[Bro] why x509_extensions event never called?
Bernhard Amann
bernhard at ICSI.Berkeley.EDU
Mon Jan 27 10:36:40 PST 2014
On Jan 27, 2014, at 8:50 AM, Jessica Smith <jes.smith.bro at aol.com> wrote:
> Hi Seth,
> thanks for reply, but there is no more information to give you. I just visited the site www.paypal.com and all SSL events (ssl_client_hello, ssl_server_hello, ssl_established, x509_certificate) are fired except x509_extension. I cannot understand why, but the Paypal's certificate contains many extensions.
Hello Jessica,
a patch for the x509_extension event is in the topic/bernhard/fix-x509-extensions git branch.
The event syntax slightly changed - using
event x509_extension(c: connection, is_orig: bool, cert:X509, extension: X509_extension_info)
{
print extension;
}
should work now.
Bernhard
More information about the Bro
mailing list