Improved SSL certificate name wildcard handling and risk. #1182improved/tls-cert-wildcards

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/tests/pcap/ssl-cert-name-mismatch.pcap b/tests/pcap/ssl-cert-name-mismatch.pcap
new file mode 100644
index 000000000..9fa488c0a
--- /dev/null
+++ b/tests/pcap/ssl-cert-name-mismatch.pcap
diff --git a/tests/result/ssl-cert-name-mismatch.pcap.out b/tests/result/ssl-cert-name-mismatch.pcap.out
new file mode 100644
index 000000000..88fc96aad
--- /dev/null
+++ b/tests/result/ssl-cert-name-mismatch.pcap.out
@@ -0,0 +1,8 @@
+Google	21	5412	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 192.168.2.222            	 1      
+
+
+	1	TCP 192.168.2.222:54772 <-> 104.154.89.105:443 [proto: 91.126/TLS.Google][cat: Web/5][11 pkts/1136 bytes <-> 10 pkts/4276 bytes][Goodput ratio: 35/84][0.72 sec][ALPN: http/1.1][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/48 167/160 64/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/428 311/1474 70/548][Risk: ** TLS Certificate Mismatch **][TLSv1.2][Client: wrong.host.badssl.com][JA3C: 4e69e4e5627c5e4c2846ba3e64d23fb9][ServerNames: *.badssl.com,badssl.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com][Certificate SHA-1: 18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB][Validity: 2020-03-23 00:00:00 - 2022-05-17 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,12,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]