Added the ability to specify trusted issueDN often used in companies to self-signed certificates

This allows to avoid triggering alerts for trusted albeit private certificate issuers. Extended the example/protos.txt with the new syntax for specifying trusted issueDN. Example: trusted_issuer_dn:"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US"
author: Luca Deri <deri@ntop.org> 2022-01-13 19:03:17 +0100
committer: Luca Deri <deri@ntop.org> 2022-01-13 19:06:21 +0100
commit: 406ac7e8c825ba05bc6371ed3088226bdef21b02 (patch)
tree: b759ec5050b56aa561874ce214ca7fddd6c1567f /src/include/ndpi_api.h.in
parent: dc60cd09c49f52d2eba6c169f973f757695e4f5a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in
index 40e16c993..02436b285 100644
--- a/src/include/ndpi_api.h.in
+++ b/src/include/ndpi_api.h.in
@@ -726,6 +726,15 @@ extern "C" {
   int ndpi_add_host_risk_mask(struct ndpi_detection_module_struct *ndpi_mod, char *host, ndpi_risk mask);
 
   /**
+   * Add a trusted certificate issuer DN
+   *
+   * @par     ndpi_mod = the detection module
+   * @par     dn       = the issuer DN as it appears in the certificate (example "CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US")
+   * @return  0 if the rule is loaded correctly; < 0 in case an error is detected
+   */
+  int ndpi_add_trusted_issuer_dn(struct ndpi_detection_module_struct *ndpi_mod, char *dn);
+
+  /**
    * Read a file and load the categories
    *
    * @par     ndpi_mod = the detection module
author	Luca Deri <deri@ntop.org>	2022-01-13 19:03:17 +0100
committer	Luca Deri <deri@ntop.org>	2022-01-13 19:06:21 +0100
commit	406ac7e8c825ba05bc6371ed3088226bdef21b02 (patch)
tree	b759ec5050b56aa561874ce214ca7fddd6c1567f /src/include/ndpi_api.h.in
parent	dc60cd09c49f52d2eba6c169f973f757695e4f5a (diff)