[Bro] Problems parsing x509 issuer?
bernhard at ICSI.Berkeley.EDU
bernhard at ICSI.Berkeley.EDU
Thu Jun 5 10:00:13 PDT 2014
Hello Michael,
like Anthony said, this bug was probably fixed in the current master
version. Could you try with that and see if that fixes your problem? I
think this is the only change since 2.3-beta that made it into master,
so using it will not break anything else.
Bernhard
On 5 Jun 2014, at 9:22, Michael Wenthold wrote:
> All,
>
> We are experimenting with tracking/whitelisting x509 certificate
> issuers,
> using Bro 2.2. I'm seeing that certain certificates consistently
> don't
> appear to be getting parsed properly.
>
> For example:
>
> 1.311.60.2.1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL
> SGC
> CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign
> Trust
> Network,O=VeriSign\, Inc.,C=US
>
> 025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of
> use at
> https://www.verisign.com/rpa (c)06,OU=VeriSign Trust
> Network,O=VeriSign\,
> Inc.,C=US
>
> .1.3=#13025553CN=VeriSign Class 3 Extended Validation SSL SGC
> CA,OU=Terms
> of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust
> Network,O=VeriSign\, Inc.,C=US
>
>
> This is just a small sample, but it appears to happen mostly with
> certain
> certificates (like the Verisign extended validation certs). Is
> anyone
> else seeing this?
>
>
> Mike
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list