* origin/topic/seth/ssl-binpac:
Fixed bug due to vectors now initially indexed on 0.
Finished core support for new SSL analyzer.
SSL analyzer changes with accompanying BiF.
A table_s_of_s type to get around bifcl type limitation.
Regenerated the Mozilla CA bundle without the untrusted server authentication certs.
Complete rewrite to SSL analyzer.
Conflicts:
src/AnalyzerTags.h
src/CMakeLists.txt
Notes:
- Haven't looked at the script-level, postponed to
policy-scripts-new.
- I renamed X509Extension to X509_extension for consistency.
Note: I didn't merge anything in policy/*. Seems there was some
unrelated stuff in there, and the ticket says that the policy script
was a dummy for now anyway.
* origin/topic/seth/syslog-analyzer:
Updates for syslog analyzer to prepare it for merging.
Added the initial syslog analyzer and policy script.
Adding some of the initial scripts that are going to be merged from my script repository.
- The install_pcap_filter BiF no longer will prevent
a filter from being installed if a -f filter was
provided. This was already causing a problem where
command line supplied filters weren't working.
The pcap.bro script is now where the filter update
limitation is placed making it possible for users
to still update the filter at runtime if they really
want to.
With a directory "foo" somewhere in BROPATH, "@load foo" now checks if
there's a file "foo/__load__.bro". If so, it reads that file in. (If
not, Bro reports the same error as before, complaining that it can't
read a directory).
I re-added it because it's used by the detect-webapps
script to re-log software that may already be logged
if a more-root URL is found that still represents the
same software.
- New extension mechanism.
- Notices requiring realtime actions can be accomodated with
the notice_functions set which are called synchronously
prior to logging or any further handling.
- Notice::notice event handlers will be called afterward
and follow normal (old) notice handling process. Logging
is done by handling this event.
- Lots of new docs.
- Renaming Action enums to reduce confusion with Type enums.
- Notice tags are attached to the Conn::Info record as a set[string].
- Certificate and certificate chain validation is now done
fully in policy script land. The script to do this will
be written in the new policy scripts branch once this is
merged.
- Removed hand written SSL analyzer.
- Rewrote and reworked much of the BinPAC SSL analyzer.
- Full DER certificates are extracted as strings to be used with
corresponding BiFs.
- x509_verify function to verify single certs and/or full certificate chains.
- Move binary packaging scripts out of source root into pkg/ subdir
- A consistent CMake version (2.8.4) is now enforced for binary packaging
- Added a 'bindist' target to top Makefile as a convenience
- The 'dist' target has been rewritten to depend on standard system
command/utils rather than CMake and the full dependency chain of Bro,
addressing #398 (but the CMake 'package_source' target is still available
in the generated build/Makefile and can be used if desired)
