mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
e8339d5c63
* origin/topic/bernhard/file-analysis-x509: Forgot the preamble for the new leak test (hopefully) last change -> return real opaque vec instead of any_vec Fix dump-events - it cannot be used with ssl anymore, because openssl does not give the same string results in all versions. Finishing touches of the x509 file analyzer. Revert change to only log certificates once per hour. Change x509 log - now certificates are only logged once per hour. Fix circular reference problem and a few other small things. X509 file analyzer nearly done. Verification and most other policy scripts work fine now. Add verify functionality, including the ability to get the validated chain. This means that it is now possible to get information about the root-certificates that were used to secure a connection. Second try on the event interface. Backport crash fix that made it into master with the x509_extension backport from here. Make x509 certificates an opaque type rip out x509 code from ssl analyzer. Note that since at the moment the file analyzer does not yet re-populate the info record that means quite a lot of information is simply not available. parse out extension. One event for general extensions (just returns the openssl-parsed string-value), one event for basicconstraints (is a certificate a CA or not) and one event for subject-alternative-names (only DNS parts). Very basic file-analyzer for x509 certificates. Mostly ripped from the ssl-analyzer and the topic/bernhard/x509 branch. |
||
|---|---|---|
| .. | ||
| __load__.bro | ||
| main.bro | ||
| README | ||
Support for X509 certificates with the file analysis framework.