mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
b56b856da9
This commit introduces parsing of the CertificateRequest message in the TLS handshake. It introduces a new event ssl_certificate_request, as well as a new function parse_distinguished_name, which can be used to parse part of the ssl_certificate_request event parameters. This commit also introduces a new policy script, which appends information about the CAs a TLS server requests in the CertificateRequest message, if it sends it.
11 lines
1,023 B
Text
11 lines
1,023 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path ssl
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert requested_client_certificate_authorities
|
|
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool vector[string]
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 fd42:496a:d659:bb85::1 52464 fd42:496a:d659:bb85:216:3eff:fe6a:a257 3000 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 x25519 - F handshake_failure - F CsxkrnXGIl 0a171ee771a26530c650fe8b8a6bf205177bfb64fbb3e5303ba348c13ffc7dfa,c628dd5aae1f216da6ce4f8f914fb7141c2b0afd3522cce5900bcc4840657bfd (empty) - O=SomeOrg\x2cL=Somewhere\x2cST=Some-State\x2cC=US
|
|
#close XXXX-XX-XX-XX-XX-XX
|