Implement delay-token style SSL logging.

This commit moves the notary script into the policy directory, along with some architectural changes: the main SSL script now has functionality to add and remove tokens for a given record. When adding a token, the script delays the logging until the token has been removed or until the record exceeds a maximum delay time. As before, the base SSL script stores all records sequentially and buffers even non-delayed records for the sake of having an ordered log file. If this turns out to be not so important, we can easily revert to a simpler logic. (This is still WiP, some debuggin statements still linger.)
2025-10-02 06:38:20 +00:00 · 2012-12-22 20:30:17 -08:00 · 2012-12-22 20:30:17 -08:00 · 9e81342c92
commit 9e81342c92
parent 8a569facd6
4 changed files with 192 additions and 150 deletions
--- a/scripts/site/local.bro
+++ b/scripts/site/local.bro
@ -56,6 +56,10 @@ redef Software::vulnerable_versions += {
 # This script enables SSL/TLS certificate validation.
@load protocols/ssl/validate-certs

+# This script checks each SSL certificate hash against the ICSI certificate
+# notary service.
+@load protocols/ssl/notary
+
 # If you have libGeoIP support built in, do some geographic detections and 
 # logging for SSH traffic.
@load protocols/ssh/geo-data