TLS certificate hash is not reported

3 files changed, 13 insertions, 5 deletions

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 0f3aee9f2..cb790ad40 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -612,6 +612,7 @@ struct ndpi_flow_tcp_struct {
     tls_srv_cert_fingerprint_processed:1,
     tls_stage:2, _pad:1; // 0 - 5
   int16_t tls_record_offset, tls_fingerprint_len; /* Need to be signed */
+  u_int8_t tls_sha1_certificate_fingerprint[20];
   
   /* NDPI_PROTOCOL_POSTGRES */
   u_int32_t postgres_stage:3;
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index b485fe631..8eb9f2260 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6119,6 +6119,10 @@ void ndpi_free_flow(struct ndpi_flow_struct *flow) {
   if(flow) {
     if(flow->http.url)          ndpi_free(flow->http.url);
     if(flow->http.content_type) ndpi_free(flow->http.content_type);
+
+    if(flow->l4.tcp.tls_srv_cert_fingerprint_ctx)
+      ndpi_free(flow->l4.tcp.tls_srv_cert_fingerprint_ctx);
+
     ndpi_free(flow);
   }
 }
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index a6d510160..f5957b1ba 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -710,7 +710,6 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct
     return(0); /* We're good */
   
   if(flow->l4.tcp.tls_fingerprint_len > 0) {
-    unsigned char sha1[20];
     unsigned int i, avail = packet->payload_packet_len - flow->l4.tcp.tls_record_offset;
 
     if(avail > flow->l4.tcp.tls_fingerprint_len)
@@ -738,12 +737,12 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct
     flow->l4.tcp.tls_fingerprint_len -= avail;
       
     if(flow->l4.tcp.tls_fingerprint_len == 0) {
-      SHA1Final(sha1, flow->l4.tcp.tls_srv_cert_fingerprint_ctx);
+      SHA1Final(flow->l4.tcp.tls_sha1_certificate_fingerprint, flow->l4.tcp.tls_srv_cert_fingerprint_ctx);
 
 #ifdef DEBUG_TLS
       printf("=>> [TLS] SHA-1: ");
       for(i=0;i<20;i++)
-	printf("%s%02X", (i > 0) ? ":" : "", sha1[i]);
+	printf("%s%02X", (i > 0) ? ":" : "", flow->l4.tcp.tls_sha1_certificate_fingerprint[i]);
       printf("\n");
 #endif
       
@@ -772,8 +771,12 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct
 #ifdef DEBUG_TLS
     printf("=>> [TLS] Certificate found\n");
 #endif
-    flow->l4.tcp.tls_srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX));
-    
+
+    if(flow->l4.tcp.tls_srv_cert_fingerprint_ctx == NULL)
+      flow->l4.tcp.tls_srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX));
+    else
+      printf("[TLS] Internal error: double allocation\n:");
+
     if(flow->l4.tcp.tls_srv_cert_fingerprint_ctx) {
       SHA1Init(flow->l4.tcp.tls_srv_cert_fingerprint_ctx);
       flow->l4.tcp.tls_srv_cert_fingerprint_found = 1;