[Bro] Problems parsing x509 issuer?

Anthony VEREZ netantho at gmail.com
Thu Jun 5 09:31:09 PDT 2014


Hello Michael,

it may have been fixed in the dev version, see
https://bro-tracker.atlassian.net/browse/BIT-1195

Anthony

On 6/5/14, 9:22 AM, Michael Wenthold wrote:
> All,
> 
> We are experimenting with tracking/whitelisting x509 certificate
> issuers, using Bro 2.2.  I'm seeing that certain certificates
> consistently don't appear to be getting parsed properly.
> 
> For example:
> 
> 1.311.60.2.1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC
> CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign
> Trust Network,O=VeriSign\, Inc.,C=US
> 
> 025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use
> at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust
> Network,O=VeriSign\, Inc.,C=US
> 
> .1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC
> CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign
> Trust Network,O=VeriSign\, Inc.,C=US
> 
> 
> This is just a small sample, but it appears to happen mostly with
> certain certificates (like the Verisign extended validation certs).   Is
> anyone else seeing this?
> 
> 
> Mike
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 




More information about the Bro mailing list