From 11e9fd8cef7a1f70db9f864206a6ac9980ee100e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 15 Sep 2019 12:18:24 +0200 Subject: As TLS certificate fingerprint is computed, TLS without certificate protocol has been removed Various improvemenets in detection quality --- example/ndpiReader.c | 3 ++- example/reader_util.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 782e62fb8..01e0864cc 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1111,7 +1111,8 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa print_cipher(flow->ssh_tls.server_unsafe_cipher)); if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[Organization: %s]", flow->ssh_tls.server_organization); - if(flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) { + if((flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) + || (flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS)) { if((flow->ssh_tls.sha1_cert_fingerprint[0] == 0) && (flow->ssh_tls.sha1_cert_fingerprint[1] == 0) && (flow->ssh_tls.sha1_cert_fingerprint[2] == 0)) diff --git a/example/reader_util.c b/example/reader_util.c index 2564f4ffd..82251e85d 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1164,8 +1164,8 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if(enough_packets || (flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN)) { if((!enough_packets) && (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) - && (flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server[0] == '\0')) - ; /* Wait for JA3S certificate */ + && (!flow->ndpi_flow->l4.tcp.tls_srv_cert_fingerprint_processed)) + ; /* Wait for certificate fingerprint */ else { /* New protocol detected or give up */ flow->detection_completed = 1; -- cgit v1.2.3