From 5da363cbde633138ccb97e3d209ede9c6c333a54 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 28 May 2019 23:35:49 +0200 Subject: Fixed MySQL dissector SSL dissector now reports the protocol version Fixed bug in ndpiReader that ivalidates in some cases the protocl dissection and used to slow down the dissection --- src/lib/protocols/ssl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/lib/protocols/ssl.c') diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 1f51ab4b6..eee31e94b 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -356,7 +356,6 @@ struct ja3_info { /* **************************************** */ - /* code fixes courtesy of Alexsandro Brahm */ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, @@ -369,11 +368,13 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, MD5_CTX ctx; u_char md5_hash[16]; + flow->protos.stun_ssl.ssl.ssl_version = ssl_version; + memset(&ja3, 0, sizeof(ja3)); #ifdef CERTIFICATE_DEBUG { - u_int16_t ssl_len = (packet->payload[3] << 8) + packet->payload[4]; + u_int16_t ssl_len = (packet->payload[3] << 8) + packet->payload[4]; printf("SSL Record [version: %u][len: %u]\n", ssl_version, ssl_len); } -- cgit v1.2.3