2 files changed, 14 insertions, 3 deletions

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index f0b47b358..51681e60e 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1080,7 +1080,7 @@ struct ndpi_flow_struct {
 
     struct {
       struct {
-	char client_certificate[48], server_certificate[48];
+	char client_certificate[64], server_certificate[64];
       } ssl;
       
       struct {
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
index 59aedcb45..979d234b9 100644
--- a/src/lib/protocols/ssl.c
+++ b/src/lib/protocols/ssl.c
@@ -284,9 +284,18 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
 #endif
 		      
 		      if(extension_id == 0) {
-			u_int begin = 0,len;
+#if 1
+			u_int16_t len;
+
+			len = (packet->payload[offset+extension_offset+3] << 8) + packet->payload[offset+extension_offset+4];			
+			len = (u_int)ndpi_min(len, buffer_len-1);
+			strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len);
+			buffer[len] = '\0';			
+#else
+			/* old code */
+			u_int begin = 0;
 			char *server_name = (char*)&packet->payload[offset+extension_offset];
-
+			
 			while(begin < extension_len) {
 			  if((!ndpi_isprint(server_name[begin]))
 			     || ndpi_ispunct(server_name[begin])
@@ -299,6 +308,8 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
 			len = (u_int)ndpi_min(extension_len-begin, buffer_len-1);
 			strncpy(buffer, &server_name[begin], len);
 			buffer[len] = '\0';
+#endif
+			
 			stripCertificateTrailer(buffer, buffer_len);
 
 			if(!ndpi_struct->disable_metadata_export) {