base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek
- GLOBAL
- Namespace
GLOBAL
Summary
Events
This event is raised when an OCSP extension is encountered in an OCSP response. |
|
Event that is raised when encountering an OCSP request, e.g. |
|
Event that is raised when encountering an OCSP request for a certificate, e.g. |
|
This event is raised when encountering an OCSP response that contains response information. |
|
This event is raised for each SingleResponse contained in an OCSP response. |
|
This event is raised when encountering an OCSP reply, e.g. |
Detailed Interface
Events
- ocsp_extension
- Type
event
(f:fa_file
, ext:X509::Extension
, global_resp:bool
)
This event is raised when an OCSP extension is encountered in an OCSP response. See RFC 6960 for more details on OCSP.
- F
The file.
- Ext
The parsed extension (same format as X.509 extensions).
- Global_resp
T if extension encountered in the global response (in ResponseData), F when encountered in a SingleResponse.
See also:
ocsp_request
,ocsp_request_certificate
,ocsp_response_status
,ocsp_response_bytes
,ocsp_response_certificate
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_request
-
Event that is raised when encountering an OCSP request, e.g. in an HTTP connection. See RFC 6960 for more details.
This event is raised exactly once for each OCSP Request.
- F
The file.
- Req
version: the version of the OCSP request. Typically 0 (Version 1).
See also:
ocsp_request_certificate
,ocsp_response_status
,ocsp_response_bytes
,ocsp_response_certificate
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_request_certificate
- Type
event
(f:fa_file
, hashAlgorithm:string
, issuerNameHash:string
, issuerKeyHash:string
, serialNumber:string
)
Event that is raised when encountering an OCSP request for a certificate, e.g. in an HTTP connection. See RFC 6960 for more details.
Note that a single OCSP request can contain requests for several certificates. Thus this event can fire several times for one OCSP request, each time requesting information for a different (or in theory even the same) certificate.
- F
The file.
- HashAlgorithm
The hash algorithm used for the issuerKeyHash.
- IssuerKeyHash
Hash of the issuers public key.
- SerialNumber
Serial number of the certificate for which the status is requested.
See also:
ocsp_request
,ocsp_response_status
,ocsp_response_bytes
,ocsp_response_certificate
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_response_bytes
- Type
event
(f:fa_file
, status:string
, version:count
, responderId:string
, producedAt:time
, signatureAlgorithm:string
, certs:x509_opaque_vector
)
This event is raised when encountering an OCSP response that contains response information. An OCSP reply can be encountered, for example, in an HTTP connection or a TLS extension. See RFC 6960 for more details on OCSP.
- F
The file.
- Status
The status of the OCSP response (e.g. succesful, malformedRequest, tryLater).
- Version
Version of the OCSP response (typically - for version 1).
- ResponderId
The id of the OCSP responder; either a public key hash or a distinguished name.
- ProducedAt
Time at which the reply was produced.
- SignatureAlgorithm
Algorithm used for the OCSP signature.
- Certs
Optional list of certificates that are sent with the OCSP response; these typically are needed to perform validation of the reply.
See also:
ocsp_request
,ocsp_request_certificate
,ocsp_response_status
,ocsp_response_certificate
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_response_certificate
- Type
event
(f:fa_file
, hashAlgorithm:string
, issuerNameHash:string
, issuerKeyHash:string
, serialNumber:string
, certStatus:string
, revokeTime:time
, revokeReason:string
, thisUpdate:time
, nextUpdate:time
)
This event is raised for each SingleResponse contained in an OCSP response. See RFC 6960 for more details on OCSP.
- F
The file.
- HashAlgorithm
The hash algorithm used for issuerNameHash and issuerKeyHash.
- IssuerNameHash
Hash of the issuer’s distinguished name.
- IssuerKeyHash
Hash of the issuer’s public key.
- SerialNumber
Serial number of the affected certificate.
- CertStatus
Status of the certificate.
- RevokeTime
Time the certificate was revoked, 0 if not revoked.
- RevokeTeason
Reason certificate was revoked; empty string if not revoked or not specified.
- ThisUpdate
Time this response was generated.
- NextUpdate
Time next response will be ready; 0 if not supploed.
See also:
ocsp_request
,ocsp_request_certificate
,ocsp_response_status
,ocsp_response_bytes
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp
- ocsp_response_status
-
This event is raised when encountering an OCSP reply, e.g. in an HTTP connection or a TLS extension. See RFC 6960 for more details.
This event is raised exactly once for each OCSP reply.
- F
The file.
- Status
The status of the OCSP response (e.g. succesful, malformedRequest, tryLater).
See also:
ocsp_request
,ocsp_request_certificate
,ocsp_response_bytes
,ocsp_response_certificate
,ocsp_extension
,x509_ocsp_ext_signed_certificate_timestamp