From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 16 Jan 2026 16:52:57 +0000 (+0100)
Subject: tls: adds test for tls_cert_notafter keyword
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;ds=sidebyside;p=thirdparty%2Fsuricata-verify.git

tls: adds test for tls_cert_notafter keyword

Ticket: 3065
---

diff --git a/tests/tls/tls-cert-validity/test.yaml b/tests/tls/tls-cert-validity/test.yaml
new file mode 100644
index 000000000..493d6c278
--- /dev/null
+++ b/tests/tls/tls-cert-validity/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 9
+
+pcap: ../tls-cert-issuer/tls.pcap
+
+checks:
+
+  - filter:
+      count: 4
+      match:
+        event_type: tls
+        tls.notbefore: "2015-02-12T18:07:27"
+        tls.notafter: "2025-02-09T18:07:27"
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 2
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 3
diff --git a/tests/tls/tls-cert-validity/tls.rules b/tests/tls/tls-cert-validity/tls.rules
new file mode 100644
index 000000000..71211b48c
--- /dev/null
+++ b/tests/tls/tls-cert-validity/tls.rules
@@ -0,0 +1,2 @@
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_notafter:>2015; sid:2; rev:1;)
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_notbefore:<2025; sid:3; rev:1;)