[Oisf-devel] [PATCH 1/3] Add ASN.1 parser for X509 certificates (in DER format)

Victor Julien victor at inliniac.net
Fri Nov 4 16:28:46 UTC 2011

On 11/04/2011 12:55 PM, Pierre Chifflier wrote:
>>> +    if (d_length+(d_ptr-buffer) != size) {
>>> +        SCLogWarning(SC_ERR_ALPARSER, "Invalid ASN.1 structure: size of top-level sequence does not match length\n");
>> Please don't issue errors/warnings based on malformed traffic. I know we
>> have a few of those currently but these are scheduled for removal as
>> well. Btw, no newline should be at the end of these macro calls.
> Ok, all warnings from the parser were removed. This makes it more silent
> in the case the stream is malformed, but there is no other consequence.

Actually it may be interesting to set flags for the events. Then we can
add a keyword that allows us to match on the flags so ppl can choose to
alert/drop on malformed traffic. This is the direction we're going with
the HTTP code and what we already did for stream events and pkt decoder

> Additionally, I have changed the license to BSD, as discussed.

Nice, thanks!

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-devel mailing list