diff options
author | Ermal Luçi <eri@pfsense.org> | 2008-08-02 22:24:45 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2008-08-02 22:24:45 +0000 |
commit | 4ae45b1093b1a2fda98b263a5cffce9689ad109a (patch) | |
tree | c770e69156a527cbe1deb11a288dc3315c9423ca /usr/local/share/protocols/validcertssl.pat | |
parent | b5a7edb1ca42023606cde872cb8b5339d3b9837a (diff) | |
download | pfsense-4ae45b1093b1a2fda98b263a5cffce9689ad109a.zip pfsense-4ae45b1093b1a2fda98b263a5cffce9689ad109a.tar.gz |
Add protocol definitions needed by ipfw-classifyd. Basically they are copied from the ipfw-classifyd pfPort which inherits them from l7-filter project on sf.net.
Diffstat (limited to 'usr/local/share/protocols/validcertssl.pat')
-rw-r--r-- | usr/local/share/protocols/validcertssl.pat | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/usr/local/share/protocols/validcertssl.pat b/usr/local/share/protocols/validcertssl.pat new file mode 100644 index 0000000..c004517 --- /dev/null +++ b/usr/local/share/protocols/validcertssl.pat @@ -0,0 +1,24 @@ +# Valid certificate SSL +# Pattern attributes: good notsofast notsofast subset +# Protocol groups: secure ietf_proposed_standard +# Wiki: http://www.protocolinfo.org/wiki/SSL + +# This matches anything claiming to use a valid certificate from a well +# known certificate authority. +# +# This is a subset of ssl, so it needs to come first to match. +# +# Note that opening a website that has a valid certificate will +# open one connection that matches this and many ssl connections that +# only match the ssl pattern. Thus, this pattern may not be very useful. +# +# This pattern is believed match only the above, but may not match all +# of it. +# +# the certificate authority info is sent in quasi plain text, if it matches +# a well known certificate authority then we will assume it is a +# web/imaps/etc server. Other ssl may be good too, but it should fall under +# a different rule + +validcertssl +^(.?.?\x16\x03.*\x16\x03|.?.?\x01\x03\x01?.*\x0b).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\.net limited) |