mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
549661bd11
- Certificate validation volume has been greatly cut down by caching results. - Cert hashing is now done in one place instead of being repeated everywhere a cert hash was needed. - Some small cleanups for notice suppression that should greatly reduce duplicate notice volume about invalid certificates.
21 lines
No EOL
516 B
Text
21 lines
No EOL
516 B
Text
##! This script calculates MD5 sums for server DER formatted certificates.
|
|
|
|
@load base/protocols/ssl
|
|
|
|
module SSL;
|
|
|
|
export {
|
|
redef record Info += {
|
|
cert_hash: string &log &optional;
|
|
};
|
|
}
|
|
|
|
event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string) &priority=10
|
|
{
|
|
# We aren't tracking client certificates yet and we are also only tracking
|
|
# the primary cert.
|
|
if ( ! is_server || chain_idx != 0 )
|
|
return;
|
|
|
|
c$ssl$cert_hash = md5_hash(der_cert);
|
|
} |