Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
4875 commits 387 branches 198 tags 286 MiB
Commit graph

9 commits

Author SHA1 Message Date
Jon Siwek
385438d47c Change X509 extension value parsing to not abort on malloc failures. 
Also comes with factoring that out in to it's own function and
additional error check before using a return value from BIO_pending.
 2014-05-01 13:04:34 -05:00
Jon Siwek
d7d5497436 Improve/standardize some malloc/realloc return val checks. 2014-04-29 15:26:19 -05:00
Robin Sommer
e8339d5c63 Merge remote-tracking branch 'origin/topic/bernhard/file-analysis-x509' 
* origin/topic/bernhard/file-analysis-x509:
  Forgot the preamble for the new leak test
  (hopefully) last change -> return real opaque vec instead of any_vec
  Fix dump-events - it cannot be used with ssl anymore, because openssl does not give the same string results in all versions.
  Finishing touches of the x509 file analyzer.
  Revert change to only log certificates once per hour.
  Change x509 log - now certificates are only logged once per hour.
  Fix circular reference problem and a few other small things.
  X509 file analyzer nearly done. Verification and most other policy scripts work fine now.
  Add verify functionality, including the ability to get the validated chain. This means that it is now possible to get information about the root-certificates that were used to secure a connection.
  Second try on the event interface.
  Backport crash fix that made it into master with the x509_extension backport from here.
  Make x509 certificates an opaque type
  rip out x509 code from ssl analyzer. Note that since at the moment the file analyzer does not yet re-populate the info record that means quite a lot of information is simply not available.
  parse out extension. One event for general extensions (just returns the openssl-parsed string-value), one event for basicconstraints (is a certificate a CA or not) and one event for subject-alternative-names (only DNS parts).
  Very basic file-analyzer for x509 certificates. Mostly ripped from the ssl-analyzer and the topic/bernhard/x509 branch.
 2014-03-14 09:53:07 -07:00
Bernhard Amann
d42d9bbc3f (hopefully) last change -> return real opaque vec instead of any_vec 2014-03-13 16:10:59 -07:00
Bernhard Amann
3f52eeacda Fix dump-events - it cannot be used with ssl anymore, because openssl 
does not give the same string results in all versions.

Add leak test for x509 verify and fix small leak (type).
 2014-03-13 15:41:57 -07:00
Bernhard Amann
4da0718511 Finishing touches of the x509 file analyzer. 
Mostly baseline updates and new tests.

addresses BIT-953, BIT-760, BIT-1150
 2014-03-13 15:21:30 -07:00
Bernhard Amann
0d50b8b04f Change x509 log - now certificates are only logged once per hour. 
Add parsing of several more types to SAN extension.

Make error messages of x509 file analyzer more useful.

Fix file ID generation.

You apparently have to be very careful which EndOfFile function of
the file analysis framework you call... otherwhise it might try
to close another file id. This took me quite a while to find.

addresses BIT-953, BIT-760, BIT-1150
 2014-03-13 00:05:48 -07:00
Bernhard Amann
110d9fbd6a X509 file analyzer nearly done. Verification and most other policy scripts 
work fine now.

Todo:
 * update all baselines
 * fix the circular reference to the fa_file structure I introduced :)
   Sadly this does not seem to be entirely straightforward.

addresses BIT-953, BIT-760
 2014-03-03 17:07:50 -08:00
Bernhard Amann
a1f2ab34ac Add verify functionality, including the ability to get the validated 
chain. This means that it is now possible to get information about the
root-certificates that were used to secure a connection.

Intermediate commit before changing the script interface again.

addresses BIT-953, BIT-760
 2014-03-03 10:49:28 -08:00