[Bro] Problems parsing x509 issuer?
Michael Wenthold
michael.wenthold at gmail.com
Thu Jun 5 09:22:15 PDT 2014
All,
We are experimenting with tracking/whitelisting x509 certificate issuers,
using Bro 2.2. I'm seeing that certain certificates consistently don't
appear to be getting parsed properly.
For example:
1.311.60.2.1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC
CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust
Network,O=VeriSign\, Inc.,C=US
025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at
https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\,
Inc.,C=US
.1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms
of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust
Network,O=VeriSign\, Inc.,C=US
This is just a small sample, but it appears to happen mostly with certain
certificates (like the Verisign extended validation certs). Is anyone
else seeing this?
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140605/5dee4939/attachment.html
More information about the Bro
mailing list