3 files changed, 14 insertions, 0 deletions

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index d1536c4da..4751c37ac 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -57,6 +57,7 @@ typedef enum {
   NDPI_URL_POSSIBLE_RCE_INJECTION,
   NDPI_BINARY_APPLICATION_TRANSFER,
   NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT,
+  NDPI_TLS_SELFSIGNED_CERTIFICATE,
 
   /* Leave this as last member */
   NDPI_MAX_RISK
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 4eec5d906..2fa21e220 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1410,14 +1410,22 @@ const char* ndpi_risk2str(ndpi_risk risk) {
   switch(risk) {
   case NDPI_URL_POSSIBLE_XSS:
     return("XSS attack");
+
   case NDPI_URL_POSSIBLE_SQL_INJECTION:
     return("SQL injection");
+
   case NDPI_URL_POSSIBLE_RCE_INJECTION:
     return("RCE injection");
+
   case NDPI_BINARY_APPLICATION_TRANSFER:
     return("Binary application transfer");
+
   case NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT:
     return("Known protocol on non standard port");
+
+  case NDPI_TLS_SELFSIGNED_CERTIFICATE:
+    return("Self-signed Certificate");
+    
   default:  
     return("");
   }
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 171d7c489..655d61ed6 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -450,6 +450,11 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
   }
 
   if(rdn_len) flow->protos.stun_ssl.ssl.subjectDN = strdup(rdnSeqBuf);
+
+  if(flow->protos.stun_ssl.ssl.subjectDN && flow->protos.stun_ssl.ssl.subjectDN
+     && (!strcmp(flow->protos.stun_ssl.ssl.subjectDN, flow->protos.stun_ssl.ssl.issuerDN)))
+    NDPI_SET_BIT_16(flow->risk, NDPI_TLS_SELFSIGNED_CERTIFICATE);
+      
 #if DEBUG_TLS
   printf("[TLS] %s() SubjectDN [%s]\n", __FUNCTION__, rdnSeqBuf);
 #endif