mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
597a4d6704
- policy/ renamed to scripts/ - By default BROPATH now contains: - scripts/ - scripts/policy - scripts/site - *Nearly* all tests pass. - All of scripts/base/ is loaded by main.cc - Can be disabled by setting $BRO_NO_BASE_SCRIPTS - Scripts in scripts/base/ don't use relative path loading to ease use of BRO_NO_BASE_SCRIPTS (to copy and paste that script). - The scripts in scripts/base/protocols/ only (or soon will only) do logging and state building. - The scripts in scripts/base/frameworks/ add functionality without causing any additional overhead. - All "detection" activity happens through scripts in scripts/policy/. - Communications framework modified temporarily to need an environment variable to actually enable (ENABLE_COMMUNICATION=1) - This is so the communications framework can be loaded as part of the base without causing trouble when it's not needed. - This will be removed once a resolution to ticket #540 is reached.
31 lines
680 B
Text
31 lines
680 B
Text
|
|
module SSL;
|
|
|
|
export {
|
|
redef enum Notice::Type += {
|
|
Invalid_Server_Cert
|
|
};
|
|
|
|
redef record Info += {
|
|
validation_status: string &log &optional;
|
|
};
|
|
|
|
}
|
|
|
|
event ssl_established(c: connection) &priority=5
|
|
{
|
|
# If there aren't any certs we can't very well do certificate validation.
|
|
if ( !c$ssl?$cert || !c$ssl?$cert_chain )
|
|
return;
|
|
|
|
local result = x509_verify(c$ssl$cert, c$ssl$cert_chain, root_certs);
|
|
c$ssl$validation_status = x509_err2str(result);
|
|
if ( result != 0 )
|
|
{
|
|
local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status);
|
|
NOTICE([$note=Invalid_Server_Cert, $msg=message,
|
|
$sub=c$ssl$subject, $conn=c]);
|
|
}
|
|
}
|
|
|
|
|