Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add verify functionality, including the ability to get the validated

Browse source 
chain. This means that it is now possible to get information about the
root-certificates that were used to secure a connection.

Intermediate commit before changing the script interface again.

addresses BIT-953, BIT-760
This commit is contained in:
Bernhard Amann 2014-03-03 10:49:28 -08:00
parent 7ba6bcff2c
commit a1f2ab34ac
8 changed files with 249 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

11
scripts/base/files/x509/main.bro
View file

@ -5,24 +5,27 @@ module X509;
export {
redef enum Log::ID += { LOG };
redef record Files::Info += {
};
}
event x509_cert(f: fa_file, cert: X509::Certificate)
event x509_cert(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
{
print cert;
}
event x509_extension(f: fa_file, cert: X509::Certificate, ext: X509::Extension)
event x509_extension(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::Extension)
{
print ext;
}
event x509_ext_basic_constraints(f: fa_file, cert: X509::Certificate, ext: X509::BasicConstraints)
event x509_ext_basic_constraints(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: X509::BasicConstraints)
{
print ext;
}
event x509_ext_subject_alternative_name(f: fa_file, cert: X509::Certificate, ext: X509::SubjectAlternativeName)
event x509_ext_subject_alternative_name(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate, ext: string_vec)
{
print ext;
}

18
scripts/base/init-bare.bro
View file

@ -46,6 +46,13 @@ type index_vec: vector of count;
## directly and then remove this alias.
type string_vec: vector of string;
## A vector of x509 opaques.
##
## .. todo:: We need this type definition only for declaring builtin functions
## via ``bifcl``. We should extend ``bifcl`` to understand composite types
## directly and then remove this alias.
type x509_opaque_vector: vector of opaque of x509;
## A vector of addresses.
##
## .. todo:: We need this type definition only for declaring builtin functions
@ -2744,7 +2751,6 @@ export {
module X509;
export {
type X509::Certificate: record {
certificate: opaque of x509; ##< OpenSSL certificate reference
version: count; ##< Version number.
serial: string; ##< Serial number.
subject: string; ##< Subject.
@ -2774,8 +2780,14 @@ export {
path_len: count &optional;
};
type X509::SubjectAlternativeName: record {
names: vector of string;
## Result of an X509 certificate chain verification
type X509::Result: record {
## OpenSSL result code
result: count;
## Result as string
result_string: string;
## References to the final certificate chain, if verification successful. End-host certificate is first.
chain_certs: vector of opaque of x509 &optional;
};
}