[Bro-Dev] [JIRA] (BIT-1502) X509 doesn't log all certificates

Johanna Amann (JIRA) jira at bro-tracker.atlassian.net
Wed Nov 4 15:33:00 PST 2015

    [ https://bro-tracker.atlassian.net/browse/BIT-1502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22805#comment-22805 ] 

Johanna Amann commented on BIT-1502:


I just tried this and I cannot reproduce the issue --- certificates, e.g. for facebook.com seem to show up fine for me.

Could you please attach a trace that shows the issue to this ticket (or send it to me at johanna at bro.org)?


> X509 doesn't log all certificates
> ---------------------------------
>                 Key: BIT-1502
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1502
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>         Environment: test setup
>            Reporter: Gavin Spearhead
>            Assignee: Johanna Amann
>              Labels: ssl
> I'm trying to use bro to log all X509 certificate information for SSL / HTTPS connections. It seems however that not all certificates are logged in the x509.log. (or in files.log). However the connections are visible in the ssl.log. The setup is a basic install.  
> E.g. https://facebook.com and https://twitter.com are not logged, whereas https://tweakers.net or https://api.twitter.com are logged. Is this a bug, feature? Any idea how to ensure all the certificates are stored?

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list