diff options
| author | Luca Deri <deri@ntop.org> | 2020-05-15 18:57:49 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-05-15 18:57:49 +0200 |
| commit | da22aa5fc71eb7cd18d0b3269ff9bc0fb784a782 (patch) | |
| tree | 7ac290a1017d785d520396e1c97c8ea00ebcdefa /src/lib/protocols | |
| parent | adfe6b763c2b8063cc64df91d4bede08cfbb3984 (diff) | |
Added NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_TLS_CERTIFICATE_MISMATCH, to ndpi_risk
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/http.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 19 |
2 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 5f62d730f..e050a69a8 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -127,7 +127,6 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo for (int i = 0; binary_file_ext[i] != NULL; i++) { if (ndpi_strncasestr((const char*)&packet->content_disposition_line.ptr[attachment_len], binary_file_ext[i], filename_len)) { - printf("got %s\n", binary_file_ext[i]); flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT; NDPI_SET_BIT_16(flow->risk, NDPI_BINARY_APPLICATION_TRANSFER); NDPI_LOG_INFO(ndpi_struct, "found executable HTTP transfer"); diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index efa86a18e..327f7dc15 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -373,11 +373,17 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi #endif } } + + if((flow->packet.tick_timestamp < flow->protos.stun_ssl.ssl.notBefore) + || (flow->packet.tick_timestamp > flow->protos.stun_ssl.ssl.notAfter)) + NDPI_SET_BIT_16(flow->risk, NDPI_TLS_CERTIFICATE_EXPIRED); /* Certificate expired */ } } } } else if((packet->payload[i] == 0x55) && (packet->payload[i+1] == 0x1d) && (packet->payload[i+2] == 0x11)) { /* Organization OID: 2.5.29.17 (subjectAltName) */ + u_int8_t matched_name = 0; + #ifdef DEBUG_TLS printf("******* [TLS] Found subjectAltName\n"); #endif @@ -409,9 +415,15 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi cleanupServerName(dNSName, len); #if DEBUG_TLS - printf("[TLS] dNSName %s\n", dNSName); + printf("[TLS] dNSName %s [%s]\n", dNSName, flow->protos.stun_ssl.ssl.client_requested_server_name); #endif - + if(matched_name == 0) { + if((dNSName[0] == '*') && strstr(flow->protos.stun_ssl.ssl.client_requested_server_name, &dNSName[1])) + matched_name = 1; + else if(strcmp(flow->protos.stun_ssl.ssl.client_requested_server_name, dNSName) == 0) + matched_name = 1; + } + if(flow->protos.stun_ssl.ssl.server_names == NULL) flow->protos.stun_ssl.ssl.server_names = ndpi_strdup(dNSName), flow->protos.stun_ssl.ssl.server_names_len = strlen(dNSName); @@ -446,6 +458,9 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi break; } } /* while */ + + if(!matched_name) + NDPI_SET_BIT_16(flow->risk, NDPI_TLS_CERTIFICATE_MISMATCH); /* Certificate mismatch */ } } |