tests: add tls-store test

diff --git a/tests/tls/tls-store-01/suricata.yaml b/tests/tls/tls-store-01/suricata.yaml
new file mode 100644 (file)
index 0000000..b2307c4
--- /dev/null
+++ b/tests/tls/tls-store-01/suricata.yaml
@@ -0,0 +1,13 @@
+%YAML 1.1
+---
+
+outputs:
+  - tls-log:
+      enabled: yes  # Log TLS connections.
+      filename: tls.log # File to store TLS logs.
+      append: yes
+      extended: yes     # Log extended information like fingerprint
+  - tls-store:
+      enabled: yes
+      #certs-log-dir: certs # directory to store the certificates files
+

diff --git a/tests/tls/tls-store-01/test.yaml b/tests/tls/tls-store-01/test.yaml
new file mode 100644 (file)
index 0000000..54a9c7b
--- /dev/null
+++ b/tests/tls/tls-store-01/test.yaml
@@ -0,0 +1,9 @@
+pcap: ../tls-cert-issuer/tls.pcap
+
+checks:
+  - shell:
+      args: find . -type f -name '142566914*.*-*.pem' | wc -l | xargs
+      expect: 4
+  - shell:
+      args: find . -type f -name '142566914*.*-*.meta' | wc -l | xargs
+      expect: 4

diff --git a/tests/tls/tls-store-01/tls.rules b/tests/tls/tls-store-01/tls.rules
new file mode 100644 (file)
index 0000000..ebbd5f3
--- /dev/null
+++ b/tests/tls/tls-store-01/tls.rules
@@ -0,0 +1 @@
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_issuer; content:"O=Stamus"; tls.store; sid:1; rev:1;)