Cleaned-up issuer DN check code adding

u_int8_t ndpi_check_issuerdn_risk_exception(struct ndpi_detection_module_struct *ndpi_str, char *issuerDN);

Added new API function for checking nDPI-configured exceptions
u_int8_t ndpi_check_flow_risk_exception(struct ndpi_detection_module_struct *ndpi_str,
                                        u_int num_params,
                                        ndpi_risk_params **params);

1 files changed, 4 insertions, 15 deletions

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 79846f670..71e7ae504 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -699,23 +699,12 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
   if(flow->protos.tls_quic.subjectDN && flow->protos.tls_quic.issuerDN
      && (!strcmp(flow->protos.tls_quic.subjectDN, flow->protos.tls_quic.issuerDN))) {
     /* Last resort: we check if this is a trusted issuerDN */
-    ndpi_list *head = ndpi_struct->trusted_issuer_dn;
-
-    while(head != NULL) {
-#if DEBUG_TLS
-      printf("TLS] %s() issuerDN %s / %s\n", __FUNCTION__,
-	     flow->protos.tls_quic.issuerDN, head->value);
-#endif
-
-      if(strcmp(flow->protos.tls_quic.issuerDN, head->value) == 0)
-	return; /* This is a trusted DN */
-      else
-	head = head->next;
-    }
-
+    if(ndpi_check_issuerdn_risk_exception(ndpi_struct, flow->protos.tls_quic.issuerDN))
+      return; /* This is a trusted DN */
+    
     ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SELFSIGNED_CERTIFICATE, flow->protos.tls_quic.subjectDN);
   }
-
+  
 #if DEBUG_TLS
   printf("[TLS] %s() SubjectDN [%s]\n", __FUNCTION__, rdnSeqBuf);
 #endif