[Bro] Problems parsing x509 issuer?
seth at icir.org
Thu Jun 5 10:46:25 PDT 2014
On Jun 5, 2014, at 12:22 PM, Michael Wenthold <michael.wenthold at gmail.com> wrote:
> We are experimenting with tracking/whitelisting x509 certificate issuers, using Bro 2.2. I'm seeing that certain certificates consistently don't appear to be getting parsed properly.
Ignoring the potential certificate parsing issue, it's usually not a good idea to track certs by their subject. You can collect the hash of the certificate and compare on that too.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140605/c680927c/attachment.bin
More information about the Bro