Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS SubjectAltName sticky buffer/v5 #10750

Closed
wants to merge 3 commits into from
Closed

TLS SubjectAltName sticky buffer/v5 #10750

wants to merge 3 commits into from

Conversation

inashivb
Copy link
Member

@inashivb inashivb commented Apr 2, 2024

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5234

SV_BRANCH=OISF/suricata-verify#1738

Previous PR: #10748

Changes since v4:

  • more SAN types handled on rust side
  • simplified checks during detection

@inashivb
tls: store list of subject alternative names
2c49aad 
So far, the SANs were available as a part of IssuerDN via x509_parser
crate but SANs were not available to the SSLState* to be directly used
to setup and match against a sticky buffer.
Expose it to SSLStateConnp.

Feature 5234
@inashivb
detect/tls-subjectaltname: add sticky buffer
1c45bb4 
Add TLS SubjectAltName sticky buffer.

Feature 5234
@inashivb
doc: add description about tls.subjectaltname
8dd86e1 
Feature 5234
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 19907

@inashivb inashivb marked this pull request as ready for review April 3, 2024 05:30
catenacyber
catenacyber reviewed Apr 3, 2024
View reviewed changes
Copy link
Contributor

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good Shivani

  • CI : 🟢
  • Code : checking now
  • Commits segmentation : ok for me, even if I would squash the doc commit into the one adding the keyword
  • Commit messages : ok for me, git log | grep Feature shows usage of either : or #
  • Git ID set : looks fine for me
  • CLA : you already contributed :-)
  • Doc update : Ok, maybe mention "x509 certificate"
  • Redmine ticket : ok
  • Rustfmt : may be done on rust/src/x509/mod.rs
  • Tests : left a few questions there
  • Dependencies added: none

@catenacyber
Copy link
Contributor

Is this ready for #10462 ?

@inashivb
Copy link
Member Author

inashivb commented Apr 4, 2024

Is this ready for #10462 ?

Not yet. I have to incorporate the feedback that comes out of our discussions above.

@inashivb inashivb mentioned this pull request Apr 4, 2024
Closed
@inashivb inashivb closed this Apr 4, 2024
@inashivb inashivb deleted the feat-5234/v5 branch April 4, 2024 11:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@inashivb @suricata-qa @catenacyber