tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event.

13 years ago · e3764b90c3
parent f08fc8d7c5
commit e3764b90c3
4 changed files with 7 additions and 3 deletions
--- a/rules/tls-events.rules
+++ b/rules/tls-events.rules
@ -15,4 +15,7 @@ alert tls any any -> any any (msg:"SURICATA TLS certificate missing element"; fl
 alert tls any any -> any any (msg:"SURICATA TLS certificate unknown element"; flow:established; app-layer-event:tls.certificate_unknown_element; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230006; rev:1;)
 alert tls any any -> any any (msg:"SURICATA TLS certificate invalid length"; flow:established; app-layer-event:tls.certificate_invalid_length; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230007; rev:1;)
 alert tls any any -> any any (msg:"SURICATA TLS certificate invalid string"; flow:established; app-layer-event:tls.certificate_invalid_string; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230008; rev:1;)
+alert tls any any -> any any (msg:"SURICATA TLS error message encountered"; flow:established; app-layer-event:tls.error_message_encountered; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230009; rev:1;)
+
+#next sid is 2230010

--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@ -65,6 +65,7 @@ SCEnumCharMap tls_decoder_event_table[ ] = {
    { "CERTIFICATE_UNKNOWN_ELEMENT", TLS_DECODER_EVENT_CERTIFICATE_UNKNOWN_ELEMENT },
    { "CERTIFICATE_INVALID_LENGTH",  TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
    { "CERTIFICATE_INVALID_STRING",  TLS_DECODER_EVENT_CERTIFICATE_INVALID_STRING },
+    { "ERROR_MESSAGE_ENCOUNTERED",   TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
    { NULL,                          -1 },
 };

--- a/src/detect-ssl-version.c
+++ b/src/detect-ssl-version.c
@ -138,7 +138,7 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
        ver = app_state->server_connp.version;
    } else if (flags & STREAM_TOSERVER) {
        SCLogDebug("client (toserver) version is 0x%02X",
-                   app_state->client_connp.ersion);
+                   app_state->client_connp.version);
        ver = app_state->client_connp.version;
    }

--- a/src/detect-tls-version.c
+++ b/src/detect-tls-version.c
@ -126,11 +126,11 @@ int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *
    SCLogDebug("looking for tls_data->ver 0x%02X (flags 0x%02X)", tls_data->ver, flags);

    if (flags & STREAM_TOCLIENT) {
-        SCLogDebug("server (toclient) version is 0x%02X", ssl_state->server_version);
+        SCLogDebug("server (toclient) version is 0x%02X", ssl_state->server_connp.version);
        if (tls_data->ver == ssl_state->server_connp.version)
            ret = 1;
    } else if (flags & STREAM_TOSERVER) {
-        SCLogDebug("client (toserver) version is 0x%02X", ssl_state->client_version);
+        SCLogDebug("client (toserver) version is 0x%02X", ssl_state->client_connp.version);
        if (tls_data->ver == ssl_state->client_connp.version)
            ret = 1;
    }