Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix expression errors in x509 policy scrips when unparseable data is in certificate chain.

Browse source
This commit is contained in:
Bernhard Amann 2014-05-21 10:50:31 -07:00
parent 96f71c24d8
commit b16322aefb
3 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/protocols/ssl/extract-certs-pem.bro
View file

@ -29,7 +29,7 @@ global extracted_certs: set[string] = set() &read_expire=1hr &redef;
event ssl_established(c: connection) &priority=5
{
if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 )
if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 || !c$ssl$cert_chain[0]?$x509 )
return;
if ( ! addr_matches_host(c$id$resp_h, extract_certs_pem) )

1
scripts/policy/protocols/ssl/validate-certs.bro
View file

@ -36,6 +36,7 @@ event ssl_established(c: connection) &priority=3
local chain: vector of opaque of x509 = vector();
for ( i in c$ssl$cert_chain )
{
if ( c$ssl$cert_chain[i]?$x509 )
chain[i] = c$ssl$cert_chain[i]$x509$handle;
}

3
scripts/policy/protocols/ssl/validate-ocsp.bro
View file

@ -39,7 +39,10 @@ event ssl_established(c: connection) &priority=3
local chain: vector of opaque of x509 = vector();
for ( i in c$ssl$cert_chain )
{
if ( c$ssl$cert_chain[i]?$x509 )
chain[i] = c$ssl$cert_chain[i]$x509$handle;
}
local reply_id = cat(md5_hash(c$ssl$ocsp_response), join_string_vec(c$ssl$cert_chain_fuids, "."));