From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Tue, 20 Oct 2015 12:58:05 +0000 (+0200)
Subject: output-json-tls: add notBefore and notAfter fields to extended output
X-Git-Tag: suricata-3.2beta1~286
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b230bbce50e5c979221969bfdae3d42f8e558b8;p=thirdparty%2Fsuricata.git

output-json-tls: add notBefore and notAfter fields to extended output

Add notBefore and notAfter fields from TLS certificate to extended JSON
output.
---

diff --git a/src/output-json-tls.c b/src/output-json-tls.c
index c713503179..34a12158e8 100644
--- a/src/output-json-tls.c
+++ b/src/output-json-tls.c
@@ -123,6 +123,26 @@ void JsonTlsLogJSONExtended(json_t *tjs, SSLState * state)
             break;
     }
     json_object_set_new(tjs, "version", json_string(ssl_version));
+
+    /* tls.notbefore */
+    if (state->server_connp.cert0_not_before != 0) {
+        char timebuf[64];
+        struct timeval tv;
+        tv.tv_sec = state->server_connp.cert0_not_before;
+        tv.tv_usec = 0;
+        CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+        json_object_set_new(tjs, "notbefore", json_string(timebuf));
+    }
+
+    /* tls.notafter */
+    if (state->server_connp.cert0_not_after != 0) {
+        char timebuf[64];
+        struct timeval tv;
+        tv.tv_sec = state->server_connp.cert0_not_after;
+        tv.tv_usec = 0;
+        CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+       json_object_set_new(tjs, "notafter", json_string(timebuf));
+    }
 }
 
 static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,