From 6c1317fa278be71fba8c01c492c223e95eb4ba03 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Fri, 26 Feb 2021 16:19:28 +0100
Subject: Added NDPI_MALICIOUS_SHA1 flow risk.

 * An external file which contains known malicious SSL certificate SHA-1 hashes
   can be loaded via ndpi_load_malicious_sha1_file(...)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/lib/ndpi_utils.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/lib/ndpi_utils.c')

diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 2fdaf34c6..d50e8ccae 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1766,6 +1766,9 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
   case NDPI_MALICIOUS_JA3:
     return("Possibly Malicious JA3 Fingerprint");
 
+  case NDPI_MALICIOUS_SHA1:
+    return("Possibly Malicious SSL Certificate SHA1 Fingerprint");
+
   default:
     snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);
-- 
cgit v1.2.3