[Bro] Script examples usign the x509 Functions

Azoff, Justin S jazoff at illinois.edu
Wed Jun 8 05:39:32 PDT 2016

> On Jun 8, 2016, at 6:31 AM, Graham Bridgeland <grahambridgeland at yahoo.co.uk> wrote:
> Hello
> Can anyone point me to any simple examples of using the various x509 functions, e.g. x509_verify and x509_ocsp_verify?
> I've trawled through the site and the SSL exercise has a huge amount of great information and have implemented the various events to extract good information. However, I can't find a simple starting point of how to implement these functions to extract additional information out of the pcap files I've collected.
> Any assistance would be appreciated.
> Regards
> Graham

The script source code and test suite are often the best place to find how certain functions are used:

~/src/bro  $ git grep x509_verify|egrep 'scripts|testing'
scripts/policy/protocols/ssl/validate-certs.bro:	local result = x509_verify(chain, root_certs);
testing/btest/bifs/x509_verify.bro:	local result = x509_verify(chain, SSL::root_certs);
testing/btest/core/leaks/x509_verify.bro:	local result = x509_verify(chain, SSL::root_certs);

scripts/policy/protocols/ssl/validate-certs.bro "Perform full certificate chain validation for SSL certificates." and the two test cases show similar usage.

- Justin Azoff

More information about the Bro mailing list