From f97be61e8b46663254425f99a944c36392227f0b Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Mon, 20 May 2019 15:32:50 +0200
Subject: Fixed JA3 decoding Made ndpi_process_extra_packet() optional

---
 src/lib/ndpi_main.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'src/lib/ndpi_main.c')

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 6561bf1b9..737124697 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4650,9 +4650,24 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
   flow->num_processed_pkts++;
 
   if(flow->server_id == NULL) flow->server_id = dst; /* Default */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN)
-    goto ret_protocols;
-
+  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
+    /*
+      With SSL we might want to dissect further packets to decode
+      the certificate type for instance 
+    */
+    if(flow->check_extra_packets
+       /*
+	 && ((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL)
+	 || (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_SSL))
+       */
+       ) {
+      ndpi_process_extra_packet(ndpi_struct, flow, packet, packetlen, current_tick_l, src, dst);
+      ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0];
+      return(ret);
+    } else
+      goto ret_protocols;
+  }
+  
   /* need at least 20 bytes for ip header */
   if(packetlen < 20) {
     /* reset protocol which is normally done in init_packet_header */
-- 
cgit v1.2.3