From: Juliana Fajardini <jufajardini@gmail.com>
Date: Thu, 17 Oct 2024 00:36:32 +0000 (-0700)
Subject: tls: add check for 'subjectaltname'
X-Git-Tag: suricata-7.0.8~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2099%2Fhead;p=thirdparty%2Fsuricata-verify.git

tls: add check for 'subjectaltname'

As this was missing from the logs, ensure that there won't be any
regressions.

Related to
Bug #7332
---

diff --git a/tests/tls/tls-subjectaltname/suricata.yaml b/tests/tls/tls-subjectaltname/suricata.yaml
new file mode 100644
index 000000000..2596271c4
--- /dev/null
+++ b/tests/tls/tls-subjectaltname/suricata.yaml
@@ -0,0 +1,17 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - alert:
+            payload: no
+            payload-buffer-size: 4kb
+            payload-printable: no
+            packet: no
+            metadata: no
+        - tls:
+            custom: [subject, issuer, serial, fingerprint, sni, version, not_before, not_after, subjectaltname]
diff --git a/tests/tls/tls-subjectaltname/test.yaml b/tests/tls/tls-subjectaltname/test.yaml
index 81fdebf23..278c0e29c 100644
--- a/tests/tls/tls-subjectaltname/test.yaml
+++ b/tests/tls/tls-subjectaltname/test.yaml
@@ -10,3 +10,8 @@ checks:
     match:
       alert.signature_id: 1
       event_type: alert
+- filter:
+    count: 28
+    match:
+      event_type: tls
+      has-key: tls.subjectaltname