New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
app-layer-ssl: Validity dates from TLS certificates (v17) #2280
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Decode ASN.1 element type GeneralizedTime in DER-encoded structures.
Add function SCMkTimeUtc to convert broken-down time to Unix epoch in UTC.
Parsing of certificate validity dates to get notBefore and notAfter fields.
Add function SCStringPatternToTime to parse a date string based on an array of pattern strings.
Detection plugin for TLS certificate fields notBefore and notAfter. Supports equal to, less than, greater than, and range operations for both keywords. Dates can be represented as either ISO 8601 or epoch (Unix time). Examples: alert tls [...] tls_cert_notafter:1445852105; [...] alert tls [...] tls_cert_notbefore:<2015-10-22T23:59:59; [...] alert tls [...] tls_cert_notbefore:>2015-10-22; [...] alert tls [...] tls_cert_notafter:2000-10-22<>2020-05-15; [...]
Add function CreateUtcIsoTimeString to create a UTC time string.
Add notBefore and notAfter fields from TLS certificate to extended JSON output.
Add notBefore and NotAfter fields from TLS certificate to extended tls log output.
Add functions TlsGetCertNotBefore and TLSGetCertNotAfter to get notBefore and notAfter fields from TLS certificate in lua scripts.
Move DetectEngineInspectGenericList from detect-engine-dns.c to detect-engine.c to enable it to be used other places as well.
Add detect engine for tls validity keywords (tls_cert_notbefore and tls_cert_notafter).
Merged
Merged through #2284, thanks Mats! Thanks for your patience with the portable time handling :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Get validity dates (notBefore and notAfter) from TLS certificates.
New detection keywords (tls_cert_notbefore and tls_cert_notafter), added validity dates to extended JSON log and extended TLS log output, and new lua functions TlsGetCertNotBefore() and TlsGetCertNotAfter().
Updates:
This PR fixes the following issue:
Prscript: