Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

SSL/TLS: Parse CertificateRequest message

Browse source 
This commit introduces parsing of the CertificateRequest message in the
TLS handshake. It introduces a new event ssl_certificate_request, as
well as a new function parse_distinguished_name, which can be used to
parse part of the ssl_certificate_request event parameters.

This commit also introduces a new policy script, which appends
information about the CAs a TLS server requests in the
CertificateRequest message, if it sends it.
This commit is contained in:
Johanna Amann 2023-03-09 08:20:50 +01:00
parent b73dda5cff
commit b56b856da9
17 changed files with 221 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

22
testing/btest/scripts/base/protocols/ssl/certificate_request.zeek Normal file
View file

@ -0,0 +1,22 @@
# This tests the certificate_request message parsing
# @TEST-EXEC: zeek -b -r $TRACES/tls/client-certificate.pcap %INPUT > out
# @TEST-EXEC: zeek -C -b -r $TRACES/tls/certificate-request-failed.pcap %INPUT >> out
# @TEST-EXEC: zeek -C -b -r $TRACES/tls/webrtc-stun.pcap %INPUT >> out
# @TEST-EXEC: zeek -C -b -r $TRACES/mysql/encrypted.trace %INPUT >> out
# @TEST-EXEC: btest-diff out
@load base/protocols/ssl
@load base/protocols/mysql
event ssl_certificate_request(c: connection, is_client: bool, certificate_types: index_vec, supported_signature_algorithms: SSL::SignatureAndHashAlgorithm, certificate_authorities: string_vec)
{
print certificate_types;
print supported_signature_algorithms;
for ( i in certificate_authorities )
{
print certificate_authorities[i];
print parse_distinguished_name(certificate_authorities[i]);
}
print "========";
}