doc: tls keywords

author Jason Ish <ish@unx.ca>

Fri, 4 Dec 2015 15:52:02 +0000 (09:52 -0600)

committer Victor Julien <victor@inliniac.net>

Wed, 28 Sep 2016 11:11:10 +0000 (13:11 +0200)
author Jason Ish <ish@unx.ca>
Fri, 4 Dec 2015 15:52:02 +0000 (09:52 -0600)
committer Victor Julien <victor@inliniac.net>
Wed, 28 Sep 2016 11:11:10 +0000 (13:11 +0200)
diff --git a/doc/sphinx/convert.py b/doc/sphinx/convert.py

index b750ec6f217034098db6e9e51b64faf5a223c0b1..680d5f4e36ef0d04786af37045b1fa31923cde03 100755 (executable)
--- a/doc/sphinx/convert.py
+++ b/doc/sphinx/convert.py
@@ -50,7 +50,11 @@ def main():
  
              if line.startswith("<pre>"):
                  inpre = True
-                line = "\n::\n\n"
+                line = line.replace("<pre>", "\n::\n\n  ")
+                if line.find("</pre>") > -1:
+                    print("Removing </pre> from end of line.")
+                    line = line.replace("</pre>", "")
+                    inpre = False
  
              if line.startswith("</pre>"):
                  inpre = False
diff --git a/doc/sphinx/rules.rst b/doc/sphinx/rules.rst

index 42b7a7fe388fbda6953ca67fbc3275b645ba202a..88c3773741b1143a896d52f30588f58b54d7ded4 100644 (file)
--- a/doc/sphinx/rules.rst
+++ b/doc/sphinx/rules.rst
@@ -16,3 +16,4 @@ Rules
     rule-lua-scripting
     adding-your-own-rules
     live-rule-swap
+   tls-keywords
diff --git a/doc/sphinx/tls-keywords.rst b/doc/sphinx/tls-keywords.rst

new file mode 100644 (file)

index 0000000..57a5a80
--- /dev/null
+++ b/doc/sphinx/tls-keywords.rst
@@ -0,0 +1,70 @@
+TLS-keywords
+============
+
+Suricata comes with several rule keywords to match on various properties of TLS/SSL handshake. Matches are string inclusion matches.
+
+tls.version
+-----------
+
+Match on negotiated TLS/SSL version.
+
+Example values: "1.0", "1.1", "1.2"
+
+Support added in Suricata version 1.3.
+
+tls.subject
+-----------
+
+Match TLS/SSL certificate Subject field.
+
+example:
+
+
+::
+
+  tls.subject:"CN=*.googleusercontent.com"
+
+Support added in Suricata version 1.3.
+
+Case sensitve, can't use 'nocase'.
+
+tls.issuerdn
+------------
+
+match TLS/SSL certificate IssuerDN field
+
+example:
+
+
+::
+
+  tls.issuerdn:!"CN=Google-Internet-Authority"
+
+Support added in Suricata version 1.3.
+
+Case sensitve, can't use 'nocase'.
+
+tls.fingerprint
+---------------
+
+match TLS/SSL certificate SHA1 fingerprint
+
+example:
+
+
+::
+
+  tls.fingerprint:!"f3:40:21:48:70:2c:31:bc:b5:aa:22:ad:63:d6:bc:2e:b3:46:e2:5a"
+
+Support added in Suricata version 1.4.
+
+Case sensitive, can't use 'nocase'.
+
+The tls.fingerprint buffer is lower case so you must use lower case letters for this to match.
+
+tls.store
+---------
+
+store TLS/SSL certificate on disk
+
+Support added in Suricata version 1.4.
author	Jason Ish <ish@unx.ca>
	Fri, 4 Dec 2015 15:52:02 +0000 (09:52 -0600)
committer	Victor Julien <victor@inliniac.net>
	Wed, 28 Sep 2016 11:11:10 +0000 (13:11 +0200)
doc/sphinx/convert.py		patch \| blob \| blame \| history
doc/sphinx/rules.rst		patch \| blob \| blame \| history
doc/sphinx/tls-keywords.rst	[new file with mode: 0644]	patch \| blob