diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_utils.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index bcdcbb9c6..1f8e68937 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1432,6 +1432,12 @@ const char* ndpi_risk2str(ndpi_risk risk) { case NDPI_TLS_WEAK_CIPHER: return("Weak TLS cipher"); + case NDPI_TLS_CERTIFICATE_EXPIRED: + return("TLS Expired Certificate"); + + case NDPI_TLS_CERTIFICATE_MISMATCH: + return("TLS Certificate Mismatch"); + default: return(""); } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 5f62d730f..e050a69a8 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -127,7 +127,6 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo for (int i = 0; binary_file_ext[i] != NULL; i++) { if (ndpi_strncasestr((const char*)&packet->content_disposition_line.ptr[attachment_len], binary_file_ext[i], filename_len)) { - printf("got %s\n", binary_file_ext[i]); flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT; NDPI_SET_BIT_16(flow->risk, NDPI_BINARY_APPLICATION_TRANSFER); NDPI_LOG_INFO(ndpi_struct, "found executable HTTP transfer"); diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index efa86a18e..327f7dc15 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -373,11 +373,17 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi #endif } } + + if((flow->packet.tick_timestamp < flow->protos.stun_ssl.ssl.notBefore) + || (flow->packet.tick_timestamp > flow->protos.stun_ssl.ssl.notAfter)) + NDPI_SET_BIT_16(flow->risk, NDPI_TLS_CERTIFICATE_EXPIRED); /* Certificate expired */ } } } } else if((packet->payload[i] == 0x55) && (packet->payload[i+1] == 0x1d) && (packet->payload[i+2] == 0x11)) { /* Organization OID: 2.5.29.17 (subjectAltName) */ + u_int8_t matched_name = 0; + #ifdef DEBUG_TLS printf("******* [TLS] Found subjectAltName\n"); #endif @@ -409,9 +415,15 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi cleanupServerName(dNSName, len); #if DEBUG_TLS - printf("[TLS] dNSName %s\n", dNSName); + printf("[TLS] dNSName %s [%s]\n", dNSName, flow->protos.stun_ssl.ssl.client_requested_server_name); #endif - + if(matched_name == 0) { + if((dNSName[0] == '*') && strstr(flow->protos.stun_ssl.ssl.client_requested_server_name, &dNSName[1])) + matched_name = 1; + else if(strcmp(flow->protos.stun_ssl.ssl.client_requested_server_name, dNSName) == 0) + matched_name = 1; + } + if(flow->protos.stun_ssl.ssl.server_names == NULL) flow->protos.stun_ssl.ssl.server_names = ndpi_strdup(dNSName), flow->protos.stun_ssl.ssl.server_names_len = strlen(dNSName); @@ -446,6 +458,9 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi break; } } /* while */ + + if(!matched_name) + NDPI_SET_BIT_16(flow->risk, NDPI_TLS_CERTIFICATE_MISMATCH); /* Certificate mismatch */ } } |