[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: Re: [Bro] X509 verify example
From: Reinhard Gentz <rgentz () asu ! edu>
Date: 2018-06-21 19:32:53
Message-ID: CALtrmTcTwD_1vAAn_54-EHRxGLKSRdNUmQN8t18EUbn4RYeyNA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello Johanna,
I did have a look at validate-certs.bro and also tried @load on it with no
success.
The main part is that I am not sniffing SSL, but KRB. Therefore the SSL
chain is never populated (even when loaded).
What I am getting is the certificate the client is using to authenticate
(via the event x509_certificate). And I do have the rootcertificate file
(.pem) which I put into the script from your link (thank you!)
So i essentially only have one certificate that was directly signed by the
root.
the code i have so far is the following code that runs but gives me back:
[result=20, result_string=unable to get local issuer certificate,
chain_certs=<uninitialized>]
event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert:
X509::Certificate){
print "x509 certificate found";
local chain: vector of opaque of x509 = vector();
chain[0]=cert_ref;
local root:table[string] of string;
root["emailAddress=reinhard@me.com,CN=Reinhard,O=ME,L=ME,ST=Rainer,C=ME"]
=
"\x30\x82\x03\xAB\x30\x82\x02\x93\xA0\x03\x02\x01\x02\x02\x09\x00\xD9\x2A\xBF\x14\xBE\ \
xC1\x88\x1C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x6C\x31\x0 \
B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x0C\ \
x06\x52\x61\x69\x6E\x65\x72\x31\x0C\x30\x0A\x06\x03\x55\x04\x07\x0C\x03\x53\x46\x4F\x3 \
1\x0C\x30\x0A\x06\x03\x55\x04\x0A\x0C\x03\x4C\x42\x4C\x31\x11\x30\x0F\x06\x03\x55\x04\ \
x03\x0C\x08\x52\x65\x69\x6E\x68\x61\x72\x64\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF \
7\x0D\x01\x09\x01\x16\x0E\x72\x67\x65\x6E\x74\x7A\x40\x6C\x62\x6C\x2E\x67\x6F\x76\x30\ \
x1E\x17\x0D\x31\x38\x30\x36\x32\x31\x31\x39\x30\x35\x35\x34\x5A\x17\x0D\x31\x39\x30\x3 \
6\x32\x31\x31\x39\x30\x35\x35\x34\x5A\x30\x6C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\ \
x02\x44\x45\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x0C\x06\x52\x61\x69\x6E\x65\x72\x31\x0 \
C\x30\x0A\x06\x03\x55\x04\x07\x0C\x03\x53\x46\x4F\x31\x0C\x30\x0A\x06\x03\x55\x04\x0A\ \
x0C\x03\x4C\x42\x4C\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x0C\x08\x52\x65\x69\x6E\x68\x6 \
1\x72\x64\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x0E\x72\x67\ \
x65\x6E\x74\x7A\x40\x6C\x62\x6C\x2E\x67\x6F\x76\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x8 \
6\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\ \
x01\x00\xAE\x0F\x28\x58\x78\xEC\xBE\xAB\x77\x4A\x09\x47\x75\x3A\x86\xFB\xF9\x1A\x32\x0 \
0\xD5\xCD\x0E\x27\x61\x9C\xCC\x66\xAC\x59\x47\xD6\xDB\x0B\x9E\x5A\x39\x74\x54\xA6\x0D\ \
xDC\x0D\x8C\xEB\x05\xEE\xF7\x56\xDB\x90\xEB\x07\x03\x8F\x1B\xD0\x01\x2A\x56\xF6\x56\xE \
9\x3A\xC5\xD9\xAC\xE8\x47\x93\x3B\xF8\x05\x67\xEB\x92\xDA\x02\x87\xA2\xBE\x0D\xF1\xCA\ \
x13\x0C\x67\xAA\x76\xCF\x88\x89\x6F\x23\xB5\x7F\x74\x0D\xD5\xFE\x06\x86\xA1\xF6\xAC\x7 \
6\x4A\x55\x74\x29\xDB\xE7\x61\x58\x61\x79\x64\x17\x33\xFF\x14\x10\xAE\xDD\x08\x67\xF5\ \
xD3\x25\xE3\xC7\xFD\xD7\x0F\x67\x95\x34\x65\xC1\x1F\x3E\x05\x26\xED\xF4\xFB\x77\x20\xA \
5\x16\x9B\xE7\xAC\x9B\x6A\xA0\x24\x8A\x8F\x93\x55\x5D\x2D\xB4\x05\x67\xE4\x53\x4A\x02\ \
x9D\xEB\xE1\x39\x9A\x1E\xE7\xB7\xE6\x6A\x2A\xEA\xEC\x8C\x01\xD7\x7F\x38\x55\x2E\x99\x7 \
E\xF8\x2C\x6D\x9E\x10\x95\x69\xD9\x22\x67\xF2\x07\xD1\x6B\x3C\x51\xF2\x96\xD6\xAE\x67\ \
x19\x57\xBC\x70\x6A\x5A\x6B\xAD\x45\x0B\x63\x07\x9E\x52\x2F\xC5\x43\xED\x8B\x8F\x0A\xA \
2\xBE\x02\xB0\x37\x07\x59\x7A\xCA\xB9\xEE\xED\xD2\xB2\x60\x59\xE2\x43\xB3\xAB\xA1\x37\ \
x02\x03\x01\x00\x01\xA3\x50\x30\x4E\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xFB\x9 \
1\x23\xED\xAF\xB9\xEB\x4B\x42\xB4\xD4\x48\x96\xED\x15\x04\xE2\xB3\xA1\x09\x30\x1F\x06\ \
x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xFB\x91\x23\xED\xAF\xB9\xEB\x4B\x42\xB4\xD4\x4 \
8\x96\xED\x15\x04\xE2\xB3\xA1\x09\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\ \
xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x8 \
9\x99\x19\x10\x8A\x96\x7A\xB3\x25\xEE\xF1\x49\xBA\x0D\x4E\x98\x81\x79\xCE\xA6\x29\xE9\ \
x0A\x12\xA5\x65\xD4\xC7\xF3\x7E\x24\x98\x91\x19\x15\x9C\xF1\x35\x11\x34\xC8\x0A\x4B\x8 \
B\x40\xB0\xFC\x1E\xF0\xEA\xA0\x8D\x0F\x60\xCA\x3B\x7D\xD5\x2D\x69\xC3\xDE\xE0\xAA\x84\ \
x8D\x4C\xF8\x17\xEC\x5F\xE2\x54\x0F\x55\x03\x71\x81\xA5\xE1\x9E\x35\xC2\xA9\x80\x12\x1 \
C\x7F\x53\xE1\xAA\x52\x0E\xC5\xF6\x7C\x7C\xAE\xD9\xB4\x14\x9F\x10\xDD\x17\xE9\x7F\x2C\ \
xF1\x65\xED\xBD\xAA\x26\x90\x96\xDB\xC1\x4A\x3F\x66\xB0\xB4\xDE\x49\x09\x1A\x94\x4E\x5 \
2\x2F\x59\x1C\x78\x84\xD0\x35\x17\xCA\x47\x45\x9F\x2C\x3D\x2A\x74\x4A\x8B\x6A\xAD\x66\ \
x38\x9E\x89\x41\x65\xE9\x4C\x77\xB0\xD9\x2B\x8C\xD8\xD5\x55\x34\x1A\x49\x15\x19\xE8\x2 \
1\xB1\x76\x68\x3B\x04\x83\xCB\x00\x10\xCC\x0E\x4F\xEE\xFB\x72\x40\x2D\x84\xCF\x55\x8C\ \
x46\xDE\x85\x4B\x49\x63\xD0\x27\x80\x94\xCD\x5B\xFD\x00\x47\x08\xB1\x4D\xCF\x8D\xE6\xE \
8\xC6\xD5\x7D\xDC\xB9\x17\x67\x1B\xC6\x85\xCA\xFA\xE5\x06\xF6\x13\x7A\xE6\x92\x55\xDE\xF7\xE3\x55\xBD\xB9\xBB\xD9\x0B\x09\x1C\x8C\x87\xEA\xF7\x44\x6D\xEC\xF3\x08";
print " verify chain";
print x509_verify(chain, root);
}
printout is:
x509 certificate found
verify chain
[result=20, result_string=unable to get local issuer certificate,
chain_certs=<uninitialized>]
What is the meaning of the unable to get local issuer certificate? Do i
need to copy the .pem somewhere in the filesystem for bro to see it?
Thanks you,
Reinhard
On Thu, Jun 21, 2018 at 11:22 AM, Johanna Amann <johanna@icir.org> wrote:
> Hi Reinhard,
>
> is there a reason you want to write this yourself?
>
> policy/protocols/ssl/validate-certs.bro implements certificate validation
> and you should just have to @load it.
>
> It also shows how the function is called - the vector is really just
> populated with all the certificates in the chain.
>
> As for question 2: you have to redef the root_certs record and add it
> there. http://mailman.icsi.berkeley.edu/pipermail/bro/2012-February
> /004566.html has a small script that generates the correct format that
> still should work.
>
> I hope this helps - let me know if now :)
>
> Johanna
>
>
> On 21 Jun 2018, at 10:15, Reinhard Gentz wrote:
>
> Hi I am trying to verify a X509 certificate captured with bro, but I am
> > having trouble using the verify function.
> >
> > What i have is the event
> >
> > event x509_certificate(f: fa_file, cert_ref: opaque, cert:
> > X509::Certificate)
> >
> > how do I feed this information in this function to verify it?
> >
> > function x509_verify(certs: x509_opaque_vector, root_certs:
> > table_string_of_string, verify_time: time &default=network_time()):
> > X509::Result
> >
> > https://www.bro.org/sphinx-git/scripts/base/bif/plugins/Bro_
> > X509.functions.bif.bro.html#id-x509_verify
> >
> >
> > Question 1: How do i convert cert_ref: opaque to certs:
> > x509_opaque_vector?
> > Question 2: root_certs: table_string_of string: How can I input my own CA
> > root certificate here? In which folder does it go and how do I make bro
> > aware of it?
> >
> > Thank you
> > Reinhard
> > _______________________________________________
> > Bro mailing list
> > bro@bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >
>
[Attachment #5 (text/html)]
<div dir="ltr">Hello Johanna,<div><br></div><div>I did have a look at <span \
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">validate-</span><wbr \
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span \
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">certs.bro<span> \
and also tried @load on it with no success.</span></span></div><div><span \
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initia \
l;text-decoration-color:initial;float:none;display:inline"><span><br></span></span></div><div><span \
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><span>The \
main part is that I am not sniffing SSL, but KRB. Therefore the SSL chain is never \
populated (even when loaded).</span></span></div><div>What I am getting is the \
certificate the client is using to authenticate (via the event x509_certificate). \
And I do have the rootcertificate file (.pem) which I put into the script from your \
link (thank you!)</div><div><br></div><div>So i essentially only have one certificate \
that was directly signed by the root.</div><div><br></div><div><br></div><div>the \
code i have so far is the following code that runs but gives me back: [result=20, \
result_string=unable to get local issuer certificate, \
chain_certs=<uninitialized>]</div><div><br></div><div><br></div><div><div>event \
x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: \
X509::Certificate){</div><div> print "x509 certificate found";</div><div> \
local chain: vector of opaque of x509 = vector();</div><div> \
chain[0]=cert_ref;</div><div> local root:table[string] of string;</div><div> \
root["emailAddress=<a \
href="mailto:reinhard@me.com">reinhard@me.com</a>,CN=Reinhard,O=ME,L=ME,ST=Rainer,C=ME"] \
= "\x30\x82\x03\xAB\x30\x82\x02\x93\xA0\x03\x02\x01\x02\x02\x09\x00\xD9\x2A\xBF\x \
14\xBE\xC1\x88\x1C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x6C \
\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x0F\x30\x0D\x06\x03\x55\x04\x \
08\x0C\x06\x52\x61\x69\x6E\x65\x72\x31\x0C\x30\x0A\x06\x03\x55\x04\x07\x0C\x03\x53\x46 \
\x4F\x31\x0C\x30\x0A\x06\x03\x55\x04\x0A\x0C\x03\x4C\x42\x4C\x31\x11\x30\x0F\x06\x03\x \
55\x04\x03\x0C\x08\x52\x65\x69\x6E\x68\x61\x72\x64\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48 \
\x86\xF7\x0D\x01\x09\x01\x16\x0E\x72\x67\x65\x6E\x74\x7A\x40\x6C\x62\x6C\x2E\x67\x6F\x \
76\x30\x1E\x17\x0D\x31\x38\x30\x36\x32\x31\x31\x39\x30\x35\x35\x34\x5A\x17\x0D\x31\x39 \
\x30\x36\x32\x31\x31\x39\x30\x35\x35\x34\x5A\x30\x6C\x31\x0B\x30\x09\x06\x03\x55\x04\x \
06\x13\x02\x44\x45\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x0C\x06\x52\x61\x69\x6E\x65\x72 \
\x31\x0C\x30\x0A\x06\x03\x55\x04\x07\x0C\x03\x53\x46\x4F\x31\x0C\x30\x0A\x06\x03\x55\x \
04\x0A\x0C\x03\x4C\x42\x4C\x31\x11\x30\x0F\x06\x03\x55\x04\x03\x0C\x08\x52\x65\x69\x6E \
\x68\x61\x72\x64\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x0E\x \
72\x67\x65\x6E\x74\x7A\x40\x6C\x62\x6C\x2E\x67\x6F\x76\x30\x82\x01\x22\x30\x0D\x06\x09 \
\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x \
82\x01\x01\x00\xAE\x0F\x28\x58\x78\xEC\xBE\xAB\x77\x4A\x09\x47\x75\x3A\x86\xFB\xF9\x1A \
\x32\x00\xD5\xCD\x0E\x27\x61\x9C\xCC\x66\xAC\x59\x47\xD6\xDB\x0B\x9E\x5A\x39\x74\x54\x \
A6\x0D\xDC\x0D\x8C\xEB\x05\xEE\xF7\x56\xDB\x90\xEB\x07\x03\x8F\x1B\xD0\x01\x2A\x56\xF6 \
\x56\xE9\x3A\xC5\xD9\xAC\xE8\x47\x93\x3B\xF8\x05\x67\xEB\x92\xDA\x02\x87\xA2\xBE\x0D\x \
F1\xCA\x13\x0C\x67\xAA\x76\xCF\x88\x89\x6F\x23\xB5\x7F\x74\x0D\xD5\xFE\x06\x86\xA1\xF6 \
\xAC\x76\x4A\x55\x74\x29\xDB\xE7\x61\x58\x61\x79\x64\x17\x33\xFF\x14\x10\xAE\xDD\x08\x \
67\xF5\xD3\x25\xE3\xC7\xFD\xD7\x0F\x67\x95\x34\x65\xC1\x1F\x3E\x05\x26\xED\xF4\xFB\x77 \
\x20\xA5\x16\x9B\xE7\xAC\x9B\x6A\xA0\x24\x8A\x8F\x93\x55\x5D\x2D\xB4\x05\x67\xE4\x53\x \
4A\x02\x9D\xEB\xE1\x39\x9A\x1E\xE7\xB7\xE6\x6A\x2A\xEA\xEC\x8C\x01\xD7\x7F\x38\x55\x2E \
\x99\x7E\xF8\x2C\x6D\x9E\x10\x95\x69\xD9\x22\x67\xF2\x07\xD1\x6B\x3C\x51\xF2\x96\xD6\x \
AE\x67\x19\x57\xBC\x70\x6A\x5A\x6B\xAD\x45\x0B\x63\x07\x9E\x52\x2F\xC5\x43\xED\x8B\x8F \
\x0A\xA2\xBE\x02\xB0\x37\x07\x59\x7A\xCA\xB9\xEE\xED\xD2\xB2\x60\x59\xE2\x43\xB3\xAB\x \
A1\x37\x02\x03\x01\x00\x01\xA3\x50\x30\x4E\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14 \
\xFB\x91\x23\xED\xAF\xB9\xEB\x4B\x42\xB4\xD4\x48\x96\xED\x15\x04\xE2\xB3\xA1\x09\x30\x \
1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xFB\x91\x23\xED\xAF\xB9\xEB\x4B\x42\xB4 \
\xD4\x48\x96\xED\x15\x04\xE2\xB3\xA1\x09\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x \
01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01 \
\x00\x89\x99\x19\x10\x8A\x96\x7A\xB3\x25\xEE\xF1\x49\xBA\x0D\x4E\x98\x81\x79\xCE\xA6\x \
29\xE9\x0A\x12\xA5\x65\xD4\xC7\xF3\x7E\x24\x98\x91\x19\x15\x9C\xF1\x35\x11\x34\xC8\x0A \
\x4B\x8B\x40\xB0\xFC\x1E\xF0\xEA\xA0\x8D\x0F\x60\xCA\x3B\x7D\xD5\x2D\x69\xC3\xDE\xE0\x \
AA\x84\x8D\x4C\xF8\x17\xEC\x5F\xE2\x54\x0F\x55\x03\x71\x81\xA5\xE1\x9E\x35\xC2\xA9\x80 \
\x12\x1C\x7F\x53\xE1\xAA\x52\x0E\xC5\xF6\x7C\x7C\xAE\xD9\xB4\x14\x9F\x10\xDD\x17\xE9\x \
7F\x2C\xF1\x65\xED\xBD\xAA\x26\x90\x96\xDB\xC1\x4A\x3F\x66\xB0\xB4\xDE\x49\x09\x1A\x94 \
\x4E\x52\x2F\x59\x1C\x78\x84\xD0\x35\x17\xCA\x47\x45\x9F\x2C\x3D\x2A\x74\x4A\x8B\x6A\x \
AD\x66\x38\x9E\x89\x41\x65\xE9\x4C\x77\xB0\xD9\x2B\x8C\xD8\xD5\x55\x34\x1A\x49\x15\x19 \
\xE8\x21\xB1\x76\x68\x3B\x04\x83\xCB\x00\x10\xCC\x0E\x4F\xEE\xFB\x72\x40\x2D\x84\xCF\x \
55\x8C\x46\xDE\x85\x4B\x49\x63\xD0\x27\x80\x94\xCD\x5B\xFD\x00\x47\x08\xB1\x4D\xCF\x8D \
\xE6\xE8\xC6\xD5\x7D\xDC\xB9\x17\x67\x1B\xC6\x85\xCA\xFA\xE5\x06\xF6\x13\x7A\xE6\x92\x \
55\xDE\xF7\xE3\x55\xBD\xB9\xBB\xD9\x0B\x09\x1C\x8C\x87\xEA\xF7\x44\x6D\xEC\xF3\x08";</div><div><br></div><div> \
print " verify chain";<br></div><div> print x509_verify(chain, \
root);</div><div>}</div><div><br></div><div><br></div><div>printout \
is:</div><div><div>x509 certificate found</div><div><span \
style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">verify \
chain</span><br></div><div>[result=20, result_string=unable to get local issuer \
certificate, chain_certs=<uninitialized>]</div><div> \
</div><div><br></div><div>What is the meaning of the unable to get local issuer \
certificate? Do i need to copy the .pem somewhere in the filesystem for bro to see \
it?</div><div><br></div><div>Thanks \
you,</div><div>Reinhard</div><div><br></div></div><br></div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 21, 2018 at 11:22 AM, \
Johanna Amann <span dir="ltr"><<a href="mailto:johanna@icir.org" \
target="_blank">johanna@icir.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi Reinhard,<br> <br>
is there a reason you want to write this yourself?<br>
<br>
policy/protocols/ssl/validate-<wbr>certs.bro implements certificate validation and \
you should just have to @load it.<br> <br>
It also shows how the function is called - the vector is really just populated with \
all the certificates in the chain.<br> <br>
As for question 2: you have to redef the root_certs record and add it there. <a \
href="http://mailman.icsi.berkeley.edu/pipermail/bro/2012-February/004566.html" \
rel="noreferrer" target="_blank">http://mailman.icsi.berkeley.e<wbr>du/pipermail/bro/2012-February<wbr>/004566.html</a> \
has a small script that generates the correct format that still should work.<br> <br>
I hope this helps - let me know if now :)<br>
<br>
Johanna<div><div class="h5"><br>
<br>
On 21 Jun 2018, at 10:15, Reinhard Gentz wrote:<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"><div><div class="h5"> Hi I am trying to verify a X509 \
certificate captured with bro, but I am<br> having trouble using the verify \
function.<br> <br>
What i have is the event<br>
<br>
event x509_certificate(f: fa_file, cert_ref: opaque, cert: X509::Certificate)<br>
<br>
how do I feed this information in this function to verify it?<br>
<br>
function x509_verify(certs: x509_opaque_vector, root_certs:<br>
table_string_of_string, verify_time: time &default=network_time()):<br>
X509::Result<br>
<br>
<a href="https://www.bro.org/sphinx-git/scripts/base/bif/plugins/Bro_X509.functions.bif.bro.html#id-x509_verify" \
rel="noreferrer" target="_blank">https://www.bro.org/sphinx-git<wbr>/scripts/base/bif/plugins/Bro_<wbr>X509.functions.bif.bro.html#<wbr>id-x509_verify</a><br>
<br>
<br>
Question 1: How do i convert cert_ref: opaque to certs: x509_opaque_vector?<br>
Question 2: root_certs: table_string_of string: How can I input my own CA<br>
root certificate here? In which folder does it go and how do I make bro<br>
aware of it?<br>
<br>
Thank you<br>
Reinhard<br></div></div>
______________________________<wbr>_________________<br>
Bro mailing list<br>
<a href="mailto:bro@bro-ids.org" target="_blank">bro@bro-ids.org</a><br>
<a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro" rel="noreferrer" \
target="_blank">http://mailman.ICSI.Berkeley.E<wbr>DU/mailman/listinfo/bro</a><br> \
</blockquote> </blockquote></div><br></div>
_______________________________________________
Bro mailing list
bro@bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic