[Bro] Problems parsing x509 issuer?
Anthony VEREZ
netantho at gmail.com
Thu Jun 5 09:31:09 PDT 2014
Hello Michael,
it may have been fixed in the dev version, see
https://bro-tracker.atlassian.net/browse/BIT-1195
Anthony
On 6/5/14, 9:22 AM, Michael Wenthold wrote:
> All,
>
> We are experimenting with tracking/whitelisting x509 certificate
> issuers, using Bro 2.2. I'm seeing that certain certificates
> consistently don't appear to be getting parsed properly.
>
> For example:
>
> 1.311.60.2.1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC
> CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign
> Trust Network,O=VeriSign\, Inc.,C=US
>
> 025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use
> at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust
> Network,O=VeriSign\, Inc.,C=US
>
> .1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC
> CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign
> Trust Network,O=VeriSign\, Inc.,C=US
>
>
> This is just a small sample, but it appears to happen mostly with
> certain certificates (like the Verisign extended validation certs). Is
> anyone else seeing this?
>
>
> Mike
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list