}
/** \retval consumed bytes consumed or -1 on error */
-static int TlsDecodeHSCertificate(SSLState *ssl_state,
- const uint8_t * const initial_input,
- const uint32_t input_len)
+static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
+ const uint8_t *const initial_input, const uint32_t input_len)
{
const uint8_t *input = (uint8_t *)initial_input;
uint32_t err_code = 0;
goto invalid_cert;
/* only store fields from the first certificate in the chain */
- if (processed_len == 0 &&
- ssl_state->server_connp.cert0_subject == NULL &&
- ssl_state->server_connp.cert0_issuerdn == NULL &&
- ssl_state->server_connp.cert0_serial == NULL)
- {
+ if (processed_len == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
+ connp->cert0_serial == NULL) {
int64_t not_before, not_after;
x509 = rs_x509_decode(input, cert_len, &err_code);
err_code = ERR_EXTRACT_SUBJECT;
goto error;
}
- ssl_state->server_connp.cert0_subject = str;
+ connp->cert0_subject = str;
str = rs_x509_get_issuer(x509);
if (str == NULL) {
err_code = ERR_EXTRACT_ISSUER;
goto error;
}
- ssl_state->server_connp.cert0_issuerdn = str;
+ connp->cert0_issuerdn = str;
str = rs_x509_get_serial(x509);
if (str == NULL) {
err_code = ERR_INVALID_SERIAL;
goto error;
}
- ssl_state->server_connp.cert0_serial = str;
+ connp->cert0_serial = str;
rc = rs_x509_get_validity(x509, ¬_before, ¬_after);
if (rc != 0) {
err_code = ERR_EXTRACT_VALIDITY;
goto error;
}
- ssl_state->server_connp.cert0_not_before = (time_t)not_before;
- ssl_state->server_connp.cert0_not_after = (time_t)not_after;
+ connp->cert0_not_before = (time_t)not_before;
+ connp->cert0_not_after = (time_t)not_after;
rs_x509_free(x509);
x509 = NULL;
}
#endif
-static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state,
- const uint8_t * const initial_input,
- const uint32_t input_len)
+static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
+ const uint8_t *const initial_input, const uint32_t input_len)
{
- int rc = TlsDecodeHSCertificate(ssl_state, initial_input, input_len);
+ int rc = TlsDecodeHSCertificate(ssl_state, connp, initial_input, input_len);
SCLogDebug("rc %d", rc);
if (rc > 0) {
DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
- SSLParserHSReset(ssl_state->curr_connp);
+ SSLParserHSReset(connp);
} else if (rc < 0) {
SCLogDebug("error parsing cert, reset state");
- SSLParserHSReset(ssl_state->curr_connp);
+ SSLParserHSReset(connp);
/* fall through to still consume the cert bytes */
}
return input_len;
break;
}
- rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
- initial_input, input_len);
+ rc = SSLv3ParseHandshakeTypeCertificate(
+ ssl_state, &ssl_state->server_connp, initial_input, input_len);
if (rc < 0)
return rc;
break;
projects / thirdparty / suricata.git / commitdiff
