tls: add test for tls.issuerdn keyword

Adds tests for `tls.issuerdn` legacy keyword and `tls.cert_issuer` new keyword.
Ticket #5544

diff --git a/tests/tls/tls-issuerdn/README b/tests/tls/tls-issuerdn/README
new file mode 100644 (file)
index 0000000..8e4f218
--- /dev/null
+++ b/tests/tls/tls-issuerdn/README
@@ -0,0 +1,13 @@
+Description
+===========
+Tests the `tls.issuerdn` legacy keyword
+Tests the `tls.cert_issuer` new keyword
+Both represent TLS/SSL certificate IssuerDN field
+
+PCAP
+====
+PCAP comes from an [existing TLS test](https://github.com/OISF/suricata-verify/blob/master/tests/tls/tls-cert-issuer/tls.pcap)
+
+Redmine ticket
+==============
+https://redmine.openinfosecfoundation.org/issues/5544

diff --git a/tests/tls/tls-issuerdn/test.yaml b/tests/tls/tls-issuerdn/test.yaml
new file mode 100644 (file)
index 0000000..e25eceb
--- /dev/null
+++ b/tests/tls/tls-issuerdn/test.yaml
@@ -0,0 +1,20 @@
+pcap: ../tls-cert-issuer/tls.pcap
+
+checks:
+  - filter:
+      count: 4
+      match:
+        event_type: tls
+        tls.issuerdn: C=FR, ST=IDF, L=Paris, O=Stamus, CN=SELKS
+        
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 1
+
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 2
\ No newline at end of file

diff --git a/tests/tls/tls-issuerdn/tls.rules b/tests/tls/tls-issuerdn/tls.rules
new file mode 100644 (file)
index 0000000..dbc8df8
--- /dev/null
+++ b/tests/tls/tls-issuerdn/tls.rules
@@ -0,0 +1,5 @@
+# tests tls legacy keyword tls.issuerdn
+alert tls any any -> any any (msg:"TLS issuerDN keyword"; tls.issuerdn:"C=FR, ST=IDF, L=Paris, O=Stamus, CN=SELKS"; sid:1; rev:1;)
+
+# tests new tls keyword tls.cert_issuer
+alert tls any any -> any any (msg:"TLS cert_issuer keyword"; tls.cert_issuer; content:"C=FR, ST=IDF, L=Paris, O=Stamus, CN=SELKS"; sid:2; rev:1;)
\ No newline at end of file