Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test
Jon Siwek bb55f82809 Remove requestorName parameter of ocsp_request event 
This field isn't publicly available via the OpenSSL 1.1 API, not used
in the base scripts, and has no example in the test suit, so removing
it is simpler than trying to support manually parsing it out of the
raw data.
2018-06-29 16:15:34 -05:00

43 lines
1.6 KiB
Text
Raw Blame History

# This tests a pair of normal OCSP request and response
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT
# @TEST-EXEC: btest-diff ocsp.log
# @TEST-EXEC: btest-diff .stdout
@load files/x509/log-ocsp
event bro_init()
{
Files::register_for_mime_type(Files::ANALYZER_OCSP_REQUEST, "application/ocsp-request");
Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
}
event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool)
{
print "extension: ", ext, global_resp;
}
event ocsp_request(f: fa_file, version: count)
{
print "request", version, "";
}
event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)
{
print "request cert", hashAlgorithm, issuerNameHash, issuerKeyHash, serialNumber;
}
event ocsp_response_status(f: fa_file, status: string)
{
print "ocsp_response_status", status;
}
event ocsp_response_bytes(f: fa_file, resp_ref: opaque of ocsp_resp, status: string, version: count, responderId: string, producedAt: time, signatureAlgorithm: string, certs: x509_opaque_vector)
{
print "ocsp_response_bytes", status, version, responderId, producedAt, signatureAlgorithm;
}
event ocsp_response_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string, certStatus: string, revoketime: time, revokereason: string, thisUpdate: time, nextUpdate: time)
{
print "ocsp_response_certificate", hashAlgorithm, issuerNameHash, issuerKeyHash, serialNumber, certStatus, revoketime, revokereason, thisUpdate, nextUpdate;
}
Reference in a new issue View git blame Copy permalink