10 commits

Author	SHA1	Message	Date
Jon Siwek	565ad360c6	Add x509 canonifier to a unit test.	2015-02-03 17:04:26 -06:00
Johanna Amann	8f1cbb8b0a	Fix ocsp reply validation - there were a few things that definitely were wrong. ... Now the right signer certificate for the reply is looked up (and no longer assumed that it is the first one) and a few compares are fixed. Plus - there are more test cases that partially send certificates in the ocsp message and partially do not - and it seems to work fine in all cases. Addresses BIT-1212	2014-09-04 12:22:55 -07:00
Bernhard Amann	d9e7ac6e92	Add policy script adding ocsp validation to ssl.log	2014-05-16 11:21:26 -07:00
Bernhard Amann	f0b244b8b0	Add new features from other branch to the heartbleed-detector (and clean them up). ... We should now quite reliably detect scans/attacks, even when encrypted and not succesful.	2014-05-14 15:42:27 -07:00
Bernhard Amann	ef5b021e77	Polish changes for ecdhe/dhe	2014-04-27 00:15:49 -07:00
Bernhard Amann	fb56b22cff	Add DH support to SSL analyzer. ... When using DHE or DH-Anon, sever key parameters are now available in scriptland. Also add script to alert on weak certificate keys or weak dh-params.	2014-04-26 23:52:51 -07:00
Bernhard Amann	9b7eb293f1	Add documentation, consts and tests for the new events. ... This also fixes the heartbleed detector to work for encrypted attacks in this branch again. It stopped working, because the SSL analyzer now successfully detects established connections, and the scripts usually disable analyzing after that. (The heartbeat branch should not have been affected)	2014-04-24 12:05:30 -07:00
Bernhard Amann	b32c7c7a88	Add policy script to suppress non host-certificate logging in x509.log ... Addresses BIT-1150	2014-03-19 21:32:01 -07:00
Bernhard Amann	4da0718511	Finishing touches of the x509 file analyzer. ... Mostly baseline updates and new tests. addresses BIT-953, BIT-760, BIT-1150	2014-03-13 15:21:30 -07:00
Robin Sommer	f412a00ada	Adding a test for extract-certs-pem.pem.	2013-03-17 13:06:24 -07:00