From: Mats Klepsland Date: Fri, 16 Dec 2016 13:43:43 +0000 (+0100) Subject: tls: fix tls_cert_subject prefilter bug X-Git-Tag: suricata-3.2.1~91 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2462%2Fhead;p=thirdparty%2Fsuricata.git tls: fix tls_cert_subject prefilter bug If check in prefilter was checking that issuer was non-NULL, when it in fact should be checking subject. --- diff --git a/src/detect-engine-tls.c b/src/detect-engine-tls.c index 6adac0f8b8..8e216618b0 100644 --- a/src/detect-engine-tls.c +++ b/src/detect-engine-tls.c @@ -215,7 +215,7 @@ static void PrefilterTxTlsSubject(DetectEngineThreadCtx *det_ctx, const void *pe const MpmCtx *mpm_ctx = (MpmCtx *)pectx; SSLState *ssl_state = f->alstate; - if (ssl_state->server_connp.cert0_issuerdn == NULL) + if (ssl_state->server_connp.cert0_subject == NULL) return; const uint8_t *buffer = (const uint8_t *)ssl_state->server_connp.cert0_subject;