base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek
- GLOBAL
- Namespace
GLOBAL
Summary
Events
This event is raised when an OCSP extension is encountered in an OCSP response. |
|
Event that is raised when encountering an OCSP request, e.g. |
|
Event that is raised when encountering an OCSP request for a certificate, e.g. |
|
This event is raised when encountering an OCSP response that contains response information. |
|
This event is raised for each SingleResponse contained in an OCSP response. |
|
This event is raised when encountering an OCSP reply, e.g. |
Detailed Interface
Events
- ocsp_extension
- Type
event
(f:fa_file
, ext:X509::Extension
, global_resp:bool
)
This event is raised when an OCSP extension is encountered in an OCSP response. See RFC 6960 for more details on OCSP.
- Parameters
f – The file.
ext – The parsed extension (same format as X.509 extensions).
global_resp – T if extension encountered in the global response (in ResponseData), F when encountered in a SingleResponse.
See also:
ocsp_request
,ocsp_request_certificate
,ocsp_response_status
,ocsp_response_bytes
,ocsp_response_certificate
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_request
-
Event that is raised when encountering an OCSP request, e.g. in an HTTP connection. See RFC 6960 for more details.
This event is raised exactly once for each OCSP Request.
- Parameters
f – The file.
req – version: the version of the OCSP request. Typically 0 (Version 1).
See also:
ocsp_request_certificate
,ocsp_response_status
,ocsp_response_bytes
,ocsp_response_certificate
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_request_certificate
- Type
event
(f:fa_file
, hashAlgorithm:string
, issuerNameHash:string
, issuerKeyHash:string
, serialNumber:string
)
Event that is raised when encountering an OCSP request for a certificate, e.g. in an HTTP connection. See RFC 6960 for more details.
Note that a single OCSP request can contain requests for several certificates. Thus this event can fire several times for one OCSP request, each time requesting information for a different (or in theory even the same) certificate.
- Parameters
f – The file.
hashAlgorithm – The hash algorithm used for the issuerKeyHash.
issuerKeyHash – Hash of the issuers public key.
serialNumber – Serial number of the certificate for which the status is requested.
See also:
ocsp_request
,ocsp_response_status
,ocsp_response_bytes
,ocsp_response_certificate
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_response_bytes
- Type
event
(f:fa_file
, status:string
, version:count
, responderId:string
, producedAt:time
, signatureAlgorithm:string
, certs:x509_opaque_vector
)
This event is raised when encountering an OCSP response that contains response information. An OCSP reply can be encountered, for example, in an HTTP connection or a TLS extension. See RFC 6960 for more details on OCSP.
- Parameters
f – The file.
status – The status of the OCSP response (e.g. successful, malformedRequest, tryLater).
version – Version of the OCSP response (typically - for version 1).
responderId – The id of the OCSP responder; either a public key hash or a distinguished name.
producedAt – Time at which the reply was produced.
signatureAlgorithm – Algorithm used for the OCSP signature.
certs – Optional list of certificates that are sent with the OCSP response; these typically are needed to perform validation of the reply.
See also:
ocsp_request
,ocsp_request_certificate
,ocsp_response_status
,ocsp_response_certificate
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_response_certificate
- Type
event
(f:fa_file
, hashAlgorithm:string
, issuerNameHash:string
, issuerKeyHash:string
, serialNumber:string
, certStatus:string
, revokeTime:time
, revokeReason:string
, thisUpdate:time
, nextUpdate:time
)
This event is raised for each SingleResponse contained in an OCSP response. See RFC 6960 for more details on OCSP.
- Parameters
f – The file.
hashAlgorithm – The hash algorithm used for issuerNameHash and issuerKeyHash.
issuerNameHash – Hash of the issuer’s distinguished name.
issuerKeyHash – Hash of the issuer’s public key.
serialNumber – Serial number of the affected certificate.
certStatus – Status of the certificate.
revokeTime – Time the certificate was revoked, 0 if not revoked.
revokeReason – Reason certificate was revoked; empty string if not revoked or not specified.
thisUpdate – Time this response was generated.
nextUpdate – Time next response will be ready; 0 if not supplied.
See also:
ocsp_request
,ocsp_request_certificate
,ocsp_response_status
,ocsp_response_bytes
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_response_status
-
This event is raised when encountering an OCSP reply, e.g. in an HTTP connection or a TLS extension. See RFC 6960 for more details.
This event is raised exactly once for each OCSP reply.
- Parameters
f – The file.
status – The status of the OCSP response (e.g. successful, malformedRequest, tryLater).
See also:
ocsp_request
,ocsp_request_certificate
,ocsp_response_bytes
,ocsp_response_certificate
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp