[Oisf-devel] [PATCH 2/3] TLS handshake: decode the SERVER_CERTIFICATE message
Pierre Chifflier
pierre.chifflier at ssi.gouv.fr
Fri Nov 4 12:05:25 UTC 2011
On 11/01/2011 09:37 AM, Victor Julien wrote:
> On 10/25/2011 02:10 PM, Pierre Chifflier wrote:
>> Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
>> certificates and keep the subject name.
>> Add the tls.subject keyword for substring match in rules (TLS layer).
>>
>> Signed-off-by: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
>> ---
>> src/Makefile.am | 2 +
>> src/app-layer-ssl.c | 38 ++++++-
>> src/app-layer-ssl.h | 8 ++
>> src/decode-tls-handshake.c | 90 +++++++++++++++
>> src/decode-tls-handshake.h | 31 +++++
>
> These files should either be named "util-decode-tls-handshake.*" or
> "app-layer-tls-handshake.*".
>
> the "decode-" prefix is reserved for the packet decoders, and the tls
> decoders don't run on packets but on the reassembled stream.
I suppose you are only refering to the 2 last files only. They really
work on reassembled packets(TLS records), the stream is reassembled in
src/app-layer-ssl.c
Since I would like to propose a rename of some files (in a later patch),
it would be nice to use the same convention. What do you think of using:
src/decode-tls-handshake.c => src/app-layer-tls-handshake.c
src/decode-tls-handshake.h => src/app-layer-tls-handshake.h
and then in another patch:
src/app-layer-ssl.c => src/app-layer-tls.c
src/app-layer-ssl.h => src/app-layer-tls.h
?
>
>> + tls->subject = strdup(tmp_str);
>
> Please use SCStrdup here.
>
Fixed.
Pierre
More information about the Oisf-devel
mailing list