zeek/testing/btest/scripts/base/protocols/ssl/x509_extensions.test at 6d73b8c57e5bd74a0e7b880d2e547cd6da3649b9 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Bernhard Amann 6d73b8c57e Fix x509_extension event.

The event now really returns the extension. If openssl supports printing
it, it is converted into the openssl ascii output.

The output does not always look pretty because it can contain newlines.

New event syntax:
event x509_extension(c: connection, is_orig: bool, cert:X509, extension: X509_extension_info)

Example output for extension:
  [name=X509v3 Extended Key Usage,
    short_name=extendedKeyUsage,
    oid=2.5.29.37,
    critical=F,
    value=TLS Web Server Authentication, TLS Web Client Authentication]
  [name=X509v3 Certificate Policies,
   short_name=certificatePolicies,
   oid=2.5.29.32,
   critical=F,
   value=Policy: 1.3.6.1.4.1.6449.1.2.1.3.4^J  CPS: https://secure.comodo.com/CPS^J]

2014-01-27 10:24:57 -08:00

7 lines

200 B

Text

Raw Blame History

 # @TEST-EXEC: bro -r $TRACES/tls1.2.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 event x509_extension(c: connection, is_orig: bool, cert:X509, extension: X509_extension_info)
 {
 	print extension;
 }