From 104d5b43c0a2e2c210ab8489c71ad05053394deb Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@gmail.com>
Date: Wed, 16 Oct 2024 17:36:32 -0700
Subject: [PATCH] tls: add check for 'subjectaltname'

As this was missing from the logs, ensure that there won't be any
regressions.

Related to
Bug #7332
---
 tests/tls/tls-subjectaltname/suricata.yaml | 17 +++++++++++++++++
 tests/tls/tls-subjectaltname/test.yaml     |  5 +++++
 2 files changed, 22 insertions(+)
 create mode 100644 tests/tls/tls-subjectaltname/suricata.yaml

diff --git a/tests/tls/tls-subjectaltname/suricata.yaml b/tests/tls/tls-subjectaltname/suricata.yaml
new file mode 100644
index 000000000..2596271c4
--- /dev/null
+++ b/tests/tls/tls-subjectaltname/suricata.yaml
@@ -0,0 +1,17 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - alert:
+            payload: no
+            payload-buffer-size: 4kb
+            payload-printable: no
+            packet: no
+            metadata: no
+        - tls:
+            custom: [subject, issuer, serial, fingerprint, sni, version, not_before, not_after, subjectaltname]
diff --git a/tests/tls/tls-subjectaltname/test.yaml b/tests/tls/tls-subjectaltname/test.yaml
index 81fdebf23..278c0e29c 100644
--- a/tests/tls/tls-subjectaltname/test.yaml
+++ b/tests/tls/tls-subjectaltname/test.yaml
@@ -10,3 +10,8 @@ checks:
     match:
       alert.signature_id: 1
       event_type: alert
+- filter:
+    count: 28
+    match:
+      event_type: tls
+      has-key: tls.subjectaltname
-- 
2.47.2