[Bro] how can I get the hostname in a SSL connection?
Jessica Smith
jes.smith.bro at aol.com
Mon Jan 27 15:44:54 PST 2014
Hi,
I'm analyzing X.509 certificates and I have to check that the CN/SAN matches the hostname to which I am connecting. I was using the hostname value derived from the ssl extension "server_name", but in some cases this extension is not set.
I then tried to use the lookup_addr() function but it returns nothing.
event ssl_established(c: connection)
{
local hostname: string;
if( c$ssl?$server_name )
hostname = c$ssl$server_name;
when(local host = lookup_addr(c$id$resp_h)) { print host; }
}
It does not print the hostname. why?
Jessica.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140127/406a0b76/attachment.html
More information about the Bro
mailing list