This commit adds two new bifs, x509_check_hostname and
x509_check_cert_hostname. These bifs can be used to check if a given
hostname which can, e.g., be sent in a SNI is valid for a specific
certificate.
This PR furthermore modifies the ssl logs again, and adds information
about this to the log-file. Furthermore we now by default remove the
server certificate information from ssl.log - I doubt that this is often
looked at, it is not present in TLS 1.3, we do still have the SNI, and
if you need it you have the information in x509.log.
This also fixes a small potential problem in X509.cc assuming there
might be SAN-entries that contain null-bytes.
Baseline update will follow in another commit.
The API didn't offer methods for passing in data that allow setting
all of offset, source and MIME type. Adding overloads for that (no
breakage to existing APIs).
* origin/topic/vern/zval: (42 commits)
whitespace tweaks
resolved some TODO comments
remove unnecessary casts, and change necessary ones to use static_cast<>
explain cmp_func default
change functions for ZVal type management to static members
fix some unsigned/signed integer warnings
address lint concern about uninitialized variable
Remove use of obsolete forward-declaration macros
fix #include's that lack zeek/ prefixes
explicitly populate holes created in vectors
fixes for now-incorrect assumption that GetField always returns an existing ValPtr
memory management for assignment to vector elements
memory management for assignment to record fields
destructor cleanup from ZAM_vector/ZAM_record
fix #include's that lack zeek/ prefixes
overlooked another way in which vector holes can be created
initialize vector holes to the correct corresponding type
explicitly populate holes created in vectors
fix other instances of GetField().get() assuming long-lived ValPtr's
fix for now-incorrect assumption that GetField always returns an existing ValPtr
...
This can improve performance significantly: ~3.5x faster when tested on
a large file passing data to the file analysis framework in small chunks
of 20 bytes.
This enables locating the headers within the install-tree using the
dirs provided by `zeek-config --include_dir`.
To enable locating these headers within the build-tree, this change also
creates a 'build/src/include/zeek -> ..' symlink.
* origin/topic/timw/266-namespaces-part4: (34 commits)
Add missing namespace to usage of get_exe_path in fuzzer
Rename methods in RunState to remove 'net' from their names
Move zeek::net namespace to zeek::run_state namespace.
Move ScannedFile class and associated globals into ScannedFile.h and out of Net.h and scan.l
Rename types in ZeekList.h to be consistent with the style guide
Move NetVar from zeek to zeek::detail namespace
Remove PRI_PTR_COMPAT macros
Fix indentation of namespaced aliases
Move zeek-setup code into namespaces
Move ZeekList types to zeek namespace
Move __RegisterBif from zeek::detail::plugin to zeek::plugin::detail
Remove unimplemented zeek_magic_path/bro_magic_path method
Move all plugin classes into zeek::plugin::detail namespaces
Rename BroList.h to ZeekList.h
Move a few smaller files to zeek namespaces
Tag the end of some namespaces for consistency
Move a few of the zeek::util methods and variables to zeek::util::detail
Move zeekygen code to zeek::zeekygen::detail namespace
Mark zeek::util::pad_size as constexpr, which provides a small performance improvement
Move everything in util.h to zeek::util namespace.
...
