diff options
| author | Luca Deri <lucaderi@users.noreply.github.com> | 2018-11-14 00:36:29 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-14 00:36:29 +0100 |
| commit | 771a6e9aab9b75d75ed8a7b7713a84baccbaf541 (patch) | |
| tree | c11d82322a6f27154a4ef08e0dffb4c2d164b752 /src/lib/protocols/ssl.c | |
| parent | 2b4554ad44b979a95159ed814d8f7d4a5cb45e36 (diff) | |
| parent | 8f8ca40f63bb47f337253074f395bc44f3cd6a86 (diff) | |
Merge pull request #636 from 2miksyn/dev
Improve SSL detection, prevent false positive SSL detection
Diffstat (limited to 'src/lib/protocols/ssl.c')
| -rw-r--r-- | src/lib/protocols/ssl.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 9f1390d49..25d535a57 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -39,8 +39,8 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st { struct ndpi_packet_struct *packet = &flow->packet; - if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') - || (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0') + if(((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) + || ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')) || (flow->host_server_name[0] != '\0')) protocol = NDPI_PROTOCOL_SSL; else @@ -348,7 +348,7 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi packet->ssl_certificate_num_checks++; if (rc > 0) { packet->ssl_certificate_detected++; - if (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0') + if ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')) /* 0 means we're done processing extra packets (since we found what we wanted) */ return 0; } @@ -405,7 +405,7 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s /* If we've detected the subprotocol from client certificate but haven't had a chance * to see the server certificate yet, set up extra packet processing to wait * a few more packets. */ - if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { + if(((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) && ((flow->l4.tcp.ssl_seen_server_cert != 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0'))) { sslInitExtraPacketProcessing(0, flow); } @@ -422,8 +422,8 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s && flow->l4.tcp.seen_syn && flow->l4.tcp.seen_syn_ack && flow->l4.tcp.seen_ack /* We have seen the 3-way handshake */) - || (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0') - /* || (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') */ + || ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')) + /* || ((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) */ ) { ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } |