Merge pull request #636 from 2miksyn/dev

Improve SSL detection, prevent false positive SSL detection
author: Luca Deri <lucaderi@users.noreply.github.com> 2018-11-14 00:36:29 +0100
committer: GitHub <noreply@github.com> 2018-11-14 00:36:29 +0100
commit: 771a6e9aab9b75d75ed8a7b7713a84baccbaf541 (patch)
tree: c11d82322a6f27154a4ef08e0dffb4c2d164b752 /src/lib/ndpi_main.c
parent: 2b4554ad44b979a95159ed814d8f7d4a5cb45e36 (diff)
parent: 8f8ca40f63bb47f337253074f395bc44f3cd6a86 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index da478cc3b..8e9bb53fc 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3948,7 +3948,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
 
     if(flow->guessed_protocol_id == NDPI_PROTOCOL_STUN)
       goto check_stun_export;
-    else if(flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') {
+    else if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) {
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN);
     } else {
       if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)
@@ -4283,7 +4283,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc
       }
     }
 
-    if(flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') {
+    if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) {
       unsigned long id;
       int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.client_certificate, &id);
author	Luca Deri <lucaderi@users.noreply.github.com>	2018-11-14 00:36:29 +0100
committer	GitHub <noreply@github.com>	2018-11-14 00:36:29 +0100
commit	771a6e9aab9b75d75ed8a7b7713a84baccbaf541 (patch)
tree	c11d82322a6f27154a4ef08e0dffb4c2d164b752 /src/lib/ndpi_main.c
parent	2b4554ad44b979a95159ed814d8f7d4a5cb45e36 (diff)
parent	8f8ca40f63bb47f337253074f395bc44f3cd6a86 (diff)