tests: add mixed case tls.fingerprint tests

diff --git a/tests/tls/tls-fingerprint-alert/test.rules b/tests/tls/tls-fingerprint-alert/test.rules
index 2c337901ac89478b5660e4a99b04fbe01240ff99..0ef72e468b35242492d66965d25590b87adf50c5 100644 (file)
--- a/tests/tls/tls-fingerprint-alert/test.rules
+++ b/tests/tls/tls-fingerprint-alert/test.rules
@@ -8,3 +8,13 @@ alert tls any any -> any any (msg:"TLS FINGERPRINT TEST"; \
 alert tls any any -> any any (msg:"TLS FINGERPRINT STICKY BUFFER TEST"; \
        tls.cert_fingerprint; content:"90:86:a4:3b:f5:cf:1b:2e:4e:f7:97:96:f9:de:ba:b9:66:35:86:3f"; \
        sid:2; rev:1;)
+
+alert tls any any -> any any (msg:"TLS FINGERPRINT TEST -- mixed case"; \
+       tls.fingerprint:"90:86:A4:3B:f5:cf:1b:2e:4e:f7:97:96:f9:de:ba:b9:66:35:86:3F"; \
+       sid:3; rev:1;)
+alert tls any any -> any any (msg:"TLS FINGERPRINT TEST -- mixed case"; \
+       tls.fingerprint:"90:86:A4:3B:F5:CF:1B:2E:4E:F7:97:96:f9:DE:BA:B9:66:35:86:3F"; \
+       sid:4; rev:1;)
+alert tls any any -> any any (msg:"TLS FINGERPRINT TEST -- mixed case - no match"; \
+       tls.fingerprint:"90:86:A4:3B:F5:CF:1B:2E:4E:F7:97:96:f9:DE:BA:B9:66:35:86:3E"; \
+       sid:5; rev:1;)

diff --git a/tests/tls/tls-fingerprint-alert/test.yaml b/tests/tls/tls-fingerprint-alert/test.yaml
index 56db381fa42139ee8927853ffd4a08551477c349..b11acdf1e15f65af40f1bca5d97d85a1b19a18a5 100644 (file)
--- a/tests/tls/tls-fingerprint-alert/test.yaml
+++ b/tests/tls/tls-fingerprint-alert/test.yaml
@@ -13,3 +13,18 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 3
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 4
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 5