diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-10-18 16:40:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-18 16:40:15 +0200 |
| commit | 35fdbc81480cdeaafc593fe952b2b28ebccbb0c2 (patch) | |
| tree | 3cc1eaaf1716cb037236eee98725daed592e41f8 /src/include | |
| parent | 223a6fb9f7403b34a93b04f6266db6b6e430782c (diff) | |
TLS: explicit ignore client certificate (#1776)
TLS classification usually stops after processing *server* certificates
(if any). That means, that *client* certificate, if present, is usually
ignored.
However in some corner cases (i.e. unidirectional traffic) we might end
up processing client certificate and exposing its metadata: the issue is
that the application will think that this metadata are about the server
and not about the client.
So, for the time being, always ignore client certificate processing.
As a future work, we might find an efficient way to process and export both
certificates.
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index f39b2b6bd..c83280e0a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1405,7 +1405,7 @@ struct ndpi_flow_struct { char ja3_client[33], ja3_server[33]; u_int16_t server_cipher; u_int8_t sha1_certificate_fingerprint[20]; - u_int8_t hello_processed:1, subprotocol_detected:1, fingerprint_set:1, _pad:5; + u_int8_t hello_processed:1, ch_direction:1, subprotocol_detected:1, fingerprint_set:1, _pad:4; #ifdef TLS_HANDLE_SIGNATURE_ALGORITMS /* Under #ifdef to save memory for those who do not need them */ |