We are seeing a number of these alerts with connections to our Active Directory LDAPS service. I don’t expect there to be any issue with the AD certificate since we have no other issues. This seems to come from an error thrown by the rust parse_x509_der() function. Is there any chance that suricata is actually trying to validate the certificate here?
payload: "wIbtWCoZxUxJvOd/w/DZBrJCVgUc3s224D10WCBSwl+7hEx4aNbq8Qnqnm3ibwrKPsYvsDwMv8HPB0Slw1I1SbvYKSreDko86ExxrltISOoU2Z9GWhV0FWTKO4y6PLUgel/x8vQbJT1FjUerkBbv5JRBgYp6j7bbdP10bcu+C+cCr3eKCLycwCGOI1kRCbrIka6RXFON7Ske4W4fF9Br8MPqtFq1fUOxmhTfme9P39f3uadVbuPpm30XkMoqkwhV/Mw4WOiF/uMVDgnL17SNEia2oHdlF1SsosV+hi2EeZIUTl0bVDczVNwCyl4abyqIRBAd/3ZyD+/8l0AAaiVXMHn9opvOAZ7LWp/ku9rmCPFFGvQ+s+WgWNoD0DOs4MyfoZ6hPWfYLCFIx+078z1nUGaLqBCqwEMfQ4mg2amQ+m70BualThXRT+S1iEZ5WJ6srb+Id2fq7Pl+1mQfAAsjo5/u8eq13Y9lfFq9/8GtXxo6TwLMExonrRb7qs7yNXb8QJqsL8ShENRespPfMUiY/VFroPLs76hBekBglI7zn2tL9SzIHfGnV1G0ZkLkranl8DFqNrK1trxhuFEhQrKMzY8+eutvM4RLBP40DAABKAMAHSBR9SEpR0gNsormkGRKBkBRrf4h7NbC12licoI118G4awQBAQCqyDhz+LEg9pM8PlT9nEsTQcu1jftkXCQAnkLkRoBX2a8j747Hp9RDRLUe7vcNE0+LNTj6HEyQjR0RIBPgiCZxeTwzoElx3ElZwkvDFglN/q34QXX5ks6RNSckLjUVTkLlfhru4OpaCJ7QjmaRri6/JSEcm55My4wokXC3a+aUGPwsAqN0JDbcKXNkznBwnm3WkomPdvPdRWmBNdOeYd/VhEM88vd7ZqTOlF5J5ZaK2PO17z4820h5f73H+Uhep8pP7kQSf3kRYjQzYknoTjlCOBSEsKcuv66x3MqcYrjqqrNatRnKM2GkhTrEZ+0isHdFIhk8eyATWKPBKzM5DlD+DQAAGgMBAkAAEgQBBQECAQQDBQMCAwICBgEGAwAADgAAAA==",
packet: "AAiiCaQnABVdCgwBCABFAABnfv5AAIAGXHQKCgsKCgoAAQJ8o02/DH0yuqZA2IAYAQPmowAAAQEICmcuaQhVoXkcFAMDAAEBFgMDACgAAAAAAAAAAHNnXKXKNcCWNReF884nf89gZAhvCWqHltcs3re5s2xS",