aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect-tls: make check on fingerprint directional

Browse Source
pull/2302/head
Jason Ish 9 years ago committed by Victor Julien
parent 44c846f2f8
commit 1f4725fcab
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File

13
src/detect-tls.c
Unescape Escape View File

@ -653,13 +653,20 @@ static int DetectTlsFingerprintMatch (ThreadVars *t, DetectEngineThreadCtx *det_
int ret = 0;
if (ssl_state->server_connp.cert0_fingerprint != NULL) {
SSLStateConnp *connp = NULL;
if (flags & STREAM_TOSERVER) {
connp = &ssl_state->client_connp;
} else {
connp = &ssl_state->server_connp;
}
if (connp->cert0_fingerprint != NULL) {
SCLogDebug("TLS: Fingerprint is [%s], looking for [%s]\n",
ssl_state->server_connp.cert0_fingerprint,
connp->cert0_fingerprint,
tls_data->fingerprint);
if (tls_data->fingerprint &&
(strstr(ssl_state->server_connp.cert0_fingerprint,
(strstr(connp->cert0_fingerprint,
tls_data->fingerprint) != NULL)) {
if (tls_data->flags & DETECT_CONTENT_NEGATED) {
ret = 0;

Write Preview
Loading…
Cancel
Save