[Bro] why x509_extensions event never called?

Bernhard Amann bernhard at ICSI.Berkeley.EDU
Mon Jan 27 10:36:40 PST 2014

On Jan 27, 2014, at 8:50 AM, Jessica Smith <jes.smith.bro at aol.com> wrote:

> Hi Seth,
> thanks for reply, but there is no more information to give you. I just visited the site www.paypal.com and all SSL events (ssl_client_hello, ssl_server_hello, ssl_established, x509_certificate) are fired except x509_extension. I cannot understand why, but the Paypal's certificate contains many extensions.

Hello Jessica,

a patch for the x509_extension event is in the topic/bernhard/fix-x509-extensions git branch. 

The event syntax slightly changed - using

event x509_extension(c: connection, is_orig: bool, cert:X509, extension: X509_extension_info) 
	print extension;

should work now.


More information about the Bro mailing list