git.ipfire.org Git - thirdparty/suricata.git/commit

author	Mats Klepsland <mats.klepsland@gmail.com>
	Tue, 20 Oct 2015 12:16:13 +0000 (14:16 +0200)
committer	Victor Julien <victor@inliniac.net>
	Sun, 25 Sep 2016 20:35:34 +0000 (22:35 +0200)
commit	ea5696812fd392af1ed680b9c9f16c890491e877
tree	762c8b701868411f8802fce950fe450c19c4a067	tree
parent	c49cb053992f5a4675782c81e585bdcea773427e	commit \| diff

detect: add tls_cert_notbefore and tls_cert_notafter keywords

Detection plugin for TLS certificate fields notBefore and notAfter.

Supports equal to, less than, greater than, and range operations
for both keywords. Dates can be represented as either ISO 8601 or
epoch (Unix time).

Examples:
alert tls [...] tls_cert_notafter:1445852105; [...]
alert tls [...] tls_cert_notbefore:<2015-10-22T23:59:59; [...]
alert tls [...] tls_cert_notbefore:>2015-10-22; [...]
alert tls [...] tls_cert_notafter:2000-10-22<>2020-05-15; [...]

src/Makefile.am		diff \| blob \| blame \| history
src/detect-tls-cert-validity.c	[new file with mode: 0644]	blob
src/detect-tls-cert-validity.h	[new file with mode: 0644]	blob
src/detect.c		diff \| blob \| blame \| history
src/detect.h		diff \| blob \| blame \| history