Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
4972 commits 386 branches 195 tags 256 MiB
Commit graph

10 commits

Author SHA1 Message Date
Bernhard Amann
9a8fc7a47d and more tiny ssl script fixes 2014-05-21 11:16:24 -07:00
Bernhard Amann
ff00c0786a a few more small fixes for chains containing broken certs. 2014-05-21 11:01:33 -07:00
Jon Siwek
58efa09426 Adapt SSL analyzer to generate file analysis handles itself. 2014-04-23 16:59:27 -05:00
Robin Sommer
e8339d5c63 Merge remote-tracking branch 'origin/topic/bernhard/file-analysis-x509' 
* origin/topic/bernhard/file-analysis-x509:
  Forgot the preamble for the new leak test
  (hopefully) last change -> return real opaque vec instead of any_vec
  Fix dump-events - it cannot be used with ssl anymore, because openssl does not give the same string results in all versions.
  Finishing touches of the x509 file analyzer.
  Revert change to only log certificates once per hour.
  Change x509 log - now certificates are only logged once per hour.
  Fix circular reference problem and a few other small things.
  X509 file analyzer nearly done. Verification and most other policy scripts work fine now.
  Add verify functionality, including the ability to get the validated chain. This means that it is now possible to get information about the root-certificates that were used to secure a connection.
  Second try on the event interface.
  Backport crash fix that made it into master with the x509_extension backport from here.
  Make x509 certificates an opaque type
  rip out x509 code from ssl analyzer. Note that since at the moment the file analyzer does not yet re-populate the info record that means quite a lot of information is simply not available.
  parse out extension. One event for general extensions (just returns the openssl-parsed string-value), one event for basicconstraints (is a certificate a CA or not) and one event for subject-alternative-names (only DNS parts).
  Very basic file-analyzer for x509 certificates. Mostly ripped from the ssl-analyzer and the topic/bernhard/x509 branch.
 2014-03-14 09:53:07 -07:00
Bernhard Amann
4da0718511 Finishing touches of the x509 file analyzer. 
Mostly baseline updates and new tests.

addresses BIT-953, BIT-760, BIT-1150
 2014-03-13 15:21:30 -07:00
Bernhard Amann
74d728656d Revert change to only log certificates once per hour. 
addresses BIT-953, BIT-760, BIT-1150
 2014-03-13 13:38:44 -07:00
Bernhard Amann
0d50b8b04f Change x509 log - now certificates are only logged once per hour. 
Add parsing of several more types to SAN extension.

Make error messages of x509 file analyzer more useful.

Fix file ID generation.

You apparently have to be very careful which EndOfFile function of
the file analysis framework you call... otherwhise it might try
to close another file id. This took me quite a while to find.

addresses BIT-953, BIT-760, BIT-1150
 2014-03-13 00:05:48 -07:00
Bernhard Amann
7eb6b5133e Fix circular reference problem and a few other small things. 
SSL::Info now holds a reference to Files::Info instead of the
fa_files record.

Everything should work now, if everyone thinks that the interface is
ok I will update the test baselines in a bit.

addresses BIT-953, BIT-760
 2014-03-04 05:30:32 -08:00
Bernhard Amann
110d9fbd6a X509 file analyzer nearly done. Verification and most other policy scripts 
work fine now.

Todo:
 * update all baselines
 * fix the circular reference to the fa_file structure I introduced :)
   Sadly this does not seem to be entirely straightforward.

addresses BIT-953, BIT-760
 2014-03-03 17:07:50 -08:00
Bernhard Amann
e5a589dbfe Very basic file-analyzer for x509 certificates. Mostly ripped from 
the ssl-analyzer and the topic/bernhard/x509 branch.

Simply prints information about the encountered certificates (I have
not yet my mind up, what I will log...).

Next step: extensions...
 2013-09-16 14:08:22 -07:00