From 58a9aff17cec2842b5d232eee5a39c0d58a01a75 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 26 Jan 2022 09:23:23 +0100
Subject: Added NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow risk

Added ndpi_set_tls_cert_expire_days() API call to modify the number of days for triggering the above alert that by default is set to 30 days
---
 src/lib/protocols/tls.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 0f12194f0..96ee3e6a2 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -471,9 +471,11 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 	      if((flow->protos.tls_quic.notAfter-flow->protos.tls_quic.notBefore) > TLS_THRESHOLD)
 		ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_CERT_VALIDITY_TOO_LONG); /* Certificate validity longer than 13 months */
 
-	    if((time_sec < flow->protos.tls_quic.notBefore)
-	       || (time_sec > flow->protos.tls_quic.notAfter))
+	    if((time_sec < flow->protos.tls_quic.notBefore) || (time_sec > flow->protos.tls_quic.notAfter))
 	      ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_CERTIFICATE_EXPIRED); /* Certificate expired */
+	    else if((time_sec > flow->protos.tls_quic.notBefore)
+		    && (time_sec > (flow->protos.tls_quic.notAfter - (ndpi_struct->tls_certificate_expire_in_x_days * 86400))))
+	      ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE); /* Certificate almost expired */
 	  }
 	}
       }
-- 
cgit v1.2.3