This commit introduces parsing of the CertificateRequest message in the
TLS handshake. It introduces a new event ssl_certificate_request, as
well as a new function parse_distinguished_name, which can be used to
parse part of the ssl_certificate_request event parameters.
This commit also introduces a new policy script, which appends
information about the CAs a TLS server requests in the
CertificateRequest message, if it sends it.
This adds two example plugins within testing/builtin-plugins/Files:
* protocol-plugin copied over from testing/btest/plugins/protocol-plugin
* py-lib-plugin that embeds Python to have a dependency on an external
shared library which was already available in CI and fun to use, too.
Closes#2837
The zeek-kafak plugin's VERSION file contains a commented license
header followed by an empty line, followed by the actual version.
Attempt to deal with this by using the first non-commented non-empty
line.
This reverts commit 957825441a, reversing
changes made to c8cdc75f2b.
Caused spurious CI failures in the external testing baselines. See zeek/zeek#2842.
* origin/topic/vern/Mar23-script-opt-maint:
extend BTest "path" canonicalization to include compiled-to-C++ variable names
use a subclass of TableType for incremental construction of compiled scripts
script_opt/CPP: errors, recursive type fixes, fix embedded comments
Fix for EnumVal's returning their underlying value
better (than nothing) run-time errors for compiled scripts
fixes for dealing with recursive types in compiled scripts
fix for values in compiled scripts containing embedded comment markers
Since ccache in Cirrus currently does not preserve timestamps the
timestamp-based cache pruning implemented by ccache likely would just
remove random files. To work around this, this patch implements a manual
pruning step. This step runs after the build so that at least the files
used in the build should have their timestamps updated. We can then
force eviction of some of the unused files from the cache by cleaning
the cache with a size less than the maximum cache size.
This fixes a potential crash due to trigger_mgr getting shutdown earlier
than dns_mgr, and dns_mgr then trying to use it after it's been deleted.
This change forces the order of initialization/destruction in
iosource_mgr to cause dns_mgr to be deleted first.
The ja3 package uses next instead of return and triggers the new
errors with Zeek 5.2. That seems somewhat bad.
In case we want to do a 5.2.1 that makes this a warning, this
would be change to do so.
* origin/topic/awelzel/zeekctl-ci:
Bump zeekctl submodule
cirrus: Add zeekctl CI task
cirrus: Do not run tasks for builds on cron triggered jobs
cirrus: Rename BRANCH_WHITELIST
This change exposes the signature tyope inside the signed portion of an
X.509 certificate. In the past, we only exposed the signature type that
is contained inside the signature, which is outside the signed portion
of the X.509 certificate.
In theory, both signature fields should have the same value; it is,
however, possible to encode differing values in both fields. The new
field is not logged by default.
Run the zeekctl testing suite within a Debian 11 container. This runs on
pushes to master and release branches. Also, tagging PRs with fullci or
zeekctlci triggers it.
Closeszeek/zeekctl#49
This adds one metric per log stream and one metric per log writer (path based)
to track the number of writes on a stream level as well as on a writer level.
$ curl -sSf localhost:8181/metrics | grep Conn
zeek_log_writer_writes_total{endpoint="",filter-name="default",module="HTTP",path="http",stream="HTTP::LOG",writer="Log::WRITER_SQLITE"} 1 1677497572770
zeek_log_stream_writes_total{endpoint="",module="HTTP",stream="HTTP::LOG"} 1 1677497572770
The initial version of this change also included metrics around log
write vetoes, but given no log policies exist in the default configuration
and they are mostly interesting for a few streams/writers only, skip this
for now. These can always be added by the script writer, too.
The difference between the stream level writes and concrete writers can
be used to deduce the number of vetoes (or errors) as a starting point.
* origin/topic/awelzel/cap-ccache-sizes:
cirrus: Also add ccache limits to container builds
cirrus: Add an epoch to the ccache fingerprint, bump to 1000M
cirrus: Cap ccache max size to 500M and max files to 20000
