suricata
suricata copied to clipboard
Modify TLS certificate decoding of validity timestamps to support tim…
Modify TLS certificate decoding of validity timestamps to support times between 1950 and 2049, as per RFC 5280
Make sure these boxes are signed before submitting your Pull Request -- thank you.
- [x] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
- [x] I have signed the Open Information Security Foundation contribution agreement at https://suricata-ids.org/about/contribution-agreement/
- [x] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/3253
Describe changes:
- Modified the TLS cert validity timestamp parsing functions to return LONG_MIN on error instead of 0, to allow for timestamps at epoch 0 (1970). A previous version of that code also checked for any epoch value <=0, which meant that any valid timestamp between 1950 and 1969 (RFC5280) was rejected. The code got refactored since, but was still left with the edge case of epoch=0.
- Added a test case to verify that a ts between 1950 and epoch 0 is parsed correctly.
- Added a test case to verify that a ts at epoch 0 is parsed correctly
Codecov Report
Merging #5764 (e9d946f) into master (b66d013) will increase coverage by
0.00%
. The diff coverage is90.32%
.
@@ Coverage Diff @@
## master #5764 +/- ##
=======================================
Coverage 72.38% 72.39%
=======================================
Files 604 604
Lines 179362 179381 +19
=======================================
+ Hits 129835 129855 +20
+ Misses 49527 49526 -1
Flag | Coverage Δ | |
---|---|---|
suricata-verify | 49.15% <47.36%> (+<0.01%) |
:arrow_up: |
unittests | 63.08% <87.09%> (+<0.01%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
And maybe add a comment in the code referring to https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
Warning: no commits in this PR have specified the following ticket(s):
- 3253 - https://redmine.openinfosecfoundation.org/issues/3253
Please update the commit(s) and submit a new PR.
Friendly ping @Fredamabob are you planning to work on this again ?
Replaced by https://github.com/OISF/suricata/pull/8324