X509 updates
Description
Environment
Activity
Does this work as a short summary? I think it should be the gist of it...
Rework and move X509 certificate processing from the SSL protocol analyzer to a dedicated file analyzer. This will allow us to examine X509 certificates from sources other than SSL in the future. Furthermore, we now parse more fields and extensions from the certificates (e.g. elliptic curve information, subject alternative names, basic constraints). Certificate validation also was improved, should be easier to use and exposes information like the full verified certificate chain.
Note - this update changes the output of ssl.log, adds a new x509.log with certificate information. Furthermore all x509 events and handling functions changed.
Merged, but leaving open as CHANGES still needs an update.
Please give me some text for CHANGES and NEWS that summarize the
changes, it's tricky for me to pull that out of the commits.
Seth says the script looks, good, reassigning to Robin.
The repository now contains a policy script that prevents logging of all non-host certificates.
scripts/policy/protocols/ssl/log-hostcerts-only.bro
The script is loaded by default in local.bro.
Seth, could you take a look if it is ok, and if yes merge the branch (or tell Robin to merge it...)