[Bro] Problems parsing x509 issuer?
Shane Castle
shane.castle at gmail.com
Thu Jun 5 09:45:20 PDT 2014
I saw that too, that even if I was careful to get copies in the host's cert storage and run a script like is outlined in (https://www.bro.org/current/solutions/extending/). It seems there is indeed an issue with the cert parsing code.
Sent from my iPad
> On Jun 5, 2014, at 18:22, Michael Wenthold <michael.wenthold at gmail.com> wrote:
>
> All,
>
> We are experimenting with tracking/whitelisting x509 certificate issuers, using Bro 2.2. I'm seeing that certain certificates consistently don't appear to be getting parsed properly.
>
> For example:
>
> 1.311.60.2.1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
>
> 025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
>
> .1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
>
>
> This is just a small sample, but it appears to happen mostly with certain certificates (like the Verisign extended validation certs). Is anyone else seeing this?
>
>
> Mike
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140605/ce84813f/attachment.html
More information about the Bro
mailing list