From e58b03a43f49790064e57325bc7221ffc6b82cd9 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Tue, 29 Jun 2021 11:10:09 +0100 Subject: [PATCH] Add policy script suppressing certificate events The added disable-certificate-events-known-certs.zeek disables repeated X509 events in SSL connections, given that the connection terminates at the same server and used the samt SNI as a previously seen connection with the same certificate. For people that see significant amounts of TLS 1.2 traffic, this could reduce the amount of raised events significantly - especially when a lot of connections are repeat connections to the same servers. The practical impact of not raising these events is actually very little - unless a script directly interacts with the x509 events, everything works as before - the x509 variables in the connection records are still being set (from the cache). --- scripts/base/files/x509/main.zeek | 3 + ...isable-certificate-events-known-certs.zeek | 84 ++++++++++++++++++ scripts/test-all-policy.zeek | 1 + .../Baseline/coverage.bare-mode-errors/errors | 4 +- .../.stdout | 53 +++++++++++ .../ssl.log | 18 ++++ .../x509.log | 14 +++ .../.stdout | 39 ++++++++ .../ssl.log | 18 ++++ .../x509.log | 14 +++ .../.stdout | 33 +++++++ .../ssl.log | 18 ++++ .../x509.log | 14 +++ .../btest/Traces/tls/google-cert-repeat.pcap | Bin 0 -> 49534 bytes ...isable-certificate-events-known-certs.zeek | 46 ++++++++++ 15 files changed, 357 insertions(+), 2 deletions(-) create mode 100644 scripts/policy/files/x509/disable-certificate-events-known-certs.zeek create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/.stdout create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/x509.log create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/.stdout create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/x509.log create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/.stdout create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log create mode 100644 testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/x509.log create mode 100644 testing/btest/Traces/tls/google-cert-repeat.pcap create mode 100644 testing/btest/scripts/base/files/x509/disable-certificate-events-known-certs.zeek diff --git a/scripts/base/files/x509/main.zeek b/scripts/base/files/x509/main.zeek index e1f4206d69..c8f0a0f978 100644 --- a/scripts/base/files/x509/main.zeek +++ b/scripts/base/files/x509/main.zeek @@ -136,6 +136,9 @@ event zeek_init() &priority=5 Files::register_for_mime_type(Files::ANALYZER_SHA1, "application/x-x509-user-cert"); Files::register_for_mime_type(Files::ANALYZER_SHA1, "application/x-x509-ca-cert"); Files::register_for_mime_type(Files::ANALYZER_SHA1, "application/pkix-cert"); + + # Please note that SHA256 caching is required to be enabled for the certificate event + # caching that is set up in certificate-event-cache.zeek to work. Files::register_for_mime_type(Files::ANALYZER_SHA256, "application/x-x509-user-cert"); Files::register_for_mime_type(Files::ANALYZER_SHA256, "application/x-x509-ca-cert"); Files::register_for_mime_type(Files::ANALYZER_SHA256, "application/pkix-cert"); diff --git a/scripts/policy/files/x509/disable-certificate-events-known-certs.zeek b/scripts/policy/files/x509/disable-certificate-events-known-certs.zeek new file mode 100644 index 0000000000..2f293fd658 --- /dev/null +++ b/scripts/policy/files/x509/disable-certificate-events-known-certs.zeek @@ -0,0 +1,84 @@ +##! This script disables repeat certificate events for hosts for hosts for which the same +##! certificate was seen in the recent past; +##! +##! This script specifically plugs into the event caching mechanism that is set up by the +##! base X509 script certificate-event-cache.zeek. It adds another layer of tracking that +##! checks if the same certificate was seen for the server IP address before, when the same +##! SNI was used to connect. If the certificate is in the event cache and all of these conditions +##! apply, then no certificate related events will be raised. +##! +##! Please note that while this optimization can lead to a considerable reduction of load in some +##! settings, it also means that certain detection scripts that rely on the certificate events being +##! raised do no longer work - since the events will not be raised for all connections. +##! +##! Currently this script only works for X509 certificates that are sent via SSL/TLS connections. +##! +##! If you use any script that requires certificate events for each single connection, +##! you should not load this script. + +@load base/protocols/ssl +@load base/files/x509 + +module DisableX509Events; + +## Let's be a bit more generous with the number of certificates that we allow to be put into +## the cache. +redef X509::certificate_cache_max_entries = 100000; + +type CacheIndex: record { + ## IP address of the server the certificate was seen on. + ip: addr; + ## SNI the client sent in the connection + sni: string &optional; + ## sha256 of the certificate + sha256: string; +}; + +redef record SSL::Info += { + ## Set to true to force certificate events to always be raised for this connection. + always_raise_x509_events: bool &default=F; +}; + +redef record X509::Info += { + ## Set to true to force certificate events to always be raised for this certificate. + always_raise_x509_events: bool &default=F; +}; + +global certificate_replay_tracking: set[CacheIndex] &read_expire=X509::certificate_cache_minimum_eviction_interval; + +hook X509::x509_certificate_cache_replay(f: fa_file, e: X509::Info, sha256: string) &priority=5 + { + # Bail out if x509 is already set - or if the file tells us that we should always raise events. + if ( f$info?$x509 || e$always_raise_x509_events ) + return; + + local raise_events = F; + + # not sure how that could happen - but let's be safe... + if ( |f$conns| == 0 ) + return; + + for ( c in f$conns ) + { + if ( ! f$conns[c]?$ssl ) + return; + + local test = CacheIndex($ip=f$conns[c]$id$resp_h, $sha256=sha256); + if ( f$conns[c]$ssl?$server_name ) + test$sni = f$conns[c]$ssl$server_name; + + if ( test !in certificate_replay_tracking || f$conns[c]$ssl$always_raise_x509_events ) + { + raise_events = T; + add certificate_replay_tracking[test]; + } + } + + if ( ! raise_events ) + { + # We don't have to raise the events. :). + # Instead we just already set f$x509. That makes the data available to scripts that might need them - and the x509_certificate_cache_replayh + # hook in certificate-event-cache will just abort. + f$info$x509 = e; + } + } diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek index fc36807d57..610712716f 100644 --- a/scripts/test-all-policy.zeek +++ b/scripts/test-all-policy.zeek @@ -41,6 +41,7 @@ @load frameworks/notice/extend-email/hostnames.zeek @load files/unified2/__load__.zeek @load files/unified2/main.zeek +@load files/x509/disable-certificate-events-known-certs.zeek @load files/x509/log-ocsp.zeek @load frameworks/packet-filter/shunt.zeek @load frameworks/software/version-changes.zeek diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 3f3e397577..c008d14a92 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -2,8 +2,8 @@ ### NOTE: This file has been sorted with diff-sort. warning in <...>/extract-certs-pem.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:10 "Remove in v5.1. Use log-certs-base64.zeek instead." warning in <...>/extract-certs-pem.zeek, line 1: deprecated script loaded from command line arguments "Remove in v5.1. Use log-certs-base64.zeek instead." -warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:44 ("Remove in v5.1. OCSP logging is now disabled by default") -warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:44 ("Remove in v5.1. OCSP logging is now disabled by default") +warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:45 ("Remove in v5.1. OCSP logging is now disabled by default") +warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:45 ("Remove in v5.1. OCSP logging is now disabled by default") warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from command line arguments ("Remove in v5.1. OCSP logging is now disabled by default") warning in <...>/notary.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:4 ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).") warning in <...>/notary.zeek, line 1: deprecated script loaded from command line arguments ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).") diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/.stdout b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/.stdout new file mode 100644 index 0000000000..31621b0464 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/.stdout @@ -0,0 +1,53 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log new file mode 100644 index 0000000000..e913b2025a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log @@ -0,0 +1,18 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fps client_cert_chain_fps subject issuer validation_status +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 167.71.55.249 37680 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 167.71.55.249 37682 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 167.71.55.249 37684 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 167.71.55.249 37686 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 167.71.55.249 37688 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 167.71.55.249 37690 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 167.71.55.249 37692 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 167.71.55.249 37694 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/x509.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/x509.log new file mode 100644 index 0000000000..8fbaa7b2a0 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/x509.log @@ -0,0 +1,14 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open XXXX-XX-XX-XX-XX-XX +#fields ts fp certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool +XXXXXXXXXX.XXXXXX 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47 3 FD62E14283CA9DF30A00000000DCA0BE CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - www.google.com - - - F - T F +XXXXXXXXXX.XXXXXX 23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522 3 0203BC53596B34C718F5015066 CN=GTS CA 1C3,O=Google Trust Services LLC,C=US CN=GTS Root R1,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F +XXXXXXXXXX.XXXXXX 3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 3 77BD0D6CDB36F91AEA210FC4F058D30D CN=GTS Root R1,O=Google Trust Services LLC,C=US CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - F F +XXXXXXXXXX.XXXXXX c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d 3 9AFA430EE8EEE2FF0A00000000DCA0C8 CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey sha256WithRSAEncryption ecdsa 256 - prime256v1 www.google.com - - - F - T F +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/.stdout b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/.stdout new file mode 100644 index 0000000000..c055e7611f --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/.stdout @@ -0,0 +1,39 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +x509_certificate, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +Hook for, CN=www.google.com +Hook for, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +Hook for, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log new file mode 100644 index 0000000000..e913b2025a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log @@ -0,0 +1,18 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fps client_cert_chain_fps subject issuer validation_status +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 167.71.55.249 37680 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 167.71.55.249 37682 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 167.71.55.249 37684 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 167.71.55.249 37686 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 167.71.55.249 37688 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 167.71.55.249 37690 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 167.71.55.249 37692 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 167.71.55.249 37694 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/x509.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/x509.log new file mode 100644 index 0000000000..8fbaa7b2a0 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/x509.log @@ -0,0 +1,14 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open XXXX-XX-XX-XX-XX-XX +#fields ts fp certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool +XXXXXXXXXX.XXXXXX 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47 3 FD62E14283CA9DF30A00000000DCA0BE CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - www.google.com - - - F - T F +XXXXXXXXXX.XXXXXX 23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522 3 0203BC53596B34C718F5015066 CN=GTS CA 1C3,O=Google Trust Services LLC,C=US CN=GTS Root R1,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F +XXXXXXXXXX.XXXXXX 3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 3 77BD0D6CDB36F91AEA210FC4F058D30D CN=GTS Root R1,O=Google Trust Services LLC,C=US CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - F F +XXXXXXXXXX.XXXXXX c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d 3 9AFA430EE8EEE2FF0A00000000DCA0C8 CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey sha256WithRSAEncryption ecdsa 256 - prime256v1 www.google.com - - - F - T F +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/.stdout b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/.stdout new file mode 100644 index 0000000000..2b98275395 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/.stdout @@ -0,0 +1,33 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com +x509_certificate, CN=www.google.com +x509_certificate, CN=GTS CA 1C3,O=Google Trust Services LLC,C=US +x509_certificate, CN=GTS Root R1,O=Google Trust Services LLC,C=US +finishing, CN=www.google.com diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log new file mode 100644 index 0000000000..e913b2025a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log @@ -0,0 +1,18 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fps client_cert_chain_fps subject issuer validation_status +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 167.71.55.249 37680 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 167.71.55.249 37682 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 167.71.55.249 37684 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 167.71.55.249 37686 142.250.179.196 443 TLSv12 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - F - - T 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 167.71.55.249 37688 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 167.71.55.249 37690 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 167.71.55.249 37692 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 167.71.55.249 37694 142.250.179.196 443 TLSv12 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - www.google.com F - - T c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 (empty) CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US ok +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/x509.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/x509.log new file mode 100644 index 0000000000..8fbaa7b2a0 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/x509.log @@ -0,0 +1,14 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open XXXX-XX-XX-XX-XX-XX +#fields ts fp certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len host_cert client_cert +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count bool bool +XXXXXXXXXX.XXXXXX 7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47 3 FD62E14283CA9DF30A00000000DCA0BE CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - www.google.com - - - F - T F +XXXXXXXXXX.XXXXXX 23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522 3 0203BC53596B34C718F5015066 CN=GTS CA 1C3,O=Google Trust Services LLC,C=US CN=GTS Root R1,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 2048 65537 - - - - - T 0 F F +XXXXXXXXXX.XXXXXX 3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5 3 77BD0D6CDB36F91AEA210FC4F058D30D CN=GTS Root R1,O=Google Trust Services LLC,C=US CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - F F +XXXXXXXXXX.XXXXXX c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d 3 9AFA430EE8EEE2FF0A00000000DCA0C8 CN=www.google.com CN=GTS CA 1C3,O=Google Trust Services LLC,C=US XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX id-ecPublicKey sha256WithRSAEncryption ecdsa 256 - prime256v1 www.google.com - - - F - T F +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Traces/tls/google-cert-repeat.pcap b/testing/btest/Traces/tls/google-cert-repeat.pcap new file mode 100644 index 0000000000000000000000000000000000000000..92027db13bfd2a02f4761d51dcc08f7ec088a0e6 GIT binary patch literal 49534 zcmeIb2{=_>*#EuHIp%qmWXe>=W0oOAhEOt8hB8lO9!q8+5oN5XC>5m;QJG1ZWr{Ln zXi}0g6dB&Vj-Q-^{Ql4NKF{+$&-*`J*Y4`*_^f;1>ppAk^Zo9--^3qcB`_mm-JB5Jxj8Zxu7a|O>5(1?=z z#uqr?H$v&ixryx}5QHQkEF?gZkfBl@6_mI3=d2Z*SA)~<4 z1DDhe9Nw>?uZDn{vLJ{aqyf$soH23;3I7de2WHUNlS4Gt5RC;yco-c@Xn+nSkWWV; z5lAF0v|u%~C#>P>BpIAPs4u-7O-V#55TP0IlM;a-Cxp=IV&rI2B9svU5k1n#Kx{jj z6TBd!XVGwVwRf`RH1zQH^x`zI_3&}Dw)N!H(NPtnN7I7$pydpGUteDldkkL0+SM5yir9`F6@m~# zg(9dS_~&HEPy_<1n?ecJb9^^Ee-f!LEdKRshw}wR+c+k{QCL%O>lh2^f&-T07c`LQY5*-`} zO#Py*dNYBIRqm2?<3K=rTj$T<8-}-ozH$i!Xeiivx7xAkY~#HVSkGHNXvD5vplE#h zDMj6{z28h2+7DX`9*k2H7vIABrQx;iR+g4h=4}CpkN55s3Yzpkb`49jRsZQR#kT16 z&SVR}f;dM4!t>6V%qfMF{Ho6%pL%}ey__m-MbfTD+S!hKn%{SQce*C~x#af%=g0tW z81I8daT?A*^L+jN=HjzR_*00u8H%(=ha#=fRB#g6s1b-I0s<70Fda<~Uh@)Apvj0x z1c?xYgv2NWngaZg9=r*OhR|%_6%_#!0mIIxdNc}L>V~Z8(z2}EuWH#;*w~>tz<+ZS zY(X;xGo14Z$_;NGPij_7dpWGmFzGJE#*aR}LPj76j-k!a{41}~hzM2(FE2MaQBhZG zPd5>_6ONdU6}9*B6tk8GR+Y;S``EQ=07oRlMX1nhsF>|k3ELwQiv%RYyku&y$ zA8t2b_m5w3OJ|K7c&aNKuIWde60D^w?Ynf&Q9gc)K&PgfWU9RftHd=CH4R#eaqXOX zfwu`fy^2qb&{z|-?HD64Yw4VSGxtcw(8w#|Zi%eCzFL~vxgx)qf{fxKzXtYB22!fs z?C9r;uFR^Bg^z}k-Pa~D)0He#j!2kuEevP(Zy+vAYtq7qm3ytRdf^6ud%hpV?6ICnnjPDZtAeceCr&|_5p zWiMrCGN*!p&Dr6-QVZKBI;bGREAYsgj1ENwE|08~NK~nT@d?QnTc#0uc570G*7%Q) zstjm4xOm}Fl^l$!`mU~CocdyzVHJ&*6_Y^2e%!!{B-e2u1ttnLfB63ILTb>%Nbx)y6 zc)to-Gl8|DcxDj(6b&ZtVQzgbXnRPKn2&%mYayUP1f3CrtMbJ1o1WNyXu(!dNoV-5y zz&AIo7iP|!3zrKEhZ{tE7lixBi%!r}#IOi5CtrFp5j~U6Us5!3{$O0$gBPj!QCI&N zgAu{-AmNWY1|uSt2UuPLCN#s!fQLf-`4F58||>dhsR_yv>-9m|9KxWf@kv~*+UF7 zB1< z+6Gvj@ce-@EqFS5xq6%u#Tw>U27Kh2PZ}x|PG(d<4yPG~Liv@f!%3`#59aRO@^CMd zPFi@YOpDT~R%a+-;JG)U=f1u7{xg@L*6+t%>%v%jTB6J&ogyD+Q`}6=uu4owdTaW? zj)feVd~N>GM;gc7evRr{=ITQ#`Q4XvZ6%@Ltx5;3I|XS$AqFa$@m!&yTfg5_GZoOI zqt~r6ke=K_l502@>ubPjBg@ZBT6UzK)qj_;>10di*OXocR0XL44@Wfx!Kq7pKP|mkS^Q->P^CL`inSJUKE3)zAec+C{Uk(up+kWjh}XzmT(%cd~vRTw&~< zW6l3WhdKStj3;A-z(CyOEhq613DnDogYK6lpC+6?`sm=1pAQp0A!dxr-BTBIceJ!R zzhLV7+4f33^-jZyQD5qX^deU7FgBX4uSuaZgK8Z&ytxY`BW5`BGLO-)4eF~ySM#Yk zxZDm-U+E{BH<}WplJKq3-c$YEmww(eIPnWdiHuSUQot_HlTG}VxRZEZ?BFx*CDQ<1 zTelp+RK=FwLFZWU;PT|_@z$j&B}bo34Y?l^c=rvpJ^!4oTwG;>ZD)8hHMMD&F_Q+9 za2k(XUGQx_hVaxGnbaKD+1eVSgOkHSwfQtp4^H(%gm&=YYz1HT?pq$5X?)8loqDBb zw|?fLel~HWgK|yPpbuk>&wKWYv7nj3*h@xFqv7OgW$9$#Xz#-5;v?*7DMo|&uoIBe z6Jv&CRTVK-%ry!;P}5<(`Jey%XS|jc+qF7g%c8}^W&e5kpEogtBG+FuBf&*86254L zKNCf?$Y}PF4Bu4wzKX=%#YuOR6*3k=X9L8ELfvO(VuF5u>McDkl9F;WMtfFpCV#f& z3|szeZOXv6CqHhEmeNHXyK`6n-Y;(c#?1UQ>)!6mffHoMzBt^TdTydYsY@dbZt1-)~+_*gAylZ0L zL#ry^irjW~VxfA}6Ueu9FG?}*RA%Ci`_w^v@3Tl2lRqgqBpQr|$(K|8lPQqn!o3 z0)?8h9zzW_KR<-hod0yS`rO$$S-W%d*0YG&lMAQKeCK>3=f>XVQ=LjWTv*2U?G>W! z3lmvMEcv6_+H*$tI&wZ=)ZW>|k}1x+U*Nl~+Dl~1-4?CF&)5CK@{~`1RK0h{>1JF& zRLGppt);HmnilQBM?D3xds}@fzbXqZ7*OZk>5`|+KX(H)Aa=jW_p|Hi-LKwW+)nqQ ze6B})p2nKtpvS<`S4;_II~^px$=Qt&pW}N=-+kEjB>%uMEe7ZY6m%tvt0+4^Deu-3 zN+#MjFPt-G;geZxkYA<_h8PLL&d{7tp$@S4G8X>Gr@w$n9C_&w2sGkcfS~TSf6tJh~{A`sf>49 zUoE(Xg}8o;X-&zk3>TP~-tS0yQFzGVah0IwXy@zs?UgbdZocNqTP(7L%R#pY`m0{hNYE9y46o<1WZOe^=gY|A|XIPv2|ndypM*w z!hi3s{Phj$KFFhI$n6m--|%>C+x!9O|jLFcZ0W&RLu%j@og{VLo9-qw#hx4H}})tyN=VLs*1Tl3H}{Gzo{RvelTal}b~ z_`FaT<3*p(3i>x`M=m|3eRXs1p%3*Jrk@2w%%2grucEl^Hf+2(7v6J0_zg(4! zG2QXLK?OyZ68fj?h{@JVQe7YWH0(PV$R7Nf`DI$!(|6oV?>5aTl^&PuA2$`PfWSjQ z1uHK=JIaN%BcSwwW1Ti9N%{bz_A#%~=K2=jQF_B_)F_tPcLi3YY60=M9R#JoG;pjV zMv>-X)V`_>iCYlU+fOg6QLqwq6%awNys$#W#VK~2Q$jmPaU@*jiW#@D&%?!C5v67a z#U?)$vs=`WS@|%)??fQL`#GI=NE*Bmc|m60IyF{MMQG7gNA#ele}4bIsquatq3$3M z=IdYxItHs%;8-h~A@qcUfM_Os7e_RMPx`*`MX_L5G&>poM>J~%p@L?|U=8>agovty zh7mFE`1WzXCjRo=>0`p^-p>7PKMy-AXGgt_(>nCcmVNsY0dxLYi@{ix>Xy+d%bN#I zY0Hp|oIIB|bDpz|%)Mkj0x{r{_%-}+*0!oH$$GPgw*~{rsoRzFGp|WeFqb+v(6{SW zI5CY5ch^Lmzwpz)-Mlru@Q8yx$27IyNrM{d zs^M&f_|}{9+E;8p3}iT;5w&qx6yK89oIC#Qd~gM=u;C@@;!ov2j-?yCY*bGBKH0h7 z-C{7*PHvmx)c`{_iZpd1sYYq>(T)d-jab>vNTMdBjI!H4mc`>E@zTHZzDwNk(;V*l z2}QPNJ`<#%LAEF0Y;RI#d6+U|#4U=8VvFynF2ZFtja6oua8a}ZqP-v)1lKO+SXXA+ zr1_XKTiB2Y%1m*k%*xmRkrD1cx_X%uH|wGV)Rxo;KN358me(DiArH8rO+tT&37vjT zLz8pfzR(+VdDnIQ1D~*CRyZ?dCMd;#ce%JM!q!06xB`KU=!UyfkbqnWq3hp&pkl#sCs=qlG5FNV^TsLw=oNXHtv78H-_!AJp zAdKZ)sJMH}i4}S+=)&sHm(W$%D zK8A09e_JcXD?$uux0F0w?s%ShB-c8ojELr}X`Bw{Lk6d_uVwqKTu3KhjyKPlvYnYQ zSbTWE$NY%cl~MD$EpHa?9A$iXu?eX&luF*4H2?jl)V<4Wp5jMd`w~Q4m@A4(Ri$LF z58NGL<+mrc>p9tey>T}#JK@`zl0V-n1k5U2lm0s8`f2XOTY_#?E~20D$J~A$Inh`y z9hl#jR9#e7pfIFSw|LOAGSU?YJb#=ECNiqc)V@y`ZLSYjo1-Mv&56*0)u{KYl5#mK z(2sx`#k7@b6Xzmi6hn;Ikci`4lyd+g2zJ@I=q`ZFjpD3^LiJTYe^b^BO1VJnI%pSC zmivODHiOjD1xri68fm)C3+?~JROO8({|ELqi6;wT(=G>cBI~>qMG#i6K$r^>RDW|W zAcUR}d^fHfkyt#gXcnOb%W%hla}f^TehhBV7E%;M!lD_+zc?4nB;^y7rc>dG#LtI? zPxrol^725&=^eElZ*4Cmx>EMhb2CjgM?JS3Bzr8>eBf@u#ogsxRC^7iOVxLO8=WqM z1_I*?9#6$fcsOYBG~N|$DcgI!*<7@=QrHu9Z*TXRbMz6Y?P6x(iafIQ?s&U-Nc`Tfi(>p7I<)Nk{mt8L(`5nl5q+SWKO)R--nSI6-#hW!naZEQS(iT@* zFXsgrcZG=;9SApZE<(Owh}9bsah!{aW9K0sxr!d_Y&H|QmQI!SAfcPStViV_LY%d@R)@(?`aW1N| z0TIi&816_G`)C zGoyIt0`FYloeR8kfq&)#|I7va6hGz>jg{v#@Xp15sdJG+>7kIy^D*e5C-IA(*E128 zgWG7bPf(WjQ(4`L3w%imoC_J60T1#s?|g2?^xWmW*GCtBI?FXUo?i~};xzkUsYo>K zV&)BvGvUKmpLDqT5D-^Ls_d&)%=vLLZcEaBk^4_)f7#7gGCT4gyb##)tVZbF$K7Ha zjIu(l2eVFkb~kB#V%91&O3TQf+(H~1DSKmf2THZOn6)w~Ma4#WSjLRLFkOPsH~Gl? zws|#-e{aCj$lwe zo#47i!BF%w&CQ#_j5b;p`ek9A`Nz2c+R-?y9c`lasbkc>KpbrjR-$IliCDsF6qa*Q z^$_SsfOve6ViV_LOanvQu^|!1xu_}v#8u~l=%e(G8+K|Ud;E`e48@|Tw6z_O zdv5ULa283Q3YL~`#Zql~dqm{2TEMgOvDnF;TnN+ArkOMhNFi?v!Z`-F8X75`GOik6Z4`vBJ0#rBrO`E{tK8<4xCH589sw4K=|HZ4&xE zOhbNa8XCrgj^kV`Hw1|6Y^%ie3h?xOP#{Hry%P{)-fl?5aW0mL zSk6U|V}s}()dzaqmDY)mi;9o}+mDQfwr`VvNfG|!F(OR(f1Gmxvcb`?n%{LjCpmEv z({tFXMS-3h%pv8Cg7Zs=Qdq8AIJaVOujv7zc*ka|MNPn~MadJH46dn#Wg?by0TU$w z5!bo!_^q<1q2^g$^=o5a+2EF>Hly}_LcDWU*9I~RE80`FYloeR8kfp;$O zt3}~gi^8uKgp^nC!eHk`07jt|>yTmrwk1eD>;CH2|Kg-;AxpAtj zBC|T%*Buv{8ALje*Gn@Qxlau=_3yrV!p*dB0>`vIiR{LTcPs^lqx+3KUkF7%0f z7jxg-?EBa<{P>Z|FN4=#4fuZ`IkRfB3W8W-mWBeA#m|n`KEK3M|Ncj0uUm6`h=(sF z*J8O`kjA*>QMoHWrCXl8pgljzcfVie!_?Lr;=0iST_ggJgdJk?OFXi_jt$VtTeQTU zOW#%RX4ZX}@i^s3Q|48*u6+t!ZP_JdnrZ3ZL-q8PcAtMkRDbJQeCakB%~OXQ?Kl&9 zNpnmdIh_df3pd|x5t`&kapjM50kk6nSUcK8?GwPLeOGX`Io_y&UnLE&8ilo5RD&_l zj{tG+&}OSeMGInxY8w)9oQnoCKwNb$eD~}-F?mQ_VTiKy+N~iqh3ROD8^`OXf0U+n zX}`XxD}<$`H+Z~l{J2YnT=D)j@yWh9CE4nRdGmCVk`s?451iPmn-9XQo!e}+sEKeO znw_|bE1H!wz%twba4v?`{>X55lu`<&`GyDaA;ZG{m35$@*Kk9dgf4<< zD0xlj)0oh4oQvg#05L&umAGC3{{9qGdgpLUuk-_4dNaVe_~O4(dZmX^txev5Sc*kl zr?5*#i(+D2<1_Hiz%hQrO>dKbPjl&EFPJFmiP+?si_EQn=yl`IS<50yEO>R!Z|q#O z>#sN$fPDYfDtX=6D_nK}zD;!}*4fM2>rXAf^jP3r*uc9qtUPnkeZxl{)!MEPoC`pH z1C#&WQ<)wHkcP|3?Km=1llrb8Dkcy)pKO?UyGfPfJPr(6>x3J^#7 z;f*NZhi|~KmPlBB*$oiO_Wh06@c9pMA0Xly8eU&x3-TYl3Sd^{cWOb*HxgO!d$6t= z8rgr{{(|}{IYfOKqE3bg&ckZ}N5PAeKk}5*aA;zVx~^t9t&Yt)Gsw z{e{>rob4~fWH;UZ!WiDdff(MBqeT%3FB*>d2MR%q+5-`s2{LHYdsrB&(e<(5{nJ-9 z3<^vKEJ^d9Dtc6S9P{gH7#MA8=k|8{BJw0bw7;-bDeSE^Ya-;a$Dejrwf}(=`Zq(7 z4)B7&Hn_{b5(ods_KbMU$ZK)=PIpWK#~ZPiOM8x<((Z8kzjx0FXV*h&c3K9Gmf|aW zMi8zpZw~g1m>~$6gueeD@7*xZ@MrG^F6fK%NqH-m2YxkPL@kJ7f#Y7t(|Ilrea9w> zZt&A78xkNnb$`-SkNaM{k(T?>BlqPHMZxYPo`KSI3%??d)Jtz^bb)*!wM1Kyyz!RY zXUfDqS&KU=-+Txy?`af!q|_mi{HQ1-3;qnkdsWQSVcOM1t0UnZAwmkbUOpZ-sU<-2 znPSw6NP+ab2m2T`W0F~_C%WzUHS8JSE>MOC@ z3ojCPtodMJmdoY3Y2EQFK*{xn#<_s>W5Wae0Sx!`eFM~Y>v29j!=uB$%T$fMlGk&~ zgVbPc`C^ivPNv~{(Sl{~dud9tEf=0M>&d_Jd=&e#$2g;@U~A_4g|M9`t_PfKkN$ch z7rEPua&*>lk5Et&X_h?UJGmKjw1ru{)YkmH)t&!TiChWOr_9+8t7 zw@G(b7u_89(G|;!-v<4!*)(EhY-cBjAaJZ5+sSDzyMwX4_$ThzK6e%~Tfo=d!bse) zeR)0g|L874_-!cg+fdkx;_eKD--ZIe4F!H13j8({_-!cg+fac09RAs<4!;e>|IOP_ zKpyZy5-wmH3XAg+56UVnA03jLFVZ)nx$(e}{pxYjPh8)}AmlDGD;0P{K6SJjl2f~- zb9$$`R*3@o#BAxE?32Ha=<2(8CV753VlVSQyEAkqzN zN@T|nZ?7X75Zb`RPpgY8trC^KAU1haA(I0`)Z37VBlx$wff!c>|DuEANyltP%354A zshr6|kKeB2W91yyRc6XM|LC5nB{P-;U7Y50_HsltEk)#F=r6`jRi6{u&&em-%e>f+ z2u`11Z2~85$cEhHQH9GP;EPAq9h@&7@JYj8Jc@weFXZ&+i-!p;D!KiO;9sq}r4iK^ zac<62_vX+ciKZQb7QBW8M^2l5eD|_->R!!9`BP54Gt@GXs&dGfHb*Iz{%0uU zHk3a>T60uX@s3(w?->K9*nmfNebKF~Q710HkFma=e+JcuU_LKdGnYbi?LJ>d5qG@n z^J@|Z25pM3D14}8?7bF#{dZ~?-+nelBniPceU`rbF zp1!loq53>f@PjGsz#F^RE#;3o3#Mb^AamH*W_-Arqh%p-yaRmQP8$iSe{#|);kf4lY^iz^PO34rbG3^l0 zkRaU9CZTV~G_*$g)@{awjwARlHw1{jWvj%s-+3X)D+!p=%f~G}qF}i6T7cm1*RxW3 zC-dOO{_Z=Bo@i0DD8O$2}8P(b`5_lGEl zDB-YYy9@Nr^&4AvRe_&_MV0_rYHpRh?(7vZ-T=F!#0u-|1*!QUDt|GlS#!!R+ctcm#^Ob07@VF~_Sb$|?F&HGKYiQq4M1`t0xZ%D)u z{JZJ_5liqtSFJrTSUFIv^rn}a{+^{|!qME=me8up2Z??)B%W6b{NE(_$1qa=N&C7E zmCP8#bg0dm4z=a5X9v&85az&}cmu&7PLLklne`y;4Xo5qHVuS1))Hw_Gll^1?)-*C zcx)DjeW!nj2LW-7;7`@KGj1p$YLDNJ3kZiJN31^0i|@k={&>NE&2FIo-)<6(7yR*p z|Ns94f4n@8-z9qEZ8^aX&iGxT@w-IhcZtUD5{=&_8ox_4ewS$MZK3hIME@V{5)FC6 z^1LgM=WjhUNq=~eRGf-cwDf9~Tw=NZMy>El5p26-I1T?j9R)DJP~Ge#zKN{Y6k4GfN=2%7A`hXpu#ZvH98rYd{@9O>gM_qu7|iicROgsOgq8cg<Sa7D@an2}#fV)(-Pn!6gt@1w zdytCn>vs*-+)BwZ;mN)&yVohY#G~6-sDXd`^uP#r{Ku*<=IjR!oA8qyowg8}v1uog z7_v0`C8%k{*C>4^pZoIm-eYzXb=vd1W2JQyrHxWgSVrBBnH0>%={mtP zrryYvbFIyF>bgE#(e+pP$3eE8;cRbGW|5dOQ(RLN9W$u$Pq=b#S07vyW`NlFns}4j z=Y`K=h`bvTan$tgen7;i=@aAQH*4nJNSI|5SSr_-Uk%>^8u|z~v`Oeun1HBn=+Wv!(MX=)|1CS!KL>FsOib5mC|doLA7@G1L7Vm;(9e* z_#7t2HQG1(7nnMVo8InsM_k%$d|)D90@)^Nx&}2Mw%z}8)(VIcfu-!1Ks8^lruV^1 z!oV@ZYC0faf3`|qclHYV4g)WN_5;=jPa(kJ=uVj42GsP^l&fmGVWHSvRBPW!pr!+I zBTW8#PifF#VlG@0a~n(-fU|(5ruUrzWI!}~PPU1fu0ackF9$ay;;89;;ed#xrqAzF zNWR3PoTF!w&~PxMMfd*W>y;i^Bt~TMh>4Ree8>K`sOca{L_b&4zOF+h_t|1P6npg^ z(4hhXOLsHjv=iQGST1KcLB()qh65tuBH1Qt`aXE&D+MCN$u%XiOvF;tVd7&z#8uOM zlKtzpKQX%9cz#F+J+oAjxAl-#H(pK0tLb<(9e?{g{`PrWPD2lGPcKdbTMr*cYg)BgQ`a53vc?p#R)qSIL=x;_KNrNQVBBc8IS?$0!B>-!i5AZTx_C1 z(P0#*hq!vt-OK<7=Zmluf~BVSB>?dP5VI-CH&N3y=rKgI4T(5vdS414uBz$X{*ou< zbidEOe%P3}$K=M5AannGN~#`z+w0nGw6U61>Z22>9#HYxw2rvD%t zU~>`iNS5i1oF`28qDnM25P5qv{`Auu4?Y*LepbvrnjA|=iYg`=39q3J3+qoslqjFP zlPo04;(nGmq)R{MrGx*so|MMZDqj^(BWOjN`!lXYJ`a7HD^yZ!b^STbZ$nj|p<9Nt zNqNS>`&1R_-fz1Q<>|;5IU7VvjZn6bFS>8%Y9r&TJXMw}{Fz62srypmDTx;)5p@ht z#I;)&!gl9{zwC&985gLiW4Hz3C-*gbNNNA~cvI;BwI+9uDBh3f?Nf%>yhX}t_fo5; zwTgE#VP#v+QDwrNDB19h4Dr2d>4%$hs7CKdP+A=5q8&3f_lU^^*{*`Ky-ArdV2UDd zO;OASIJn%$m3#X#;i9Pbg^5=tNH$T^H5f6()#Yt4a_`+`B95B=b_x(NYPu_ZWqh!n zghG|{tt#Fr@vzaCprMCwLz{%oglXsjZs_-DFrnk9>2If3LTBE-*}dtyBB1oBnQ=?c z<-WkuJzAiq$NpX^Jt;m^>)R<1qcRq8y_&AUjEQlL_I-~Qj`0C*dIu4Pg;IQgm{YZS z2l+apLZlKPUJUqi*1HiUPCqTSZmgycd90}EfGjq-N?s?vD*SQ=UV=?4*4ghKPpqwn z>8wCa@6%XS)0>eYOsLi&51^(4vN=rtdrw6wV`4tDCT3Qc4i?tJQqzY50T~b*rZ&4b zJyHb_FRYgBau$|}IBNP(5Flcy>GnRiesc-4Yz;i>a86LTavYH%a!I&?`WEZ=GfM@# z{NM-mWh;d$(a`m#?53=yyOn~KqR_QUp2{82iAwHDe#pL(tdarRRY_V&4@p2*p)^Pl zQh=l&QD_MPLH~V=(SRgn@U9xN>pE2Omlvi(U#{uU2Dn4V;j|Ny!VAuTJIUb$al@S% z1c(}<)X*U~2jEysB-i}q1Bk{?|3(y+`$L33AVWd8YPxTc*ttIMj{`B!WY3FoJAI0u zD?G9vucqVGbiA65SJUxoI$llpm62yo{H*Z)YFBAZq3RcrI~w2e)M%}H3RS}URnVFV ztQEyGgL{!&gUNfCTVD&>9+D*HBcRM$z^mzaH65>}2)T%02{NWpDCzX%FV> zQs|nmOXK5-F9+c3_V24VQVzw!*Y21vjS(<05x$-W$J*<5!iZm(eYVW~aIf264q(0s zz?zCK{8;io-vlt%?f*EmvS=}J*?$aMw1yZtniM#@MD$1_1F`LB&VPO0X=5uGulVB? zf4t(4SN#9m75_iW+xV~tr{A(v`*iQ~CC0g7hJvUedlK)b$eRjoPdq!jQ zpF4`*BK1gQt`f5s&HNGk!Kfdz`KYgo8TCWfkNU6B@TiZq7|rUae@$Vt+vg+IFhs!( zi8zA)&_ythtP1{*Z#dGt-=kL2ktBC2pM!2cqq!%egFlS}7X|$jap52nED8F8<0orc z#{@?8Mh~7W=j1!t=8{B+D!))G^G6XT+_zXx!Y4j2xY_OVzfJ*B$vPKza(ab!`e~^O z1b?RJKa-O*EGk|67s20vMQZWVu(9H8pCNUzT|-C$lz*fjooa4`Ticj#-q-osQHjtOsafpG1_-(bDR@=;j!ZTS;waBHe3%7+|#6N_Xsaf?)L*G1X z*{|R5?79cLVYClP`1Qm*MrHX6R7k9B`)-wJYWz+5s<(Og&FABmt+i=q>92<%0*>Av zm$jd4s{q-i7253f`N+MPq6oq*3QN`T#BLq9%%-s}F0R2vAq|N8c5Np3N2+6p_8Ss$ z1pko-fQS+N&y5ybb?HnD3HaglP%*b2>C*@rIs`Yg$#szirlB>`x1|XtbR5BdxgkJw zKE6s^dtC%c&emc|F9^5vx^>{vGX;YGkD`^*3)4rnjywRw%UHy9^1NiECML$!ZHY0$ Tw52H=qb_cGN1iq#!}R|j$P~}= literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/files/x509/disable-certificate-events-known-certs.zeek b/testing/btest/scripts/base/files/x509/disable-certificate-events-known-certs.zeek new file mode 100644 index 0000000000..a359a3d286 --- /dev/null +++ b/testing/btest/scripts/base/files/x509/disable-certificate-events-known-certs.zeek @@ -0,0 +1,46 @@ +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/google-cert-repeat.pcap common.zeek %INPUT +# @TEST-EXEC: btest-diff ssl.log +# @TEST-EXEC: btest-diff x509.log +# @TEST-EXEC: btest-diff .stdout + +@TEST-START-FILE common.zeek + +@load base/protocols/ssl +@load protocols/ssl/validate-certs.zeek + +event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) + { + print "x509_certificate", cert$subject; + } + +hook SSL::ssl_finishing(c: connection) + { + print "finishing", c$ssl$cert_chain[0]$x509$certificate$subject; + } + +hook X509::x509_certificate_cache_replay(f: fa_file, e: X509::Info, sha256: string) &priority=5 + { + print "Hook for", e$certificate$subject; + } + +@TEST-END-FILE + +# First: Plain, no changes - certificate event caching won't even engage. + +# @TEST-START-NEXT + +# Second - engage certificate caching. +# Log files and events are unchanged - but the replay hook engages + +redef X509::caching_required_encounters = 1; +redef X509::certificate_cache_minimum_eviction_interval = 11min; + +# @TEST-START-NEXT + +# Third - load policy script to not raise events +# Log files are unchanged; events are not raised from the third time. + +redef X509::caching_required_encounters = 1; +redef X509::certificate_cache_minimum_eviction_interval = 11min; + +@load policy/files/x509/disable-certificate-events-known-certs