Can anyone point me to any simple examples of using the various x509 functions, e.g. x509_verify and x509_ocsp_verify?
I’ve trawled through the site and the SSL exercise has a huge amount of great information and have implemented the various events to extract good information. However, I can’t find a simple starting point of how to implement these functions to extract additional information out of the pcap files I’ve collected.
Any assistance would be appreciated.
The script source code and test suite are often the best place to find how certain functions are used:
~/src/bro $ git grep x509_verify|egrep 'scripts|testing'
scripts/policy/protocols/ssl/validate-certs.bro: local result = x509_verify(chain, root_certs);
testing/btest/bifs/x509_verify.bro: local result = x509_verify(chain, SSL::root_certs);
testing/btest/core/leaks/x509_verify.bro: local result = x509_verify(chain, SSL::root_certs);
scripts/policy/protocols/ssl/validate-certs.bro "Perform full certificate chain validation for SSL certificates." and the two test cases show similar usage.