policy/protocols/ssl/validate-certs.bro

SSL

Perform full certificate chain validation for SSL certificates.

Namespace:SSL
Imports:base/frameworks/notice, base/protocols/ssl
Source File:/scripts/policy/protocols/ssl/validate-certs.bro

Summary

State Variables

SSL::recently_validated_certs: table &read_expire = 5.0 mins &redef MD5 hash values for recently validated chains along with the validation status are kept in this table to avoid constant validation every time the same certificate chain is seen.
SSL::ssl_cache_intermediate_ca: bool &redef Use intermediate CA certificate caching when trying to validate certificates.

Redefinitions

Notice::Type: enum  
SSL::Info: record  

Events

SSL::intermediate_add: event Event from a worker to the manager that it has encountered a new valid intermediate.
SSL::new_intermediate: event Event from the manager to the workers that a new intermediate chain is to be added.

Detailed Interface

State Variables

SSL::recently_validated_certs
Type:table [string] of string
Attributes:&read_expire = 5.0 mins &redef
Default:{}

MD5 hash values for recently validated chains along with the validation status are kept in this table to avoid constant validation every time the same certificate chain is seen.

SSL::ssl_cache_intermediate_ca
Type:bool
Attributes:&redef
Default:T

Use intermediate CA certificate caching when trying to validate certificates. When this is enabled, Bro keeps track of all valid intermediate CA certificates that it has seen in the past. When encountering a host certificate that cannot be validated because of missing intermediate CA certificate, the cached list is used to try to validate the cert. This is similar to how Firefox is doing certificate validation.

Disabling this will usually greatly increase the number of validation warnings that you encounter. Only disable if you want to find misconfigured servers.

Events

SSL::intermediate_add
Type:event (key: string, value: vector of opaque of x509)

Event from a worker to the manager that it has encountered a new valid intermediate.

SSL::new_intermediate
Type:event (key: string, value: vector of opaque of x509)

Event from the manager to the workers that a new intermediate chain is to be added.

Copyright 2016, The Bro Project. Last updated on December 07, 2018. Created using Sphinx 1.8.2.