[Bro] Script examples usign the x509 Functions
Azoff, Justin S
jazoff at illinois.edu
Wed Jun 8 05:39:32 PDT 2016
> On Jun 8, 2016, at 6:31 AM, Graham Bridgeland <grahambridgeland at yahoo.co.uk> wrote:
> Can anyone point me to any simple examples of using the various x509 functions, e.g. x509_verify and x509_ocsp_verify?
> I've trawled through the site and the SSL exercise has a huge amount of great information and have implemented the various events to extract good information. However, I can't find a simple starting point of how to implement these functions to extract additional information out of the pcap files I've collected.
> Any assistance would be appreciated.
The script source code and test suite are often the best place to find how certain functions are used:
~/src/bro $ git grep x509_verify|egrep 'scripts|testing'
scripts/policy/protocols/ssl/validate-certs.bro: local result = x509_verify(chain, root_certs);
testing/btest/bifs/x509_verify.bro: local result = x509_verify(chain, SSL::root_certs);
testing/btest/core/leaks/x509_verify.bro: local result = x509_verify(chain, SSL::root_certs);
scripts/policy/protocols/ssl/validate-certs.bro "Perform full certificate chain validation for SSL certificates." and the two test cases show similar usage.
- Justin Azoff
More information about the Bro