diff options
| author | Luca Deri <deri@ntop.org> | 2020-05-07 18:44:51 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-05-07 18:44:51 +0200 |
| commit | 4a09b4efa053a26e187119a540da4b41dd8a24d8 (patch) | |
| tree | 71cf15d44e184b3a4f21e512465dbd01abdd2c23 /example | |
| parent | fd646bd05ffee4f0da9eaf55ad9e581770ecb099 (diff) | |
Added TLS issuerDN and subjectDN
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 9 | ||||
| -rw-r--r-- | example/reader_util.c | 18 | ||||
| -rw-r--r-- | example/reader_util.h | 2 |
3 files changed, 25 insertions, 4 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2818c2c41..5bcf411fe 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -608,6 +608,7 @@ void printCSVHeader() { fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,"); fprintf(csv_fp, "ja3s,tls_server_unsafe,"); fprintf(csv_fp, "tls_alpn,tls_supported_versions,"); + fprintf(csv_fp, "tls_issuerDN,tls_subjectDN,"); fprintf(csv_fp, "ssh_client_hassh,ssh_server_hassh,flow_info"); /* Joy */ @@ -1106,6 +1107,10 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa flow->ssh_tls.tls_alpn ? flow->ssh_tls.tls_alpn : "", flow->ssh_tls.tls_supported_versions ? flow->ssh_tls.tls_supported_versions : "" ); + fprintf(csv_fp, "%s,%s,", + flow->ssh_tls.tls_issuerDN ? flow->ssh_tls.tls_issuerDN : "", + flow->ssh_tls.tls_subjectDN ? flow->ssh_tls.tls_subjectDN : "" + ); fprintf(csv_fp, "%s,%s", (flow->ssh_tls.client_hassh[0] != '\0') ? flow->ssh_tls.client_hassh : "", (flow->ssh_tls.server_hassh[0] != '\0') ? flow->ssh_tls.server_hassh : "" @@ -1234,7 +1239,9 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_tls.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_tls.ja3_server, print_cipher(flow->ssh_tls.server_unsafe_cipher)); - if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[Organization: %s]", flow->ssh_tls.server_organization); + + if(flow->ssh_tls.tls_issuerDN) fprintf(out, "[Issuer: %s]", flow->ssh_tls.tls_issuerDN); + if(flow->ssh_tls.tls_subjectDN) fprintf(out, "[Subject: %s]", flow->ssh_tls.tls_subjectDN); if((flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) || (flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS)) { diff --git a/example/reader_util.c b/example/reader_util.c index 3c1af8397..142e0ebe8 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -479,6 +479,16 @@ void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) { ndpi_free(flow->ssh_tls.tls_supported_versions); flow->ssh_tls.tls_supported_versions = NULL; } + + if(flow->ssh_tls.tls_issuerDN) { + ndpi_free(flow->ssh_tls.tls_issuerDN); + flow->ssh_tls.tls_issuerDN = NULL; + } + + if(flow->ssh_tls.tls_subjectDN) { + ndpi_free(flow->ssh_tls.tls_subjectDN); + flow->ssh_tls.tls_subjectDN = NULL; + } } /* ***************************************************** */ @@ -1084,8 +1094,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(flow->ndpi_flow->protos.stun_ssl.ssl.server_names_len > 0) flow->ssh_tls.server_names = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.server_names); - snprintf(flow->ssh_tls.server_organization, sizeof(flow->ssh_tls.server_organization), "%s", - flow->ndpi_flow->protos.stun_ssl.ssl.server_organization); flow->ssh_tls.notBefore = flow->ndpi_flow->protos.stun_ssl.ssl.notBefore; flow->ssh_tls.notAfter = flow->ndpi_flow->protos.stun_ssl.ssl.notAfter; snprintf(flow->ssh_tls.ja3_client, sizeof(flow->ssh_tls.ja3_client), "%s", @@ -1106,6 +1114,12 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl correct_csv_data_field(flow->ssh_tls.tls_alpn); } + if(flow->ndpi_flow->protos.stun_ssl.ssl.issuerDN) + flow->ssh_tls.tls_issuerDN = strdup(flow->ndpi_flow->protos.stun_ssl.ssl.issuerDN); + + if(flow->ndpi_flow->protos.stun_ssl.ssl.subjectDN) + flow->ssh_tls.tls_subjectDN = strdup(flow->ndpi_flow->protos.stun_ssl.ssl.subjectDN); + if(flow->ssh_tls.tls_supported_versions) { if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions)) != NULL) correct_csv_data_field(flow->ssh_tls.tls_supported_versions); diff --git a/example/reader_util.h b/example/reader_util.h index c726c9672..3b3360718 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -199,7 +199,7 @@ typedef struct ndpi_flow_info { char client_requested_server_name[64], server_info[64], client_hassh[33], server_hassh[33], *server_names, *tls_alpn, *tls_supported_versions, - server_organization[64], + *tls_issuerDN, *tls_subjectDN, ja3_client[33], ja3_server[33], sha1_cert_fingerprint[20]; u_int8_t sha1_cert_fingerprint_set; |