policy/protocols/ssl/validate-sct.bro¶
-
SSL¶
Perform validation of Signed Certificate Timestamps, as used for Certificate Transparency. See RFC6962 for more details.
| Namespace: | SSL |
|---|---|
| Imports: | base/protocols/ssl, policy/protocols/ssl/validate-certs.bro |
| Source File: | /scripts/policy/protocols/ssl/validate-sct.bro |
Summary¶
Types¶
SSL::SctInfo: record |
This record is used to store information about the SCTs that are encountered in a SSL connection. |
SSL::SctSource: enum |
List of the different sources for Signed Certificate Timestamp |
Detailed Interface¶
Types¶
-
SSL::SctInfo¶ Type: - version:
count The version of the encountered SCT (should always be 0 for v1).
- logid:
string The ID of the log issuing this SCT.
- timestamp:
count The timestamp at which this SCT was issued measured since the epoch (January 1, 1970, 00:00), ignoring leap seconds, in milliseconds. Not converted to a Bro timestamp because we need the exact value for validation.
- sig_alg:
count The signature algorithm used for this sct.
- hash_alg:
count The hash algorithm used for this sct.
- signature:
string The signature of this SCT.
- source:
SSL::SctSource Source of this SCT.
- valid:
bool&optional Validation result of this SCT.
This record is used to store information about the SCTs that are encountered in a SSL connection.
- version:
-
SSL::SctSource¶ Type: -
SSL::SCT_X509_EXT¶ Signed Certificate Timestamp was encountered in the extension of an X.509 certificate.
-
SSL::SCT_TLS_EXT¶ Signed Certificate Timestamp was encountered in an TLS session extension.
-
SSL::SCT_OCSP_EXT¶ Signed Certificate Timestamp was encountered in the extension of an stapled OCSP reply.
List of the different sources for Signed Certificate Timestamp
-
