mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
b56b856da9
This commit introduces parsing of the CertificateRequest message in the TLS handshake. It introduces a new event ssl_certificate_request, as well as a new function parse_distinguished_name, which can be used to parse part of the ssl_certificate_request event parameters. This commit also introduces a new policy script, which appends information about the CAs a TLS server requests in the CertificateRequest message, if it sends it.
23 lines
809 B
Text
23 lines
809 B
Text
##! When the server requests a client certificate, it optionally may specify a list of CAs that
|
|
##! it accepts. If the server does this, this script adds this list to ssl.log.
|
|
|
|
@load base/protocols/ssl
|
|
|
|
module SSL;
|
|
|
|
redef record SSL::Info += {
|
|
## List of cient certificate CAs accepted by the server
|
|
requested_client_certificate_authorities: vector of string &optional &log;
|
|
};
|
|
|
|
event ssl_certificate_request(c: connection, is_client: bool, certificate_types: index_vec, supported_signature_algorithms: SSL::SignatureAndHashAlgorithm, certificate_authorities: string_vec)
|
|
{
|
|
if ( is_client )
|
|
return;
|
|
|
|
local out: vector of string = vector();
|
|
for ( i in certificate_authorities )
|
|
out[i] = parse_distinguished_name(certificate_authorities[i]);
|
|
|
|
c$ssl$requested_client_certificate_authorities = out;
|
|
}
|