From: Victor Julien <victor@inliniac.net>
Date: Sat, 25 May 2024 13:44:43 +0000 (+0200)
Subject: tests: add tls-store test
X-Git-Tag: suricata-6.0.20~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c611acfd1b05b616cd290e58bf0d5ef93eaa532;p=thirdparty%2Fsuricata-verify.git

tests: add tls-store test
---

diff --git a/tests/tls/tls-store-01/suricata.yaml b/tests/tls/tls-store-01/suricata.yaml
new file mode 100644
index 000000000..b2307c45f
--- /dev/null
+++ b/tests/tls/tls-store-01/suricata.yaml
@@ -0,0 +1,13 @@
+%YAML 1.1
+---
+
+outputs:
+  - tls-log:
+      enabled: yes  # Log TLS connections.
+      filename: tls.log # File to store TLS logs.
+      append: yes
+      extended: yes     # Log extended information like fingerprint
+  - tls-store:
+      enabled: yes
+      #certs-log-dir: certs # directory to store the certificates files
+
diff --git a/tests/tls/tls-store-01/test.yaml b/tests/tls/tls-store-01/test.yaml
new file mode 100644
index 000000000..54a9c7b54
--- /dev/null
+++ b/tests/tls/tls-store-01/test.yaml
@@ -0,0 +1,9 @@
+pcap: ../tls-cert-issuer/tls.pcap
+
+checks:
+  - shell:
+      args: find . -type f -name '142566914*.*-*.pem' | wc -l | xargs
+      expect: 4
+  - shell:
+      args: find . -type f -name '142566914*.*-*.meta' | wc -l | xargs
+      expect: 4
diff --git a/tests/tls/tls-store-01/tls.rules b/tests/tls/tls-store-01/tls.rules
new file mode 100644
index 000000000..ebbd5f326
--- /dev/null
+++ b/tests/tls/tls-store-01/tls.rules
@@ -0,0 +1 @@
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_issuer; content:"O=Stamus"; tls.store; sid:1; rev:1;)