policy/protocols/ssl/validate-sct.zeek

SSL

Perform validation of Signed Certificate Timestamps, as used for Certificate Transparency. See RFC6962 for more details.

Namespace:SSL
Imports:base/protocols/ssl, policy/protocols/ssl/validate-certs.zeek

Summary

Types

SSL::SctInfo: record This record is used to store information about the SCTs that are encountered in a SSL connection.
SSL::SctSource: enum List of the different sources for Signed Certificate Timestamp

Redefinitions

SSL::Info: record
New Fields:

SSL::Info

valid_scts: count &optional

Number of valid SCTs that were encountered in the connection.

invalid_scts: count &optional

Number of SCTs that could not be validated that were encountered in the connection.

valid_ct_logs: count &log &optional

Number of different Logs for which valid SCTs were encountered in the connection.

valid_ct_operators: count &log &optional

Number of different Log operators of which valid SCTs were encountered in the connection.

valid_ct_operators_list: set [string] &optional

List of operators for which valid SCTs were encountered in the connection.

ct_proofs: vector of SSL::SctInfo &default = [] &optional

Information about all SCTs that were encountered in the connection.

SSL::ssl_store_valid_chain: bool &redef  

Detailed Interface

Types

SSL::SctInfo
Type:

record

version: count

The version of the encountered SCT (should always be 0 for v1).

logid: string

The ID of the log issuing this SCT.

timestamp: count

The timestamp at which this SCT was issued measured since the epoch (January 1, 1970, 00:00), ignoring leap seconds, in milliseconds. Not converted to a Zeek timestamp because we need the exact value for validation.

sig_alg: count

The signature algorithm used for this sct.

hash_alg: count

The hash algorithm used for this sct.

signature: string

The signature of this SCT.

source: SSL::SctSource

Source of this SCT.

valid: bool &optional

Validation result of this SCT.

This record is used to store information about the SCTs that are encountered in a SSL connection.

SSL::SctSource
Type:

enum

SSL::SCT_X509_EXT

Signed Certificate Timestamp was encountered in the extension of an X.509 certificate.

SSL::SCT_TLS_EXT

Signed Certificate Timestamp was encountered in an TLS session extension.

SSL::SCT_OCSP_EXT

Signed Certificate Timestamp was encountered in the extension of an stapled OCSP reply.

List of the different sources for Signed Certificate Timestamp