Fixed certificate mismatch for TLS flows with no client hello observed

author: Luca Deri <deri@ntop.org> 2021-11-02 12:06:18 +0100
committer: Luca Deri <deri@ntop.org> 2021-11-02 12:06:18 +0100
commit: b11065b2e3c724b2cb0e692e1818a4699c9cc803 (patch)
tree: 7cc2e7dd33affaad10106d6ea79121900204bdfc /src/lib/protocols/tls.c
parent: 9f8c1e8630f4b44fda1bb6d1fafa82f5b2b4e3d3 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 1a490607b..eb9e46fbb 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -39,7 +39,7 @@ extern int quic_len_buffer_still_required(uint8_t value);
 extern int is_version_with_var_int_transport_params(uint32_t version);
 
 // #define DEBUG_TLS_MEMORY       1
-// #define DEBUG_TLS              1
+ #define DEBUG_TLS              1
 // #define DEBUG_TLS_BLOCKS       1
 // #define DEBUG_CERTIFICATE_HASH
 
@@ -477,6 +477,10 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
       /* Organization OID: 2.5.29.17 (subjectAltName) */
       u_int8_t matched_name = 0;
 
+      /* If the client hello was not observed or the requested name was missing, there is no need to trigger an alert */
+      if(flow->protos.tls_quic_stun.tls_quic.client_requested_server_name[0] == '\0')
+	matched_name = 1;
+	
 #ifdef DEBUG_TLS
       printf("******* [TLS] Found subjectAltName\n");
 #endif
author	Luca Deri <deri@ntop.org>	2021-11-02 12:06:18 +0100
committer	Luca Deri <deri@ntop.org>	2021-11-02 12:06:18 +0100
commit	b11065b2e3c724b2cb0e692e1818a4699c9cc803 (patch)
tree	7cc2e7dd33affaad10106d6ea79121900204bdfc /src/lib/protocols/tls.c
parent	9f8c1e8630f4b44fda1bb6d1fafa82f5b2b4e3d3 (diff)