I am having a problem with the developer version of Bro. Running the
script that validates the certificates, I obtain:
unable to get local issuer certificate
even though the certificate is okay. I did not have this problem running
the normal (non-dev) version. Do you also have this problem?
ps: I have to use the dev-version for my thesis, because it has some
important features that I need (certificate extensions)
Take a look at scripts/base/protocols/ssl/mozilla-ca-list.bro for the certificates that Bro trusts by default. I’m guessing that “SSL::root_certs” differs between versions of Bro and the issuer of the certificate in questions is included in the old version, but not the new. You’re also free to “redef” that variable to add your own trusted certificates.
I have updated the file of the developer version with the "official" one
(2.2) and it works.. Thank you very much guys! problem solved!! ;D
Bro's trusted certs are a snapshot of what Mozilla uses and the “developer" version is soon going to be the “official” one, so you may want to look in to why the CA in question was removed.