[Zeek] Question about missing cert expired notice...

[Johanna Amann]

Hi Jason,

> We're running Bro 2.5.3,

first - to state the obvious - please upgrade your installtion. There
are _multiple_ security issues in 2.5.3. These can be at least used to
crash your installation.

> ssl.21:23:00-21:24:00.log:1563845011.305071 CNPeEy2dKUx3LGty0k 10.x.x.x 55847 178.x.x.x 443 TLSv12 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - adserver.video F - - FFWRyJzWEVQN1qjrxd,FiWpkz4BkQGSWA36O7 (empty) - - - - - - - - - - - - -

Actually - no certificate validation was performed at allhere (the entries
that would state anything about validity simply are not present, meaning
that the validation code was not run).

The reason for that is probably a bug in 2.5.x - in versions before 2.6,
certificate validation was only performed if the connection was recognized
as established. If packets were missing at the right time of the
connection, this did not happen; there also were some edge-cases were the
detection failed.

This is fixed in 2.6.x

Johanna