policy/protocols/ssl/validate-sct.zeek

SSL

Perform validation of Signed Certificate Timestamps, as used for Certificate Transparency. See RFC6962 for more details.

Namespace:SSL
Imports:base/protocols/ssl, policy/protocols/ssl/validate-certs.zeek

Summary

Types

SSL::SctInfo: record This record is used to store information about the SCTs that are encountered in a SSL connection.
SSL::SctSource: enum List of the different sources for Signed Certificate Timestamp

Detailed Interface

Types

SSL::SctInfo
Type:

record

version: count

The version of the encountered SCT (should always be 0 for v1).

logid: string

The ID of the log issuing this SCT.

timestamp: count

The timestamp at which this SCT was issued measured since the epoch (January 1, 1970, 00:00), ignoring leap seconds, in milliseconds. Not converted to a Zeek timestamp because we need the exact value for validation.

sig_alg: count

The signature algorithm used for this sct.

hash_alg: count

The hash algorithm used for this sct.

signature: string

The signature of this SCT.

source: SSL::SctSource

Source of this SCT.

valid: bool &optional

Validation result of this SCT.

This record is used to store information about the SCTs that are encountered in a SSL connection.

SSL::SctSource
Type:

enum

SSL::SCT_X509_EXT

Signed Certificate Timestamp was encountered in the extension of an X.509 certificate.

SSL::SCT_TLS_EXT

Signed Certificate Timestamp was encountered in an TLS session extension.

SSL::SCT_OCSP_EXT

Signed Certificate Timestamp was encountered in the extension of an stapled OCSP reply.

List of the different sources for Signed Certificate Timestamp