output-json-tls: add notBefore and notAfter fields to extended output

Add notBefore and notAfter fields from TLS certificate to extended JSON
output.

diff --git a/src/output-json-tls.c b/src/output-json-tls.c
index c7135031795e7db0b2d3e73212ae2ec185df29e4..34a12158e8f8078430261b2cab79d7ddba7ce787 100644 (file)
--- a/src/output-json-tls.c
+++ b/src/output-json-tls.c
@@ -123,6 +123,26 @@ void JsonTlsLogJSONExtended(json_t *tjs, SSLState * state)
             break;
     }
     json_object_set_new(tjs, "version", json_string(ssl_version));
+
+    /* tls.notbefore */
+    if (state->server_connp.cert0_not_before != 0) {
+        char timebuf[64];
+        struct timeval tv;
+        tv.tv_sec = state->server_connp.cert0_not_before;
+        tv.tv_usec = 0;
+        CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+        json_object_set_new(tjs, "notbefore", json_string(timebuf));
+    }
+
+    /* tls.notafter */
+    if (state->server_connp.cert0_not_after != 0) {
+        char timebuf[64];
+        struct timeval tv;
+        tv.tv_sec = state->server_connp.cert0_not_after;
+        tv.tv_usec = 0;
+        CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+       json_object_set_new(tjs, "notafter", json_string(timebuf));
+    }
 }
 
 static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,