From 473dae75b52f37aaad3358a790652ed01b98bd7e Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 21 Dec 2016 20:10:57 +0100
Subject: [PATCH] tls: introduce 'cert ready' state

---
 src/app-layer-ssl.c | 7 +++++++
 src/app-layer-ssl.h | 5 +++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 96c7cc863a..58f54feea6 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -235,6 +235,13 @@ int SSLGetAlstateProgress(void *tx, uint8_t direction)
         return TLS_HANDSHAKE_DONE;
     }
 
+    if (direction == STREAM_TOSERVER &&
+        (ssl_state->server_connp.cert0_subject != NULL ||
+         ssl_state->server_connp.cert0_issuerdn != NULL))
+    {
+        return TLS_STATE_CERT_READY;
+    }
+
     return TLS_STATE_IN_PROGRESS;
 }
 
diff --git a/src/app-layer-ssl.h b/src/app-layer-ssl.h
index 1a8a0a2ec2..d2279e2f2b 100644
--- a/src/app-layer-ssl.h
+++ b/src/app-layer-ssl.h
@@ -59,8 +59,9 @@ enum {
 
 enum {
     TLS_STATE_IN_PROGRESS = 0,
-    TLS_HANDSHAKE_DONE = 1,
-    TLS_STATE_FINISHED = 2
+    TLS_STATE_CERT_READY = 1,
+    TLS_HANDSHAKE_DONE = 2,
+    TLS_STATE_FINISHED = 3
 };
 
 /* Flag to indicate that server will now on send encrypted msgs */