break;
}
+ case SSL_EXTENSION_SESSION_TICKET:
+ {
+ if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
+ ext_len != 0) {
+ /* This has to be verified later on by checking if a
+ certificate record has been sent by the server. */
+ ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
+ }
+
+ input += ext_len;
+
+ break;
+ }
+
default:
{
input += ext_len;
#define SSL_EXTENSION_SNI 0x0000
#define SSL_EXTENSION_ELLIPTIC_CURVES 0x000a
#define SSL_EXTENSION_EC_POINT_FORMATS 0x000b
+#define SSL_EXTENSION_SESSION_TICKET 0x0023
/* SNI types */
#define SSL_SNI_TYPE_HOST_NAME 0
ssl_state->server_connp.cert0_issuerdn);
}
if (ssl_state->flags & SSL_AL_FLAG_SESSION_RESUMED) {
- MemBufferWriteString(aft->buffer, " Session='resumed'");
+ /* Only log a session as 'resumed' if a certificate has not
+ been seen. */
+ if ((ssl_state->server_connp.cert0_issuerdn == NULL) &&
+ (ssl_state->server_connp.cert0_subject == NULL)) {
+ MemBufferWriteString(aft->buffer, " Session='resumed'");
+ }
}
if (hlog->flags & LOG_TLS_EXTENDED) {
static void JsonTlsLogSessionResumed(json_t *js, SSLState *ssl_state)
{
if (ssl_state->flags & SSL_AL_FLAG_SESSION_RESUMED) {
- json_object_set_new(js, "session_resumed", json_boolean(true));
+ /* Only log a session as 'resumed' if a certificate has not
+ been seen. */
+ if (ssl_state->server_connp.cert0_issuerdn == NULL &&
+ ssl_state->server_connp.cert0_subject == NULL) {
+ json_object_set_new(js, "session_resumed", json_boolean(true));
+ }
}
}
projects / people / ms / suricata.git / commitdiff
