Please merge topic/johanna/cert-validation

Description

Please merge topic/johanna/cert-validation. This is an update to the script used to validate certificates in SSL/TLS connections. Description from main commit:

Update certificate validation script - new version will cache valid
intermediate chains that it encounters on the wire and use those to try
to validate chains that might be missing intermediate certificates.

This vastly improves the number of certificates that Bro can validate.
The only drawback is that now validation behavior is not entirely
predictable anymore - the certificate of a server can fail to validate
when Bro just started up (due to the intermediate missing), and succeed
later, when the intermediate can be found in the cache.

Has been tested on big-ish clusters and should not introduce any
performance problems.

Environment

None

Activity

Show:
Johanna Amann
March 16, 2015, 4:32 PM

Sorry, I actually found one more side case I want to fix before merging this

Johanna Amann
March 16, 2015, 4:48 PM

Actually - merge this after all, the additional change I want to do is more complicated, might not make it into 2.4 and only adds additional functionality (not a bug fix).

Assignee

Robin Sommer

Reporter

Johanna Amann

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure