base/files/x509/main.zeek¶
-
X509
¶
- Namespace
X509
- Imports
Summary¶
Runtime Options¶
How often do you have to encounter a certificate before caching it. |
|
The timespan over which caching_required_encounters has to be reached |
|
Maximum size of the certificate cache |
|
|
After a certificate has not been encountered for this time, it may be evicted from the certificate cache. |
Types¶
The record type which contains the fields of the X.509 log. |
|
This record is used to store information about the SCTs that are encountered in Certificates. |
Redefinitions¶
|
|
Events¶
Event for accessing logged records. |
Hooks¶
This hook performs event-replays in case a certificate that already is in the cache is encountered. |
Detailed Interface¶
Runtime Options¶
-
X509::caching_required_encounters
¶ -
How often do you have to encounter a certificate before caching it. Set to 0 to disable caching of certificates.
-
X509::caching_required_encounters_interval
¶ -
The timespan over which caching_required_encounters has to be reached
-
X509::certificate_cache_max_entries
¶ -
Maximum size of the certificate cache
Types¶
-
X509::Info
¶ - Type
-
- ts:
time
&log
Current timestamp.
- id:
string
&log
File id of this certificate.
- certificate:
X509::Certificate
&log
Basic information about the certificate.
- handle:
opaque
of x509 The opaque wrapping the certificate. Mainly used for the verify operations.
- extensions:
vector
ofX509::Extension
&default
=[]
&optional
All extensions that were encountered in the certificate.
- san:
X509::SubjectAlternativeName
&optional
&log
Subject alternative name extension of the certificate.
- basic_constraints:
X509::BasicConstraints
&optional
&log
Basic constraints extension of the certificate.
- extensions_cache:
vector
ofany
&default
=[]
&optional
All extensions in the order they were raised. This is used for caching certificates that are commonly encountered and should not be relied on in user scripts.
- logcert:
bool
&default
=T
&optional
(present if policy/protocols/ssl/log-hostcerts-only.zeek is loaded)
Logging of certificate is suppressed if set to F
- ts:
The record type which contains the fields of the X.509 log.
-
X509::SctInfo
¶ - Type
-
- version:
count
The version of the encountered SCT (should always be 0 for v1).
- logid:
string
The ID of the log issuing this SCT.
- timestamp:
count
The timestamp at which this SCT was issued measured since the epoch (January 1, 1970, 00:00), ignoring leap seconds, in milliseconds. Not converted to a Zeek timestamp because we need the exact value for validation.
- hash_alg:
count
The hash algorithm used for this sct.
- sig_alg:
count
The signature algorithm used for this sct.
- signature:
string
The signature of this SCT.
- version:
This record is used to store information about the SCTs that are encountered in Certificates.
Events¶
-
X509::log_x509
¶ - Type
event
(rec:X509::Info
)
Event for accessing logged records.
Hooks¶
-
X509::log_policy
¶ - Type
-
X509::x509_certificate_cache_replay
¶ - Type
hook
(f:fa_file
, e:X509::Info
, sha256:string
) :bool
This hook performs event-replays in case a certificate that already is in the cache is encountered.
It is possible to change this behavior/skip sending the events by installing a higher priority hook instead.