Added fix for invalid SNI check when SNI is missing

author: Luca Deri <deri@ntop.org> 2020-10-02 21:26:43 +0200
committer: Luca Deri <deri@ntop.org> 2020-10-02 21:26:43 +0200
commit: addc7758113dc4ef7fd916e73eceac30bce6a4ae (patch)
tree: a217926ad1b4d7ed061630f52ca8a62db3172ec4 /src/lib
parent: b68a3707f678e648567ea95a223825f2553d6673 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index dc54a7964..5b572cae9 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -439,7 +439,9 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 		  printf("[TLS] dNSName %s [%s]\n", dNSName, flow->protos.stun_ssl.ssl.client_requested_server_name);
 #endif
 		  if(matched_name == 0) {
-		    if((dNSName[0] == '*') && strstr(flow->protos.stun_ssl.ssl.client_requested_server_name, &dNSName[1]))
+		    if(flow->protos.stun_ssl.ssl.client_requested_server_name[0] == '\0')
+		      matched_name = 1;	/* No SNI */
+		    else if((dNSName[0] == '*') && strstr(flow->protos.stun_ssl.ssl.client_requested_server_name, &dNSName[1]))
 		      matched_name = 1;
 		    else if(strcmp(flow->protos.stun_ssl.ssl.client_requested_server_name, dNSName) == 0)
 		      matched_name = 1;
author	Luca Deri <deri@ntop.org>	2020-10-02 21:26:43 +0200
committer	Luca Deri <deri@ntop.org>	2020-10-02 21:26:43 +0200
commit	addc7758113dc4ef7fd916e73eceac30bce6a4ae (patch)
tree	a217926ad1b4d7ed061630f52ca8a62db3172ec4 /src/lib
parent	b68a3707f678e648567ea95a223825f2553d6673 (diff)