diff options
| author | Luca Deri <deri@ntop.org> | 2022-01-13 19:03:17 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2022-01-13 19:06:21 +0100 |
| commit | 406ac7e8c825ba05bc6371ed3088226bdef21b02 (patch) | |
| tree | b759ec5050b56aa561874ce214ca7fddd6c1567f /src/lib/protocols | |
| parent | dc60cd09c49f52d2eba6c169f973f757695e4f5a (diff) | |
Added the ability to specify trusted issueDN often used in companies to self-signed certificates
This allows to avoid triggering alerts for trusted albeit private certificate issuers.
Extended the example/protos.txt with the new syntax for specifying trusted issueDN.
Example:
trusted_issuer_dn:"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US"
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/tls.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 4815275d4..b83505cd5 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -469,7 +469,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi if(flow->protos.tls_quic.notBefore > TLS_LIMIT_DATE) if((flow->protos.tls_quic.notAfter-flow->protos.tls_quic.notBefore) > TLS_THRESHOLD) - ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_CERT_VALIDITY_TOO_LONG); /* Certificate validity longer than 13 months*/ + ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_CERT_VALIDITY_TOO_LONG); /* Certificate validity longer than 13 months */ if((time_sec < flow->protos.tls_quic.notBefore) || (time_sec > flow->protos.tls_quic.notAfter)) @@ -652,8 +652,24 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi } if(flow->protos.tls_quic.subjectDN && flow->protos.tls_quic.issuerDN - && (!strcmp(flow->protos.tls_quic.subjectDN, flow->protos.tls_quic.issuerDN))) + && (!strcmp(flow->protos.tls_quic.subjectDN, flow->protos.tls_quic.issuerDN))) { + /* Last resort: we check if this is a trusted issuerDN */ + ndpi_list *head = ndpi_struct->trusted_issuer_dn; + + while(head != NULL) { +#if DEBUG_TLS + printf("TLS] %s() issuerDN %s / %s\n", __FUNCTION__, + flow->protos.tls_quic.issuerDN, head->value); +#endif + + if(strcmp(flow->protos.tls_quic.issuerDN, head->value) == 0) + return; /* This is a trusted DN */ + else + head = head->next; + } + ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SELFSIGNED_CERTIFICATE); + } #if DEBUG_TLS printf("[TLS] %s() SubjectDN [%s]\n", __FUNCTION__, rdnSeqBuf); |