bdavis
Feb 15, 2019Nimbostratus
SNI & Subject.DN Question
I have a use case where I filter traffic based on the SNI value gained by a binary scan in CLIENT_DATA but in some cases SNI value is null. I'm wanting to look at the servers subject.dn when this happens. I know that I can gain the subject.dn from SERVERSSL_SERVERCERT in the below code however I have no way to gain the same information in CLIENT_DATA or signal SERVERSSL_SERVERCERT that based on the information in CLIENT_DATA that it needs to get the subject.dn and do stuff. If anyone has any ideas I would be very grateful.
when SERVERSSL_SERVERCERT {
if { [SSL::cert count] != 0 }{
set cert [SSL::cert 0]
set subject_dn [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
log "gn_proxy: Server Certificate Received: $subject_dn [IP::server_addr]"
}
}