Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Do not log common name by default (it is most interesting for scripts)

Browse source 
and add a test case.
This commit is contained in:
Johanna Amann 2015-03-03 16:38:25 -08:00
parent 252d57fd2c
commit e48c6ccc4a
4 changed files with 29 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

26
scripts/base/init-bare.bro
View file

@ -2774,20 +2774,20 @@ export {
module X509; module X509;
export { export {
type Certificate: record { type Certificate: record {
version: count; ##< Version number. version: count &log; ##< Version number.
serial: string; ##< Serial number. serial: string &log; ##< Serial number.
subject: string; ##< Subject. subject: string &log; ##< Subject.
issuer: string; ##< Issuer. issuer: string &log; ##< Issuer.
cn: string &optional; ##< Last (most specific) common name. cn: string &optional; ##< Last (most specific) common name.
not_valid_before: time; ##< Timestamp before when certificate is not valid. not_valid_before: time &log; ##< Timestamp before when certificate is not valid.
not_valid_after: time; ##< Timestamp after when certificate is not valid. not_valid_after: time &log; ##< Timestamp after when certificate is not valid.
key_alg: string; ##< Name of the key algorithm key_alg: string &log; ##< Name of the key algorithm
sig_alg: string; ##< Name of the signature algorithm sig_alg: string &log; ##< Name of the signature algorithm
key_type: string &optional; ##< Key type, if key parseable by openssl (either rsa, dsa or ec) key_type: string &optional &log; ##< Key type, if key parseable by openssl (either rsa, dsa or ec)
key_length: count &optional; ##< Key length in bits key_length: count &optional &log; ##< Key length in bits
exponent: string &optional; ##< Exponent, if RSA-certificate exponent: string &optional &log; ##< Exponent, if RSA-certificate
curve: string &optional; ##< Curve, if EC-certificate curve: string &optional &log; ##< Curve, if EC-certificate
} &log; };
type Extension: record { type Extension: record {
name: string; ##< Long name of extension. oid if name not known name: string; ##< Long name of extension. oid if name not known

3
testing/btest/Baseline/scripts.base.protocols.ssl.common_name/.stdout Normal file
View file

@ -0,0 +1,3 @@
*.gstatic.com
Google Internet Authority
No CN

BIN
testing/btest/Traces/tls/cert-no-cn.pcap Normal file
View file

Binary file not shown.

13
testing/btest/scripts/base/protocols/ssl/common_name.test Normal file
View file

@ -0,0 +1,13 @@
# This tests a normal SSL connection and the log it outputs.
# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
# @TEST-EXEC: bro -C -r $TRACES/tls/cert-no-cn.pcap %INPUT
# @TEST-EXEC: btest-diff .stdout
event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
{
if ( cert?$cn )
print cert$cn;
else
print "No CN";
}