From 5b230bbce50e5c979221969bfdae3d42f8e558b8 Mon Sep 17 00:00:00 2001
From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Tue, 20 Oct 2015 14:58:05 +0200
Subject: [PATCH] output-json-tls: add notBefore and notAfter fields to
 extended output

Add notBefore and notAfter fields from TLS certificate to extended JSON
output.
---
 src/output-json-tls.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/output-json-tls.c b/src/output-json-tls.c
index c713503179..34a12158e8 100644
--- a/src/output-json-tls.c
+++ b/src/output-json-tls.c
@@ -123,6 +123,26 @@ void JsonTlsLogJSONExtended(json_t *tjs, SSLState * state)
             break;
     }
     json_object_set_new(tjs, "version", json_string(ssl_version));
+
+    /* tls.notbefore */
+    if (state->server_connp.cert0_not_before != 0) {
+        char timebuf[64];
+        struct timeval tv;
+        tv.tv_sec = state->server_connp.cert0_not_before;
+        tv.tv_usec = 0;
+        CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+        json_object_set_new(tjs, "notbefore", json_string(timebuf));
+    }
+
+    /* tls.notafter */
+    if (state->server_connp.cert0_not_after != 0) {
+        char timebuf[64];
+        struct timeval tv;
+        tv.tv_sec = state->server_connp.cert0_not_after;
+        tv.tv_usec = 0;
+        CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
+       json_object_set_new(tjs, "notafter", json_string(timebuf));
+    }
 }
 
 static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,