[Bro] Problems parsing x509 issuer?

bernhard at ICSI.Berkeley.EDU bernhard at ICSI.Berkeley.EDU
Thu Jun 5 10:00:13 PDT 2014


Hello Michael,

like Anthony said, this bug was probably fixed in the current master 
version. Could you try with that and see if that fixes your problem? I 
think this is the only change since 2.3-beta that made it into master, 
so using it will not break anything else.

Bernhard

On 5 Jun 2014, at 9:22, Michael Wenthold wrote:

> All,
>
> We are experimenting with tracking/whitelisting x509 certificate 
> issuers,
> using Bro 2.2.  I'm seeing that certain certificates consistently 
> don't
> appear to be getting parsed properly.
>
> For example:
>
> 1.311.60.2.1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL 
> SGC
> CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign 
> Trust
> Network,O=VeriSign\, Inc.,C=US
>
> 025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of 
> use at
> https://www.verisign.com/rpa (c)06,OU=VeriSign Trust 
> Network,O=VeriSign\,
> Inc.,C=US
>
> .1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC 
> CA,OU=Terms
> of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust
> Network,O=VeriSign\, Inc.,C=US
>
>
> This is just a small sample, but it appears to happen mostly with 
> certain
> certificates (like the Verisign extended validation certs).   Is 
> anyone
> else seeing this?
>
>
> Mike
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list