Pierre Chifflier
d866f38982
TLS: add variable to store the error code in the decoder
...
Use a variable to store the decoding error code if required, and remove
the calls to SCLogInfo and SCLogDebug.
14 years ago
Pierre Chifflier
3df341dbeb
Add TLS decode events
14 years ago
Pierre Chifflier
8457ce3b11
TLS app layer: rewrite decoder to handle multiple messages in records
...
Since we now parse the content of the TLS messages, we need to handle
the case multiple messages are shipped in a single TLS record, and
taking care of the multiple levels of fragmentation (message, record,
and TCP).
Additionally, fix a bug where the parser state was not reset after an
empty record.
14 years ago
Pierre Chifflier
4bb5e2a79d
TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message.
...
Change the function to return the number of bytes processed, and fix a bug
where the input buffer was wrong.
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Eric Leblond
38c213cb84
tls app layer: add missing free
...
issuerdn was not freed at exit.
14 years ago
Pierre Chifflier
53e5421a24
TLS handshake: get TLS ciphersuite and compression
...
Decode the SERVER_HELLO message to extract the ciphersuite and compression
chosen by the server.
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Pierre Chifflier
4be65fd016
TLS handshake: decode the SERVER_CERTIFICATE message
...
Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
certificates and keep the subject name.
Add the tls.subject keyword for substring match in rules (TLS layer).
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Anoop Saldanha
109662450d
Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs
14 years ago
Nikolay Denev
139768dd58
Do not use underscored config vars internally.
14 years ago
Anoop Saldanha
420befb180
Changed my email address to anoopsaldanha at gmail dot com from my current one
14 years ago
Anoop Saldanha
9a6aef459e
modify all relevant app layer API calls to accomodate passing parser local storage argument
14 years ago
Victor Julien
06904c9024
App Layer cleanup
...
Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate.
Various cleanups and dead code removal from the app layer API.
Should safe 100+ bytes memory per flow on 64 bit.
Updated lots of unittests to reflect these changes.
14 years ago
Anoop Saldanha
4650bf7170
minor code cleanup. remove commented out code
14 years ago
Anoop Saldanha
78e6a7f713
enable toclient alproto detection. Detection all current alproto toclient PMP patterns
14 years ago
Victor Julien
0cc9f39200
Move TlsConfig structure out of app-layer-protos.h and rename it to SslConfig.
14 years ago
Anoop Saldanha
000ce98cd1
push all proto detection code into their respective app parser register functions for every alproto
14 years ago
Anoop Saldanha
1f7e4bada1
add tls.no_reassemble use for sslv2 which we missed previously. Also some cleanup
15 years ago
Victor Julien
71d0eabdec
Add a few extra safety checks in new SSL code.
15 years ago
Anoop Saldanha
013d3aea1c
update ssl parser test. Some minor indentation changes
15 years ago
Anoop Saldanha
7a2046328c
some naming changes in ssl parser and ssl related keywords
15 years ago
Anoop Saldanha
b639718787
replace the contents of app-layer-ssl.[ch] with the contents from app-layer-tls.[ch]
15 years ago
Anoop Saldanha
4e8de99dcd
tls/ssl parser modifications/fixes. We now have just one file doing all the ssl parsing stuff, i.e. app-layer-tls.[ch], instead of app-layer-ssl.[ch] and app-layer-tls.[ch]
15 years ago
Victor Julien
1681705e62
Don't print errors/warnings based on malformed traffic.
15 years ago
Gurvinder Singh
8f8b1212af
support for ssl_version keyword
15 years ago
Victor Julien
ef27234959
Comment out broken SSLParserTest03 test.
15 years ago
Pablo Rincon
8f9bcef0e2
This patch for app-layer-ssl fix the bug #198 (SSLParserTest01). It seems that with -O2 and -O3, the compiler doesn't handle the initialization correctly (weird..)
15 years ago
William Metcalf
0e4235cc94
FLOW_DESTROY added to clean-up UT's that init flow
15 years ago
Pablo Rincon
8cc525c939
UDP support at AppLayer message handling
15 years ago
William Metcalf
cc76aa4bc6
properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks
15 years ago
Victor Julien
10a3d7343d
Remove unnecessary header inclusion in app layer ssl.
15 years ago
Victor Julien
98c3f0149c
Improve SSL input validation.
15 years ago
Gurvinder Singh
5fe1dc1d24
support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling
15 years ago