[Oisf-devel] [PATCH 2/3] TLS handshake: decode the SERVER_CERTIFICATE message

[Victor Julien]

On 11/04/2011 01:05 PM, Pierre Chifflier wrote:
> On 11/01/2011 09:37 AM, Victor Julien wrote:
>> On 10/25/2011 02:10 PM, Pierre Chifflier wrote:
>>> Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
>>> certificates and keep the subject name.
>>> Add the tls.subject keyword for substring match in rules (TLS layer).
>>>
>>> Signed-off-by: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
>>> ---
>>>  src/Makefile.am            |    2 +
>>>  src/app-layer-ssl.c        |   38 ++++++-
>>>  src/app-layer-ssl.h        |    8 ++
>>>  src/decode-tls-handshake.c |   90 +++++++++++++++
>>>  src/decode-tls-handshake.h |   31 +++++
>>
>> These files should either be named "util-decode-tls-handshake.*" or
>> "app-layer-tls-handshake.*".
>>
>> the "decode-" prefix is reserved for the packet decoders, and the tls
>> decoders don't run on packets but on the reassembled stream.
> 
> I suppose you are only refering to the 2 last files only. They really
> work on reassembled packets(TLS records), the stream is reassembled in
> src/app-layer-ssl.c
> 
> Since I would like to propose a rename of some files (in a later patch),
> it would be nice to use the same convention. What do you think of using:
> src/decode-tls-handshake.c => src/app-layer-tls-handshake.c
> src/decode-tls-handshake.h => src/app-layer-tls-handshake.h
> 
> and then in another patch:
> src/app-layer-ssl.c => src/app-layer-tls.c
> src/app-layer-ssl.h => src/app-layer-tls.h

These names make sense to me, ya. I probably won't apply this before the
file renames, so you might as well rename them right away. Patch 1
adding files that are removed by patch 2 seem a bit pointless :)

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------