mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Add policy script to suppress non host-certificate logging in x509.log
Addresses BIT-1150
This commit is contained in:
Bernhard Amann
parent
e8339d5c63
commit
b32c7c7a88
5 changed files with 84 additions and 0 deletions
|
|
@ -55,6 +55,9 @@
|
|||
# This script enables SSL/TLS certificate validation.
|
||||
@load protocols/ssl/validate-certs
|
||||
|
||||
# This script prevents the logging of SSL CA certificates in x509.log
|
||||
@load protocols/ssl/log-hostcerts-only
|
||||
|
||||
# Uncomment the following line to check each SSL certificate hash against the ICSI
|
||||
# certificate notary service; see http://notary.icsi.berkeley.edu .
|
||||
# @load protocols/ssl/notary
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue