- SSL related files and classes renamed to remove the "binpac" term.
- A small fix for DPD scripts to make the DPD log more helpful if
there are multiple continued failures. Also, fixed the SSL
analyzer to make it stop doing repeated violation messages for
some handshake failures.
- Added a $issuer_subject to the SSL log.
- Created a basic test for SSL.
- Added a field named $last_alert to the SSL log. This doesn't even
indicate the direction the alert was sent, but we need to start somewhere.
- The x509_certificate function has an is_orig field now instead of
is_server and it's position in the argument list has moved.
- A bit of reorganization and cleanup in the core analyzer.
* remotes/origin/topic/policy-scripts-new:
Fixed another SSL analyzer memory leak.
Attempting to fix another SSL bug.
Fixing a ref counting bug in the SSL analyzer that I just introduced.
Fixing memory leaks in SSL analyzer.
Fixed a parsing bug in the SSL analyzer thanks to tracefile from Aashish Sharma.
Removing my fix from earlier. This is indicating the script-land generated events priority problem.
Updates to the DPD framework.
Fixed a bug in the auth-addl DNS script.
Conflicts:
src/bro.bif
* remotes/origin/topic/policy-scripts-new:
Add RPC/SSL scripts to doc generation target.
Update the generated script doc organization.
Changing back the last commit. It made things worse.
Trying a different method of record parsing for SSL analyzer.
Moved the RPC script into the right place.
More SSL script cleanup.
Fixed a segfault from empty strings in the SSL analyzer.
Removing what I believe is the last stray print statement from the SSL analyzer.
Fixed more eternal looping bugs in the SSL analyzer.
Updates and fixes for the SSL analyzer.
Changes to make generated script docs understand new policy/ hierarchy.
- Fixed a pretty major eternal looping bug in the SSL analyzer and
a few other parsing problems.
- New core scripts and log for SSL connection analysis.
- New known-certs script for logging certificate assets.
* origin/topic/seth/ssl-binpac:
Fixed bug due to vectors now initially indexed on 0.
Finished core support for new SSL analyzer.
SSL analyzer changes with accompanying BiF.
A table_s_of_s type to get around bifcl type limitation.
Regenerated the Mozilla CA bundle without the untrusted server authentication certs.
Complete rewrite to SSL analyzer.
Conflicts:
src/AnalyzerTags.h
src/CMakeLists.txt
Notes:
- Haven't looked at the script-level, postponed to
policy-scripts-new.
- I renamed X509Extension to X509_extension for consistency.
* I haven't removed handwritten analyzer code yet although it isn't built anymore.
* The ssl.bro script is just an example and doesn't keep any state yet.
