Added the ability to specify trusted issueDN often used in companies to self-signed certificates

This allows to avoid triggering alerts for trusted albeit private certificate issuers.

Extended the example/protos.txt with the new syntax for specifying trusted issueDN.
Example:

trusted_issuer_dn:"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US"

2 files changed, 16 insertions, 0 deletions

diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in
index 40e16c993..02436b285 100644
--- a/src/include/ndpi_api.h.in
+++ b/src/include/ndpi_api.h.in
@@ -726,6 +726,15 @@ extern "C" {
   int ndpi_add_host_risk_mask(struct ndpi_detection_module_struct *ndpi_mod, char *host, ndpi_risk mask);
 
   /**
+   * Add a trusted certificate issuer DN
+   *
+   * @par     ndpi_mod = the detection module
+   * @par     dn       = the issuer DN as it appears in the certificate (example "CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US")
+   * @return  0 if the rule is loaded correctly; < 0 in case an error is detected
+   */
+  int ndpi_add_trusted_issuer_dn(struct ndpi_detection_module_struct *ndpi_mod, char *dn);
+
+  /**
    * Read a file and load the categories
    *
    * @par     ndpi_mod = the detection module
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index eab3fe24d..e4595271d 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1016,6 +1016,11 @@ typedef enum {
   ndpi_hangout_cache
 } ndpi_lru_cache_type;
 
+typedef struct ndpi_list_struct {
+  char *value;
+  struct ndpi_list_struct *next;
+} ndpi_list;
+
 struct ndpi_detection_module_struct {
   NDPI_PROTOCOL_BITMASK detection_bitmask;
   NDPI_PROTOCOL_BITMASK generic_http_packet_bitmask;
@@ -1077,6 +1082,8 @@ struct ndpi_detection_module_struct {
     host_risk_mask_automa, common_alpns_automa;  
   /* IMPORTANT: please update ndpi_finalize_initialization() whenever you add a new automa */
 
+  ndpi_list *trusted_issuer_dn;
+  
   void *ip_risk_mask_ptree;
   
   struct {