mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
ec721dffec
- Added a field named $last_alert to the SSL log. This doesn't even indicate the direction the alert was sent, but we need to start somewhere. - The x509_certificate function has an is_orig field now instead of is_server and it's position in the argument list has moved. - A bit of reorganization and cleanup in the core analyzer.
21 lines
No EOL
577 B
Text
21 lines
No EOL
577 B
Text
##! This script calculates MD5 sums for server DER formatted certificates.
|
|
|
|
@load base/protocols/ssl
|
|
|
|
module SSL;
|
|
|
|
export {
|
|
redef record Info += {
|
|
cert_hash: string &log &optional;
|
|
};
|
|
}
|
|
|
|
event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string) &priority=4
|
|
{
|
|
# We aren't tracking client certificates yet and we are also only tracking
|
|
# the primary cert. Watch that this came from an SSL analyzed session too.
|
|
if ( is_orig || chain_idx != 0 || ! c?$ssl )
|
|
return;
|
|
|
|
c$ssl$cert_hash = md5_hash(der_cert);
|
|
} |