mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
41 lines
1.5 KiB
Text
41 lines
1.5 KiB
Text
# This tests a normal OCSP request sent through HTTP GET
|
|
|
|
# @TEST-EXEC: zeek -r $TRACES/tls/ocsp-http-get.pcap %INPUT
|
|
# @TEST-EXEC: btest-diff ocsp.log
|
|
# @TEST-EXEC: btest-diff .stdout
|
|
|
|
event zeek_init()
|
|
{
|
|
Files::register_for_mime_type(Files::ANALYZER_OCSP_REQUEST, "application/ocsp-request");
|
|
Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
|
|
}
|
|
|
|
event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool)
|
|
{
|
|
print "extension: ", ext, global_resp;
|
|
}
|
|
|
|
event ocsp_request(f: fa_file, version: count)
|
|
{
|
|
print "request", version, "";
|
|
}
|
|
|
|
event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)
|
|
{
|
|
print "request cert", hashAlgorithm, issuerNameHash, issuerKeyHash, serialNumber;
|
|
}
|
|
|
|
event ocsp_response_status(f: fa_file, status: string)
|
|
{
|
|
print "ocsp_response_status", status;
|
|
}
|
|
|
|
event ocsp_response_bytes(f: fa_file, status: string, version: count, responderId: string, producedAt: time, signatureAlgorithm: string, certs: x509_opaque_vector)
|
|
{
|
|
print "ocsp_response_bytes", status, version, responderId, producedAt, signatureAlgorithm;
|
|
}
|
|
|
|
event ocsp_response_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string, certStatus: string, revoketime: time, revokereason: string, thisUpdate: time, nextUpdate: time)
|
|
{
|
|
print "ocsp_response_certificate", hashAlgorithm, issuerNameHash, issuerKeyHash, serialNumber, certStatus, revoketime, revokereason, thisUpdate, nextUpdate;
|
|
}
|