From: Jason Ish <ish@unx.ca>
Date: Tue, 27 Sep 2016 15:38:42 +0000 (-0600)
Subject: detect-tls: make check on fingerprint directional
X-Git-Tag: suricata-3.2beta1~273
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1f4725fcaba4ecd2e68f032a5056377d538a0519;p=thirdparty%2Fsuricata.git

detect-tls: make check on fingerprint directional
---

diff --git a/src/detect-tls.c b/src/detect-tls.c
index 6a0830a3de..f61265957a 100644
--- a/src/detect-tls.c
+++ b/src/detect-tls.c
@@ -653,13 +653,20 @@ static int DetectTlsFingerprintMatch (ThreadVars *t, DetectEngineThreadCtx *det_
 
     int ret = 0;
 
-    if (ssl_state->server_connp.cert0_fingerprint != NULL) {
+    SSLStateConnp *connp = NULL;
+    if (flags & STREAM_TOSERVER) {
+        connp = &ssl_state->client_connp;
+    } else {
+        connp = &ssl_state->server_connp;
+    }
+
+    if (connp->cert0_fingerprint != NULL) {
         SCLogDebug("TLS: Fingerprint is [%s], looking for [%s]\n",
-                   ssl_state->server_connp.cert0_fingerprint,
+                   connp->cert0_fingerprint,
                    tls_data->fingerprint);
 
         if (tls_data->fingerprint &&
-            (strstr(ssl_state->server_connp.cert0_fingerprint,
+            (strstr(connp->cert0_fingerprint,
                     tls_data->fingerprint) != NULL)) {
             if (tls_data->flags & DETECT_CONTENT_NEGATED) {
                 ret = 0;