[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation

Johanna Amann (JIRA) jira at bro-tracker.atlassian.net
Mon Mar 9 13:04:00 PDT 2015

Johanna Amann created BIT-1332:

             Summary: Please merge topic/johanna/cert-validation
                 Key: BIT-1332
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1332
             Project: Bro Issue Tracker
          Issue Type: Improvement
          Components: Bro
    Affects Versions: git/master
            Reporter: Johanna Amann
             Fix For: 2.4

Please merge topic/johanna/cert-validation. This is an update to the script used to validate certificates in SSL/TLS connections. Description from main commit:

    Update certificate validation script - new version will cache valid
    intermediate chains that it encounters on the wire and use those to try
    to validate chains that might be missing intermediate certificates.

    This vastly improves the number of certificates that Bro can validate.
    The only drawback is that now validation behavior is not entirely
    predictable anymore - the certificate of a server can fail to validate
    when Bro just started up (due to the intermediate missing), and succeed
    later, when the intermediate can be found in the cache.

    Has been tested on big-ish clusters and should not introduce any
    performance problems.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list