From 10f5e6cb66a3fd8faa735eeddd307ef3b3f2bba4 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Tue, 23 Aug 2022 11:31:08 +0200
Subject: [PATCH] tls: prepare for client cert parsing

---
 src/app-layer-ssl.c | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 5c9c7b0983..41aab58629 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -462,29 +462,26 @@ static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
     }
 }
 
-static inline int TlsDecodeHSCertificateFingerprint(SSLState *ssl_state,
-                                                    const uint8_t *input,
-                                                    uint32_t cert_len)
+static inline int TlsDecodeHSCertificateFingerprint(
+        SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
 {
-    if (unlikely(ssl_state->server_connp.cert0_fingerprint != NULL))
+    if (unlikely(connp->cert0_fingerprint != NULL))
         return 0;
 
-    ssl_state->server_connp.cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH *
-                                                         sizeof(char));
-    if (ssl_state->server_connp.cert0_fingerprint == NULL)
+    connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH * sizeof(char));
+    if (connp->cert0_fingerprint == NULL)
         return -1;
 
     uint8_t hash[SC_SHA1_LEN];
     if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
-        rs_to_hex_sep((uint8_t *)ssl_state->server_connp.cert0_fingerprint, SHA1_STRING_LENGTH, ':',
-                hash, SC_SHA1_LEN);
+        rs_to_hex_sep(
+                (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
     }
     return 0;
 }
 
-static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,
-                                                       const uint8_t *input,
-                                                       uint32_t cert_len)
+static inline int TlsDecodeHSCertificateAddCertToChain(
+        SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
 {
     SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
     if (cert == NULL)
@@ -492,7 +489,7 @@ static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,
 
     cert->cert_data = (uint8_t *)input;
     cert->cert_len = cert_len;
-    TAILQ_INSERT_TAIL(&ssl_state->server_connp.certs, cert, next);
+    TAILQ_INSERT_TAIL(&connp->certs, cert, next);
 
     return 0;
 }
@@ -573,14 +570,14 @@ static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
             rs_x509_free(x509);
             x509 = NULL;
 
-            rc = TlsDecodeHSCertificateFingerprint(ssl_state, input, cert_len);
+            rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
             if (rc != 0) {
                 SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
                 goto error;
             }
         }
 
-        rc = TlsDecodeHSCertificateAddCertToChain(ssl_state, input, cert_len);
+        rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
         if (rc != 0) {
             SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
             goto error;