -
XXXXXXXXXX.XXXXXX FSOqRY3TrLkXCO9iE7 3 0100212588B0FA59A777EF057B6627DF CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX FhWKUbxdmkyBVLdX5 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 22a920a5ec03c819b569ed0fa8b7df258e3e7ea11fdd15b83b6fa45f3e863036 3 3D1DE44E346ECE68 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.db833953.google.cn,*.g.co,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,yt.be - - - F - T F
XXXXXXXXXX.XXXXXX 9b759d41e3de30f9d2f902027d792b65d950a98bbb6d6d56be7f2528453bf8e9 3 0100212588B0FA59A777EF057B6627DF CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.xmpp.client-dpd/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 198.128.203.95 56048 146.255.57.229 5222 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T FnsG1E2sIRVp2Vpd55,FkUKQQ3EnnGycSSbf (empty) CN=jabber.ccc.de,O=Chaos Computer Club e.V.,L=Hamburg,ST=Hamburg,C=DE emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 198.128.203.95 56048 146.255.57.229 5222 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CsxknGIi 630ff62f262e2ed3524e031f391b7296fd099eca1064768874c449526f94a541,ff2a65cff1149c7430101e0f65a07ec19183a3b633ef4a6510890dad18316b3a (empty) -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.xmpp.server-dialback-dpd/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 184.73.173.246 1193 104.236.167.107 5269 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp384r1 - F - - T FAHgbUHB5t3l9Wm96,F6kAap3SUswOyZOR9,Fvwipv38sBhQVtyIvf FBYldY171VAwKyQK85,FzebwsuBE6r00p6Aj,FzQO6T3RjPFdAyOQAc,FgzZMl23Ex1raeFIH1 CN=www.0xxon.net,OU=Free SSL,OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB CN=*.hosted.im,OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\\, Inc.,L=Scottsdale,ST=Arizona,C=US
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 184.73.173.246 1193 104.236.167.107 5269 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp384r1 - F - - T CsxkrnXGYIi a9fe6fe31272268b3245c130a086531e056a8b463eae2b81200ca07def26a8a8,02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0,4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da 573a503f5361eec2f4642c8b230212c5e8af96632bcd6904cef5771c6c56ebcf,973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6,3a2fbe92891e57fe05d57087f48e730f17e5a5f53ef403d618e5b74d7a7e6ecb,c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4 -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.xmpp.starttls/ssl.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 198.128.203.95 56048 146.255.57.229 5222 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T FnsG1E2sIRVp2Vpd55,FkUKQQ3EnnGycSSbf (empty) CN=jabber.ccc.de,O=Chaos Computer Club e.V.,L=Hamburg,ST=Hamburg,C=DE emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 198.128.203.95 56048 146.255.57.229 5222 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CsxknGIi 630ff62f262e2ed3524e031f391b7296fd099eca1064768874c449526f94a541,ff2a65cff1149c7430101e0f65a07ec19183a3b633ef4a6510890dad18316b3a (empty) -
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.base.protocols.xmpp.starttls/x509.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FnsG1E2sIRVp2Vpd55 3 0DF4F2 CN=jabber.ccc.de,O=Chaos Computer Club e.V.,L=Hamburg,ST=Hamburg,C=DE emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - jabber.ccc.de,conference.jabber.ccc.de,jabberd.jabber.ccc.de,pubsub.jabber.ccc.de,vjud.jabber.ccc.de - - - F -
XXXXXXXXXX.XXXXXX FkUKQQ3EnnGycSSbf 3 00 emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption md5WithRSAEncryption rsa 4096 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 630ff62f262e2ed3524e031f391b7296fd099eca1064768874c449526f94a541 3 0DF4F2 CN=jabber.ccc.de,O=Chaos Computer Club e.V.,L=Hamburg,ST=Hamburg,C=DE emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - jabber.ccc.de,conference.jabber.ccc.de,jabberd.jabber.ccc.de,pubsub.jabber.ccc.de,vjud.jabber.ccc.de - - - F - T F
XXXXXXXXXX.XXXXXX ff2a65cff1149c7430101e0f65a07ec19183a3b633ef4a6510890dad18316b3a 3 00 emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption md5WithRSAEncryption rsa 4096 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

120
testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
View file

File diff suppressed because one or more lines are too long

264
testing/btest/Baseline/scripts.policy.misc.dump-events/really-all-events.log
View file

File diff suppressed because one or more lines are too long

8
testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 60623 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 secp256r1 - F - - T FgN3AE3of2TRIqaeQe,Fv2Agc4z5boBOacQi6,Ftmyeg2qgI2V38Dt3g (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.4.149 60624 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 secp256r1 - F - - T FUFNf84cduA0IJCp07,F1H4bd2OKGbLPEdHm4,Fgsbci2jxFXYMOHOhi (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 60623 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 secp256r1 - F - - T CsxknGIti 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43,a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.4.149 60624 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 secp256r1 - F - - T CsxknGIti 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43,a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) -
#close XXXX-XX-XX-XX-XX-XX

13
testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/x509.log
View file

@ -5,12 +5,9 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FgN3AE3of2TRIqaeQe 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F -
XXXXXXXXXX.XXXXXX Fv2Agc4z5boBOacQi6 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX Ftmyeg2qgI2V38Dt3g 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
XXXXXXXXXX.XXXXXX FUFNf84cduA0IJCp07 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F -
XXXXXXXXXX.XXXXXX F1H4bd2OKGbLPEdHm4 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0
XXXXXXXXXX.XXXXXX Fgsbci2jxFXYMOHOhi 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F
#close XXXX-XX-XX-XX-XX-XX

13
testing/btest/Baseline/scripts.policy.protocols.ssl.log-certs-base64/x509.log Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool string
XXXXXXXXXX.XXXXXX a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad 3 1E58FDC12DE4C703 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F MIIHPzCCBiegAwIBAgIIHlj9wS3kxwMwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNDA5MTIwNTA4WhcNMTQwNzA4MDAwMDAwWjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3izpQrGZwvH70JAvgzaS+hOUIlx3JNEZnl3gde66I54riDhWRSn56I1dWQVL8DPSOIjoHIHRDb6GYmQVa9CiKBNvof+GGmif3+rG1FBLa2jAkOWxp83ReuJw/oUd3LqgleFDbVQ1MG8+6YGrbhAWDGib/z3k9GSurmP63h6qZuQTZLruQcau0MRnOKbyV9TKPz93dfqetoPcTZ5XrbYP8PmA9L90bV5i9MBZXCEOs/w//SgDYuE6pu0p4fo0RdW4jk5wqRhQlueja5yoUEIU/d4WnsvvJAIG5BoCMY1y8ngbCimDKshG3Hg0PlCoqMwBxPAJrWAB2dA9JnsxSfNxwIDAQABo4IEDDCCBAgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIIC4gYDVR0RBIIC2TCCAtWCDCouZ29vZ2xlLmNvbYINKi5hbmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29nbGUuY29tghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0gg8qLmdvb2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVvLmNvbYINKi5nc3RhdGljLmNvbYIKKi5ndnQxLmNvbYIMKi51cmNoaW4uY29tghAqLnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYILYW5kcm9pZC5jb22CBGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUuYmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFMSXIDaEplRtz9GCgkXGI4hW+6XYMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAFFTcdvX6AVVhSbNO8pinIArK65sVRHsq6z0UGNvCKuHGL+HajVpzAlCctL4D0xxf/j9O48k504ALPxSxOfthEA04UErkOwuQB/E3Vax9yrniAcVoMDI/393EJCtcXysNca0x/DxbsEukr1ICNmhAmaJa2xS/jhRlc3DeyOUQMqSTFYqvM36ynaper5gDL/V4dDK5hb/jcpzMKFmLJIazcTxz+lIEGtsDRGp6m5Y91M1kQTo4J/nbcIjOTZa4z/M6MT3/NGr9IlKmudqhB51mJnuYTliwRR2hADzRmSfRGsRzBYWUI5N7QlBMxwXex0T89Hdm2lprSaWgSlJTMNiliA=
XXXXXXXXXX.XXXXXX a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NPVaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtvh8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rEahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZEASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXCDTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5nZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEBBQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjzaHFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwstoWHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
XXXXXXXXXX.XXXXXX 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - F F MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBOBgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GBAHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrLNhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1Wb8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.policy.protocols.ssl.log-hostcerts-only/x509.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path x509
#open XXXX-XX-XX-XX-XX-XX
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
XXXXXXXXXX.XXXXXX FgN3AE3of2TRIqaeQe 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F -
XXXXXXXXXX.XXXXXX FUFNf84cduA0IJCp07 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F -
#fields ts fingerprint certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool
XXXXXXXXXX.XXXXXX 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
XXXXXXXXXX.XXXXXX 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43 3 4A2C8628C1010633 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - T F
#close XXXX-XX-XX-XX-XX-XX

83
testing/btest/Baseline/scripts.policy.protocols.ssl.ssl-log-ext/ssl-all.log Normal file
View file

@ -0,0 +1,83 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - F - - T CsxknGIti b706ad178447821cc60aca1e0cd59697333a6178fd1c73f839fbdfb5b76bc507,cb2db573610f401e8d602917bbbe6ab4162255f208efad909d5440691aa0203c (empty) - 771 771 136,255 35,13,15 65281,35,15 300 1024 - - - - - - - - 1,0 1,2,3,1,2,3,1,2,3,1,2,3,1,2,3 6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T CsxknGIti a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad,a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) - 771 771 49172,255 11,10,35,13,15 65281,11,35 100800 - - 14,13,25,11,12,24,9,10,22,23,8,6,7,20,21,4,5,18,19,1,2,3,15,16,17 - - - - - - 1,0 1,2,3,1,2,3,1,2,3,1,2,3,1,2,3 6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T sxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - 769 2 57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6 - - - - - - - - - - - - (empty) - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.164 58869 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - 769 769 57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6 - - - - - - - - - - - - 0 - -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.150.187.164 58870 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - 769 769 57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6 - - - - - - - - - - - - 0 - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T CsxknGIti 22a920a5ec03c819b569ed0fa8b7df258e3e7ea11fdd15b83b6fa45f3e863036,9b759d41e3de30f9d2f902027d792b65d950a98bbb6d6d56be7f2528453bf8e9,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) - 770 770 49172,49162,57,56,55,54,136,135,134,133,49167,49157,53,132,49171,49161,51,50,49,48,154,153,152,151,69,68,67,66,49166,49156,47,150,65,7,49169,49159,49164,49154,5,4,49170,49160,22,19,16,13,49165,49155,10,255 11,10,35,15 65281,35,11 100800 - - 23,25,28,27,24,26,22,14,13,11,12,9,10 - - - - - - 1,0 - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T CvCsxknGIti 32e63ffcf5111a3a6337aa00d5186f6d475e962e9400a1dd8ad6eb4a3e177964 (empty) - 65279 65279 49172,49162,57,56,55,54,136,135,134,133,49167,49157,53,132,49171,49161,51,50,49,48,154,153,152,151,69,68,67,66,49166,49156,47,150,65,7,49170,49160,22,19,16,13,49165,49155,10,21,18,15,12,9,20,17,14,11,8,6,255 11,10,35,15,11,10,35,15 65281,35,15 0 - 0,1,2 14,13,25,28,11,12,27,24,9,10,26,22,23,8,6,7,20,21,4,5,18,19,1,2,3,15,16,17 - - - - - - 0 - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CvCsxknGIti 6f5446a5b23f4e73925de5e6629c09b1c61ed66537d6d8a7818750c9cd0a67d7 (empty) - 65277 65277 49200,49196,49192,49188,49172,49162,165,163,161,159,107,106,105,104,57,56,55,54,136,135,134,133,49202,49198,49194,49190,49167,49157,157,61,53,132,49199,49195,49191,49187,49171,49161,164,162,160,158,103,64,63,62,51,50,49,48,154,153,152,151,69,68,67,66,49201,49197,49193,49189,49166,49156,156,60,47,150,65,7,49170,49160,22,19,16,13,49165,49155,10,255 11,10,35,13,15,11,10,35,13,15 65281,11,35 7200 - 0,1,2 23,25,28,27,24,26,22,14,13,11,12,9,10 - - - - - - 0 1,2,3,1,2,3,1,2,3,1,2,3,1,2,3 6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.186.133 43056 192.168.186.134 9090 TLSv13 TLS_AES_256_GCM_SHA384 secp256r1 - F - - T Cs - - - 771 771 4866 51,43,13,11,10,23 51,43 - - 0 25,24,23,21,19,16,256 - 772,771,770 772 - - 23 0 3,3,3,3,6,11,5,10,4,9,1,1,1,1,1 6,5,4,2,8,8,8,8,8,8,6,5,4,3,2
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.86.23 63449 52.32.149.186 443 TLSv13-draft23 TLS_AES_128_GCM_SHA256 x25519 tls13.crypto.mozilla.org F - - T CsiI - - - 771 771 39578,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53,10 19018,65281,0,23,35,13,5,18,16,30032,11,51,45,43,10,24,31354,21 51,43 - - 0 39578,29,23,24 h2,http/1.1 56026,32535,771,770,769 32535 1 39578,29 29 0 3,4,1,3,5,1,6,1,1 4,8,4,5,8,5,8,6,2
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FFYN6Z2x1v8O31tYAe (empty) + + - - unable to get local issuer certificate
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T FMuqCx3vT83dl6KvOh,FkDg8kz9rRmVb8o63,Fl5AIC1EFNQx61M777 (empty) + + - - ok
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FZ7lQU7QXB55vSCfb (empty) + + - - unable to get local issuer certificate
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert validation_status
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi 611101252cfd5bd2a7d2a1ffa2751106edeb29a98d1991d41986d39ae1742da9 (empty) - unable to get local issuer certificate
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CsxknGIti b2e802a12cf20c0c3ad57e74c489c2cbb569de829c18257795a47fdcefc97ba3,93a07898d89b2cca166ba6f1f8a14138ce43828e491b831926bc8247d391cc72,2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5 (empty) - ok
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi 611101252cfd5bd2a7d2a1ffa2751106edeb29a98d1991d41986d39ae1742da9 (empty) - unable to get local issuer certificate
#close XXXX-XX-XX-XX-XX-XX

Some files were not shown because too many files have changed in this diff Show more