]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 814e162)
tlslog: don't log as "resumed" without ServerHello 3488/head
authorMats Klepsland <mats.klepsland@gmail.com>
Fri, 21 Sep 2018 06:03:26 +0000 (08:03 +0200)
committerMats Klepsland <mats.klepsland@gmail.com>
Fri, 21 Sep 2018 06:08:39 +0000 (08:08 +0200)
Don't log a session as "resumed" if a ServerHello record has not been
seen. This makes sure that incomplete TLS sessions where the ClientHello
contains a session ticket, is not logged as a session resumption.

src/log-tlslog.c patch | blob | blame | history

diff --git a/src/log-tlslog.c b/src/log-tlslog.c
index 9ee272611c618566e8adf23effb0be840c3c3857..b9518aeaf1f581875dcab597170f97067ec2fc43 100644 (file)
--- a/src/log-tlslog.c
+++ b/src/log-tlslog.c
@@ -475,6 +475,7 @@ static int LogTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,
                been seen. */
             if ((ssl_state->server_connp.cert0_issuerdn == NULL) &&
                     (ssl_state->server_connp.cert0_subject == NULL) &&
+                    (ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
                     ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0)) {
                 MemBufferWriteString(aft->buffer, " Session='resumed'");
             }
Mirror of https://github.com/OISF/suricata.git