Improve SSL detection, prevent false positive SSL detection

author: Mikhail Smirnov <2miksyn@users.noreply.github.com> 2018-11-09 00:46:25 +0300
committer: Mikhail Smirnov <2miksyn@users.noreply.github.com> 2018-11-09 00:46:25 +0300
commit: 8f8ca40f63bb47f337253074f395bc44f3cd6a86 (patch)
tree: 6abe87c9f2fd0a2dd828bb4a8255f036600ac03d /src/lib/ndpi_main.c
parent: 9c5a4a6d1f117dbc8e3d0d46fa2d36f1d65761b3 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 7dd8777ec..6f3d03a48 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3948,7 +3948,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
 
     if(flow->guessed_protocol_id == NDPI_PROTOCOL_STUN)
       goto check_stun_export;
-    else if(flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') {
+    else if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) {
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN);
     } else {
       if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)
@@ -4268,7 +4268,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc
       }
     }
 
-    if(flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') {
+    if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) {
       unsigned long id;
       int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.client_certificate, &id);
author	Mikhail Smirnov <2miksyn@users.noreply.github.com>	2018-11-09 00:46:25 +0300
committer	Mikhail Smirnov <2miksyn@users.noreply.github.com>	2018-11-09 00:46:25 +0300
commit	8f8ca40f63bb47f337253074f395bc44f3cd6a86 (patch)
tree	6abe87c9f2fd0a2dd828bb4a8255f036600ac03d /src/lib/ndpi_main.c
parent	9c5a4a6d1f117dbc8e3d0d46fa2d36f1d65761b3 (diff)