New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tls store v1.5 #34

merged 11 commits into from Aug 27, 2012


3 participants

regit commented Aug 25, 2012

Updated version with a fixed NSS implementation of hash function.

Popof and others added some commits Feb 1, 2012

tls: adding TLS Log support
Creation of the log-tlslog file in order to log tls message.
Need to add some information into suricata.yaml to work.

  - tls-log:
      enabled: yes	# Log TLS connections.
      filename: tls.log # File to store TLS logs.
tls: adding cryptographic functions.
Adding util-crypt containing cryptographic functions as SHA1 and Base64.
tls: adding fingerprint calculation.
Adding a pointer in ssl_state struct and compute fingerprint during
certificate decoding.
tls: adding support for fingerprint rule matching.
Add the support for tls.fingerprint keyword in rules.
tls: adding fingerprint to TLS Log information.
Improve TLS logging by adding the certificate fingerprint to TLS Log file.
Add the extending option to the tls-log entry in suricata.yaml.
tls: adding store option for TLS
This patch adds a TLS store option to save certificate in PEM format.
Each time the store action is met, a file and a metafile are created.

Reworked-by: Eric Leblond <>
tls: keep pointers to all certificates in chain
When multiple certificates forming a chain are sent. A pointer to
the start of each certificate is kept. This will allow treatment
on certificates chains.
detect-tls: various indent fixes.
And delete a useless FIXME.
tls: store all the certificates chain in the written PEM file.
When using the command, a dump of all certificates in
the chain is now done on the disk.

@inliniac inliniac merged commit f82573b into OISF:master Aug 27, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment