5 files changed, 16 insertions, 9 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index c525346fa..03ab1df4a 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -3321,7 +3321,7 @@ static void dgaUnitTest() {
   };
   int i;
   NDPI_PROTOCOL_BITMASK all;
-  struct ndpi_detection_module_struct *ndpi_str =  ndpi_init_detection_module(ndpi_no_prefs);
+  struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(ndpi_no_prefs);
 
   assert(ndpi_str != NULL);
 
@@ -3338,7 +3338,6 @@ static void dgaUnitTest() {
   for(i=0; non_dga[i] != NULL; i++)
     assert(ndpi_check_dga_name(ndpi_str, NULL, (char*)non_dga[i]) == 0);
 
-
   ndpi_exit_detection_module(ndpi_str);
 }
 
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in
index 0fa02e3c7..e5d2ffad3 100644
--- a/src/include/ndpi_api.h.in
+++ b/src/include/ndpi_api.h.in
@@ -903,7 +903,9 @@ extern "C" {
   void ndpi_user_pwd_payload_copy(u_int8_t *dest, u_int dest_len, u_int offset,
 				  const u_int8_t *src, u_int src_len);
   u_char* ndpi_base64_decode(const u_char *src, size_t len, size_t *out_len);
-  char* ndpi_base64_encode(unsigned char const* bytes_to_encode, size_t in_len);
+  char* ndpi_base64_encode(unsigned char const* bytes_to_encode, size_t in_len); /* NOTE: caller MUST free the returned pointer */
+  void ndpi_string_sha1_hash(const uint8_t *message, size_t len, u_char *hash /* 20-bytes */);
+
   int ndpi_load_ipv4_ptree(struct ndpi_detection_module_struct *ndpi_str,
 			   const char *path, u_int16_t protocol_id);
   int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
diff --git a/src/lib/ndpi_community_id.c b/src/lib/ndpi_community_id.c
index 30519b59e..72f60c746 100644
--- a/src/lib/ndpi_community_id.c
+++ b/src/lib/ndpi_community_id.c
@@ -167,13 +167,15 @@ static int ndpi_community_id_peer_v4_is_less_than(u_int32_t ip1, u_int32_t ip2,
 
 static int ndpi_community_id_peer_v6_is_less_than(struct ndpi_in6_addr *ip1, struct ndpi_in6_addr *ip2, u_int16_t p1, u_int16_t p2) {
   int comp = memcmp(ip1, ip2, sizeof(struct ndpi_in6_addr));
+
   return comp < 0 || (comp == 0 && p1 < p2);
 }
 
 /* **************************************************** */
 
-static void ndpi_community_id_sha1_hash(const uint8_t *message, size_t len, u_char *hash /* 20-bytes */) {
+void ndpi_string_sha1_hash(const uint8_t *message, size_t len, u_char *hash /* 20-bytes */) {
   SHA1_CTX ctx;
+
   SHA1Init(&ctx);
   SHA1Update(&ctx, message, len);
   SHA1Final(hash, &ctx);
@@ -185,7 +187,8 @@ static void ndpi_community_id_sha1_hash(const uint8_t *message, size_t len, u_ch
 https://github.com/corelight/community-id-spec/blob/bda913f617389df07cdaa23606e11bbd318e265c/community-id.py#L285
 */
 static int ndpi_community_id_finalize_and_compute_hash(u_int8_t *comm_buf, u_int16_t off, u_int8_t l4_proto,
-             u_int16_t src_port, u_int16_t dst_port, char *hash_buf, u_int8_t hash_buf_len) {
+						       u_int16_t src_port, u_int16_t dst_port,
+						       char *hash_buf, u_int8_t hash_buf_len) {
   u_int8_t pad = 0;
   uint32_t hash[5];
   char *community_id;
@@ -209,12 +212,12 @@ static int ndpi_community_id_finalize_and_compute_hash(u_int8_t *comm_buf, u_int
   }
 
   /* Compute SHA1 */
-  ndpi_community_id_sha1_hash(comm_buf, off, (u_char*)hash);
+  ndpi_string_sha1_hash(comm_buf, off, (u_char*)hash);
 
   /* Base64 encoding */
   community_id = ndpi_base64_encode((u_int8_t*)hash, sizeof(hash));
 
-  if (community_id == NULL)
+  if(community_id == NULL)
     return -1;
 
 #if 0 /* Debug Info */
@@ -231,7 +234,7 @@ static int ndpi_community_id_finalize_and_compute_hash(u_int8_t *comm_buf, u_int
   printf("Base64: %s\n", community_id);
 #endif
 
-  if (hash_buf_len < 2 || hash_buf_len-2 < strlen(community_id)+1) {
+  if(hash_buf_len < 2 || hash_buf_len-2 < strlen(community_id)+1) {
     ndpi_free(community_id);
     return -1;
   }
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 9fc5d2d7f..0d2f5cf3c 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -874,6 +874,7 @@ u_char* ndpi_base64_decode(const u_char *src, size_t len, size_t *out_len) {
 
 /* ********************************** */
 
+/* NOTE: caller MUST free returned pointer */
 char* ndpi_base64_encode(unsigned char const* bytes_to_encode, size_t in_len) {
   size_t len = 0, ret_size;
   char *ret;
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 5cf2cac19..f96745dc6 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -316,7 +316,9 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 	printf("[TLS] %s() IssuerDN [%s]\n", __FUNCTION__, rdnSeqBuf);
 #endif
 
-	if(rdn_len) flow->protos.stun_ssl.ssl.issuerDN = ndpi_strdup(rdnSeqBuf);
+	if(rdn_len && (flow->protos.stun_ssl.ssl.issuerDN == NULL))
+	  flow->protos.stun_ssl.ssl.issuerDN = ndpi_strdup(rdnSeqBuf);
+	
 	rdn_len = 0; /* Reset buffer */
       }