Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/base
History
Johanna Amann 833168090a Add ability to check if hostname is valid for a specific cert 
This commit adds two new bifs, x509_check_hostname and
x509_check_cert_hostname. These bifs can be used to check if a given
hostname which can, e.g., be sent in a SNI is valid for a specific
certificate.

This PR furthermore modifies the ssl logs again, and adds information
about this to the log-file. Furthermore we now by default remove the
server certificate information from ssl.log - I doubt that this is often
looked at, it is not present in TLS 1.3, we do still have the SNI, and
if you need it you have the information in x509.log.

This also fixes a small potential problem in X509.cc assuming there
might be SAN-entries that contain null-bytes.

Baseline update will follow in another commit.
2021-06-29 15:00:48 +01:00
..
files Add policy script suppressing certificate events 2021-06-29 11:39:18 +01:00
frameworks GH-1517: Add Geneve decap support 2021-04-27 11:21:29 +02:00
misc Tweak find-filtered-trace to not flag traces if they have non-TCP 2020-09-25 11:29:44 +00:00
packet-protocols GH-1389: Skip VN-Tag headers 2021-02-01 14:34:56 -07:00
protocols Add ability to check if hostname is valid for a specific cert 2021-06-29 15:00:48 +01:00
utils lint fixes: ensuring functions return values, robustness to nil Val's 2021-03-18 08:21:19 -07:00
init-bare.zeek GH-1517: Add Geneve decap support 2021-04-27 11:21:29 +02:00
init-default.zeek Add backtrace() and print_backtrace() 2020-07-03 14:09:31 -07:00
init-frameworks-and-bifs.zeek GH-1122: Allow initializing globals with calls to subdir BIFs 2020-08-27 12:20:37 -07:00