policy/protocols/ssl/validate-certs.bro
-
SSL
Perform full certificate chain validation for SSL certificates.
Detailed Interface
State Variables
-
SSL::recently_validated_certs
-
MD5 hash values for recently validated chains along with the
validation status are kept in this table to avoid constant
validation every time the same certificate chain is seen.
-
SSL::ssl_cache_intermediate_ca
-
Use intermediate CA certificate caching when trying to validate
certificates. When this is enabled, Bro keeps track of all valid
intermediate CA certificates that it has seen in the past. When
encountering a host certificate that cannot be validated because
of missing intermediate CA certificate, the cached list is used
to try to validate the cert. This is similar to how Firefox is
doing certificate validation.
Disabling this will usually greatly increase the number of validation warnings
that you encounter. Only disable if you want to find misconfigured servers.
Events
-
SSL::intermediate_add
-
Event from a worker to the manager that it has encountered a new
valid intermediate.
-
SSL::new_intermediate
-
Event from the manager to the workers that a new intermediate chain
is to be added.