From b607650a4240662c456cb1e2e4f18ad4c11048f3 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 20 Jun 2023 10:29:00 +0200 Subject: [PATCH] tls: adds a test for certificate without issuer Ticket: #5439 --- tests/tls/tls-cert-noissuer/README.md | 9 +++++++++ tests/tls/tls-cert-noissuer/test.yaml | 9 +++++++++ tests/tls/tls-cert-noissuer/tls.pcap | Bin 0 -> 3320 bytes tests/tls/tls-cert-noissuer/tls.rules | 1 + 4 files changed, 19 insertions(+) create mode 100644 tests/tls/tls-cert-noissuer/README.md create mode 100644 tests/tls/tls-cert-noissuer/test.yaml create mode 100644 tests/tls/tls-cert-noissuer/tls.pcap create mode 100644 tests/tls/tls-cert-noissuer/tls.rules diff --git a/tests/tls/tls-cert-noissuer/README.md b/tests/tls/tls-cert-noissuer/README.md new file mode 100644 index 000000000..da5a8c027 --- /dev/null +++ b/tests/tls/tls-cert-noissuer/README.md @@ -0,0 +1,9 @@ +## PCAP + +PCAP comes from https://redmine.openinfosecfoundation.org/issues/5439 + +## Related Ticket + +https://redmine.openinfosecfoundation.org/issues/5439 + +Tests that certificates lacking an issuer are still parsed by Suricata diff --git a/tests/tls/tls-cert-noissuer/test.yaml b/tests/tls/tls-cert-noissuer/test.yaml new file mode 100644 index 000000000..c898d0038 --- /dev/null +++ b/tests/tls/tls-cert-noissuer/test.yaml @@ -0,0 +1,9 @@ +args: +- -k none + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/tls/tls-cert-noissuer/tls.pcap b/tests/tls/tls-cert-noissuer/tls.pcap new file mode 100644 index 0000000000000000000000000000000000000000..7e5f5938cc5411c6c2aef74cd4231b36890ce214 GIT binary patch literal 3320 zc-noI3pkY98pqdnnK3gi(a5b7F$nRE+srpQU8s0aspXaFc-2xx%6zK3DTp9YOBv|luNZB|`lq@Nq&q+IE| z^2Ym^A0D)=di~;TBLK?;h5`Z)~6fl4c9O^(BECi}R#WWUbmj`k{2Hk2x+Zr3Y-I#5} z21;;O84g*X5A<-1f>AM=6pcos(-<^q8cw6os5nAFsL&h?!B8Bfpj4Es33cx*F6nU& ziCxm2;nFJ65>^CRSvT{qH;QBxN6CUXc+JQ$lZA(IQc2d(8;LAfUt|MWUktdQ061XS zm50V!%4PxUE);L!wU@ARC*~dxz1w}7;pFMR+SS_$0kEDx4b}=F>md#3--;m(P=rLG z<#1LC&}#s_Lh#UHIEW$)MNm`$ocwT59~pD&x_;5}quK`Ul-wY;g=D0I^V6 z)`ZPAF|i;BQ%m-;^>Aqhm*!JTB8V+b(5aX&PGzFLK5ThHj$F`~QuaH-61GJJvYCVe zxg*77_yli@jg8?1MsV45LW z;5HS%-L->T)mMKkE#w0`+o(M6ZO~Db^p;2cd1rR&ZqHC(xz<|t6lHA>|3RRORk|%! z+MV>_O7g_XYyNKxF23W|#r;@bG4}F#S;ue_uPQ9PeEiU7<(?zDXX54-hB)6k@P%m@ z@HD2l#xqsbd9`TB{pnlJH;RSl%kttqF z9tt??_BZEx`aibZ`%;Ek6lpeUWmX&6b*-%~@x8}#_YALHUdI`t-ox~92Vq6tQ2$8f z*)PX(s_QQG77lh$bzAPH{rd8*yZM-CvD=MPDEu=b=Qa@=#Kl*igCHUt$52WU!6er# zT!u8&fQnEkQW!!kA~&^g6+&sBqD*P3yQ)V}*IzZNL+^&|wG6QHa)cszKmmu&@TR#i z?OtG^fZ(765ZDtCLaty>`e??V;BVJAoEqQ5g51hf&4w z8Yh+Rxsi3jMMVadDr!quuQsuMKkv#yw)UX>+MagAZB;4#zQdr6Z10vmn8+qD^R4OF znqr5%!uw0Rd42USAH1YD_0TUS>zuLKY6)U@xug`CN97b&~(`}J?U zX_7Y2jr&ra{D+DCD}zP4x!$dR#$^8x5Mh3HlyZvx`Iq19Zu=&%7Pb~?5#z%r$i9Kg zO|_v0*oJ0#SUeH8`Ofd#JS!rxL@m=xex%~-!=g1_7UV)et|Uq_zgmV8sfZr~Cn!;=E&=h}6=;+qJc%IWc|9|ao7ou} zOJn%!-$Ou>v^hBBDbiE{v$mc&=^10H3hU}a~LOHfrr z_{jrDhTTK_d^~Te-Y&6RUcPbcIT_dx2A;*Or{X$y%&2n%3|{lqEs}C&5dwo z9R4#gB}yWNbn85PdP3pcsp`iHoG^O$5yQZx>j;~1xAf}lG@+ePYv;}?1?T)hgIs^Z zkz}mh>F(>bPx1;!M~&83Y~Q=%#Fw$&(fGVit2QUQtmhByp^sBFqTRlf`l;uI_PTDq z5w=vbyIgqh>N!$xmj*JMb%({)Y0W5ijcAFEDQTU9aJqG;s5t0=^A1U@CQgRfy1f!v z(7O0blezP!h{(9@U=1hJ-+RGTPtji=RV_IS2Yr>g=6vpNb6Xwe*P2ov#p)dB`)K<4 zbfD^gXxzM4Jq0O7e{*@~?G5_={FD^UGshfGSPCF=qy*|x!B}q-$l<^j0(>P=T=^YhO1VS|c~#Z{ zFb|eXZR)D*Tw#r_DO5ExX>9|2Rf8SFw2quru=5MChU(N45na_cNyv6=5o9?fQ z;;d=E5DRXfA=q0iSm9gRo%3c@bVRI3LxLh7sA%AOMHa) any any (msg:"test"; flow:established,to_client; tls.cert_subject; content:"localhost"; sid:1;) -- 2.47.2