[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation
Johanna Amann created BIT-1332:
--
Summary: Please merge topic/johanna/cert-validation
Key: BIT-1332
URL: https://bro-tracker.atlassian.net/browse/BIT-1332
Project: Bro Issue Tracker
Issue Type: Improvement
Components: Bro
Affects Versions: git/master
Reporter: Johanna Amann
Fix For: 2.4
Please merge topic/johanna/cert-validation. This is an update to the script
used to validate certificates in SSL/TLS connections. Description from main
commit:
{quote}
Update certificate validation script - new version will cache valid
intermediate chains that it encounters on the wire and use those to try
to validate chains that might be missing intermediate certificates.
This vastly improves the number of certificates that Bro can validate.
The only drawback is that now validation behavior is not entirely
predictable anymore - the certificate of a server can fail to validate
when Bro just started up (due to the intermediate missing), and succeed
later, when the intermediate can be found in the cache.
Has been tested on big-ish clusters and should not introduce any
performance problems.
{quote}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation
[
https://bro-tracker.atlassian.net/browse/BIT-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann updated BIT-1332:
---
Status: Merge Request (was: Open)
> Please merge topic/johanna/cert-validation
> --
>
> Key: BIT-1332
> URL: https://bro-tracker.atlassian.net/browse/BIT-1332
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
>Affects Versions: git/master
>Reporter: Johanna Amann
> Fix For: 2.4
>
>
> Please merge topic/johanna/cert-validation. This is an update to the script
> used to validate certificates in SSL/TLS connections. Description from main
> commit:
> {quote}
> Update certificate validation script - new version will cache valid
> intermediate chains that it encounters on the wire and use those to try
> to validate chains that might be missing intermediate certificates.
> This vastly improves the number of certificates that Bro can validate.
> The only drawback is that now validation behavior is not entirely
> predictable anymore - the certificate of a server can fail to validate
> when Bro just started up (due to the intermediate missing), and succeed
> later, when the intermediate can be found in the cache.
> Has been tested on big-ish clusters and should not introduce any
> performance problems.
> {quote}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation
[
https://bro-tracker.atlassian.net/browse/BIT-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann updated BIT-1332:
---
Status: Open (was: Merge Request)
> Please merge topic/johanna/cert-validation
> --
>
> Key: BIT-1332
> URL: https://bro-tracker.atlassian.net/browse/BIT-1332
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
>Affects Versions: git/master
>Reporter: Johanna Amann
> Fix For: 2.4
>
>
> Please merge topic/johanna/cert-validation. This is an update to the script
> used to validate certificates in SSL/TLS connections. Description from main
> commit:
> {quote}
> Update certificate validation script - new version will cache valid
> intermediate chains that it encounters on the wire and use those to try
> to validate chains that might be missing intermediate certificates.
> This vastly improves the number of certificates that Bro can validate.
> The only drawback is that now validation behavior is not entirely
> predictable anymore - the certificate of a server can fail to validate
> when Bro just started up (due to the intermediate missing), and succeed
> later, when the intermediate can be found in the cache.
> Has been tested on big-ish clusters and should not introduce any
> performance problems.
> {quote}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation
[
https://bro-tracker.atlassian.net/browse/BIT-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19954#comment-19954
]
Johanna Amann commented on BIT-1332:
Sorry, I actually found one more side case I want to fix before merging this :)
> Please merge topic/johanna/cert-validation
> --
>
> Key: BIT-1332
> URL: https://bro-tracker.atlassian.net/browse/BIT-1332
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
>Affects Versions: git/master
>Reporter: Johanna Amann
> Fix For: 2.4
>
>
> Please merge topic/johanna/cert-validation. This is an update to the script
> used to validate certificates in SSL/TLS connections. Description from main
> commit:
> {quote}
> Update certificate validation script - new version will cache valid
> intermediate chains that it encounters on the wire and use those to try
> to validate chains that might be missing intermediate certificates.
> This vastly improves the number of certificates that Bro can validate.
> The only drawback is that now validation behavior is not entirely
> predictable anymore - the certificate of a server can fail to validate
> when Bro just started up (due to the intermediate missing), and succeed
> later, when the intermediate can be found in the cache.
> Has been tested on big-ish clusters and should not introduce any
> performance problems.
> {quote}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation
[
https://bro-tracker.atlassian.net/browse/BIT-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann updated BIT-1332:
---
Status: Merge Request (was: Open)
> Please merge topic/johanna/cert-validation
> --
>
> Key: BIT-1332
> URL: https://bro-tracker.atlassian.net/browse/BIT-1332
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
>Affects Versions: git/master
>Reporter: Johanna Amann
> Fix For: 2.4
>
>
> Please merge topic/johanna/cert-validation. This is an update to the script
> used to validate certificates in SSL/TLS connections. Description from main
> commit:
> {quote}
> Update certificate validation script - new version will cache valid
> intermediate chains that it encounters on the wire and use those to try
> to validate chains that might be missing intermediate certificates.
> This vastly improves the number of certificates that Bro can validate.
> The only drawback is that now validation behavior is not entirely
> predictable anymore - the certificate of a server can fail to validate
> when Bro just started up (due to the intermediate missing), and succeed
> later, when the intermediate can be found in the cache.
> Has been tested on big-ish clusters and should not introduce any
> performance problems.
> {quote}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation
[
https://bro-tracker.atlassian.net/browse/BIT-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19955#comment-19955
]
Johanna Amann commented on BIT-1332:
Actually - merge this after all, the additional change I want to do is more
complicated, might not make it into 2.4 and only adds additional functionality
(not a bug fix).
> Please merge topic/johanna/cert-validation
> --
>
> Key: BIT-1332
> URL: https://bro-tracker.atlassian.net/browse/BIT-1332
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
>Affects Versions: git/master
>Reporter: Johanna Amann
> Fix For: 2.4
>
>
> Please merge topic/johanna/cert-validation. This is an update to the script
> used to validate certificates in SSL/TLS connections. Description from main
> commit:
> {quote}
> Update certificate validation script - new version will cache valid
> intermediate chains that it encounters on the wire and use those to try
> to validate chains that might be missing intermediate certificates.
> This vastly improves the number of certificates that Bro can validate.
> The only drawback is that now validation behavior is not entirely
> predictable anymore - the certificate of a server can fail to validate
> when Bro just started up (due to the intermediate missing), and succeed
> later, when the intermediate can be found in the cache.
> Has been tested on big-ish clusters and should not introduce any
> performance problems.
> {quote}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation
[
https://bro-tracker.atlassian.net/browse/BIT-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robin Sommer reassigned BIT-1332:
-
Assignee: Robin Sommer
> Please merge topic/johanna/cert-validation
> --
>
> Key: BIT-1332
> URL: https://bro-tracker.atlassian.net/browse/BIT-1332
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
>Affects Versions: git/master
>Reporter: Johanna Amann
>Assignee: Robin Sommer
> Fix For: 2.4
>
>
> Please merge topic/johanna/cert-validation. This is an update to the script
> used to validate certificates in SSL/TLS connections. Description from main
> commit:
> {quote}
> Update certificate validation script - new version will cache valid
> intermediate chains that it encounters on the wire and use those to try
> to validate chains that might be missing intermediate certificates.
> This vastly improves the number of certificates that Bro can validate.
> The only drawback is that now validation behavior is not entirely
> predictable anymore - the certificate of a server can fail to validate
> when Bro just started up (due to the intermediate missing), and succeed
> later, when the intermediate can be found in the cache.
> Has been tested on big-ish clusters and should not introduce any
> performance problems.
> {quote}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1332) Please merge topic/johanna/cert-validation
[
https://bro-tracker.atlassian.net/browse/BIT-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robin Sommer updated BIT-1332:
--
Resolution: Merged (was: Fixed)
Status: Closed (was: Merge Request)
> Please merge topic/johanna/cert-validation
> --
>
> Key: BIT-1332
> URL: https://bro-tracker.atlassian.net/browse/BIT-1332
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
>Affects Versions: git/master
>Reporter: Johanna Amann
>Assignee: Robin Sommer
> Fix For: 2.4
>
>
> Please merge topic/johanna/cert-validation. This is an update to the script
> used to validate certificates in SSL/TLS connections. Description from main
> commit:
> {quote}
> Update certificate validation script - new version will cache valid
> intermediate chains that it encounters on the wire and use those to try
> to validate chains that might be missing intermediate certificates.
> This vastly improves the number of certificates that Bro can validate.
> The only drawback is that now validation behavior is not entirely
> predictable anymore - the certificate of a server can fail to validate
> when Bro just started up (due to the intermediate missing), and succeed
> later, when the intermediate can be found in the cache.
> Has been tested on big-ish clusters and should not introduce any
> performance problems.
> {quote}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
