[Bro] Problems parsing x509 issuer?

Seth Hall seth at icir.org
Thu Jun 5 10:46:25 PDT 2014

On Jun 5, 2014, at 12:22 PM, Michael Wenthold <michael.wenthold at gmail.com> wrote:

> We are experimenting with tracking/whitelisting x509 certificate issuers, using Bro 2.2.  I'm seeing that certain certificates consistently don't appear to be getting parsed properly.

Ignoring the potential certificate parsing issue, it's usually not a good idea to track certs by their subject.  You can collect the hash of the certificate and compare on that too.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140605/c680927c/attachment.bin 

More information about the Bro mailing list