[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0rc3-1-g9e03550

OISF Git noreply at openinfosecfoundation.org
Fri Mar 21 21:31:40 UTC 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  9e0355023033956f89b705592a15b237044cb534 (commit)
      from  03091dfbda16a55defbe4bc05334013a29223bbc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9e0355023033956f89b705592a15b237044cb534
Author: Eric Leblond <eric at regit.org>
Date:   Fri Mar 21 11:15:47 2014 +0100

    tls: fix problem with tls.store keyword
    Pierre Chifflier pointed out that a rule like:
     alert tls any any -> any any (msg:"TLS store"; tls.issuerdn:!"C=FR"; tls.store;)
    was alerting but not storing the certificate. If the filter was
     alert tls any any -> any any (msg:"TLS store"; tls.store;)
    then tls.store is working as expected.
    This was linked with fact that logging is only done once for a SSL
    state. So without filter, once we have the info we can log and we
    run the storage. But when there is a filter, we log and then there
    is a filter analysis and alerting. And as logging as already be done
    we don't enter in the logging function and there is no storage.
    This patch forces the entrance in the log function when there is a
    request for TLS storage. And it adds an exit in the logging function
    to only do the storage part if the TLS state has already being logged.


Summary of changes:
 src/log-tlslog.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)


More information about the Oisf-devel mailing list