zeek/scripts/policy/protocols/ssl
Johanna Amann 6ab5701ad0 Update certificate validation script - new version will cache valid
intermediate chains that it encounters on the wire and use those to try
to validate chains that might be missing intermediate certificates.

This vastly improves the number of certificates that Bro can validate.
The only drawback is that now validation behavior is not entirely
predictable anymore - the certificate of a server can fail to validate
when Bro just started up (due to the intermediate missing), and succeed
later, when the intermediate can be found in the cache.

Has been tested on big-ish clusters and should not introduce any
performance problems.
2015-03-09 12:46:33 -07:00
..
expiring-certs.bro re-add notice suppression for expiring certificates 2014-06-06 12:15:38 -07:00
extract-certs-pem.bro Merge remote-tracking branch 'origin/fastpath' 2014-05-21 15:59:26 -05:00
heartbleed.bro and more tiny ssl script fixes 2014-05-21 11:16:24 -07:00
known-certs.bro Merge remote-tracking branch 'origin/fastpath' 2014-05-21 15:59:26 -05:00
log-hostcerts-only.bro Fix missing @load dependencies in some scripts. 2014-04-09 16:32:23 -05:00
notary.bro Merge remote-tracking branch 'origin/topic/jsiwek/deprecation' 2015-01-30 14:37:05 -08:00
validate-certs.bro Update certificate validation script - new version will cache valid 2015-03-09 12:46:33 -07:00
validate-ocsp.bro Extend the weak-keys policy file to also alert when encountering 2015-02-25 13:57:04 -08:00
weak-keys.bro Merge remote-tracking branch 'origin/topic/johanna/ssl-policy' 2015-03-02 17:19:00 -08:00