tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered...

diff --git a/rules/tls-events.rules b/rules/tls-events.rules
index 86815e31c2873c1c03304a456bb19aafee933b53..273edadfcffcda08ebdb3b86e7f297c8d1598198 100644 (file)
--- a/rules/tls-events.rules
+++ b/rules/tls-events.rules
@@ -15,4 +15,7 @@ alert tls any any -> any any (msg:"SURICATA TLS certificate missing element"; fl
 alert tls any any -> any any (msg:"SURICATA TLS certificate unknown element"; flow:established; app-layer-event:tls.certificate_unknown_element; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230006; rev:1;)
 alert tls any any -> any any (msg:"SURICATA TLS certificate invalid length"; flow:established; app-layer-event:tls.certificate_invalid_length; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230007; rev:1;)
 alert tls any any -> any any (msg:"SURICATA TLS certificate invalid string"; flow:established; app-layer-event:tls.certificate_invalid_string; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230008; rev:1;)
+alert tls any any -> any any (msg:"SURICATA TLS error message encountered"; flow:established; app-layer-event:tls.error_message_encountered; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230009; rev:1;)
+
+#next sid is 2230010
 

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index c0b70d5308cea04ff2429291f614569c7729c877..f8012c32e233b1e885d0114a60a34c36a3a3ca22 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -65,6 +65,7 @@ SCEnumCharMap tls_decoder_event_table[ ] = {
     { "CERTIFICATE_UNKNOWN_ELEMENT", TLS_DECODER_EVENT_CERTIFICATE_UNKNOWN_ELEMENT },
     { "CERTIFICATE_INVALID_LENGTH",  TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
     { "CERTIFICATE_INVALID_STRING",  TLS_DECODER_EVENT_CERTIFICATE_INVALID_STRING },
+    { "ERROR_MESSAGE_ENCOUNTERED",   TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
     { NULL,                          -1 },
 };
 

diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c
index f2d33eb6f949b8458fec0f017016d6f2cb2c70a8..292c345cfd472e6ad3b3590ec1c486feaa6d33cb 100644 (file)
--- a/src/detect-ssl-version.c
+++ b/src/detect-ssl-version.c
@@ -138,7 +138,7 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
         ver = app_state->server_connp.version;
     } else if (flags & STREAM_TOSERVER) {
         SCLogDebug("client (toserver) version is 0x%02X",
-                   app_state->client_connp.ersion);
+                   app_state->client_connp.version);
         ver = app_state->client_connp.version;
     }
 

diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c
index b36986740bb730b2716f843fd6d2ff901ef124da..b356bfdeae22b51dcce922391535ae0e3041d716 100644 (file)
--- a/src/detect-tls-version.c
+++ b/src/detect-tls-version.c
@@ -126,11 +126,11 @@ int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *
     SCLogDebug("looking for tls_data->ver 0x%02X (flags 0x%02X)", tls_data->ver, flags);
 
     if (flags & STREAM_TOCLIENT) {
-        SCLogDebug("server (toclient) version is 0x%02X", ssl_state->server_version);
+        SCLogDebug("server (toclient) version is 0x%02X", ssl_state->server_connp.version);
         if (tls_data->ver == ssl_state->server_connp.version)
             ret = 1;
     } else if (flags & STREAM_TOSERVER) {
-        SCLogDebug("client (toserver) version is 0x%02X", ssl_state->client_version);
+        SCLogDebug("client (toserver) version is 0x%02X", ssl_state->client_connp.version);
         if (tls_data->ver == ssl_state->client_connp.version)
             ret = 1;
     }