From: Mats Klepsland Date: Tue, 28 Aug 2018 20:46:26 +0000 (+0200) Subject: lua: add function 'TlsGetVersion' X-Git-Tag: suricata-4.1.0-rc2~86 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=04e78ace0a9e30170c0724bffa717564ab3e1d76;p=thirdparty%2Fsuricata.git lua: add function 'TlsGetVersion' Add another function to get TLS version, since 'TlsGetCertInfo' only works when a TLS session contains a clear text certificate, which is not the case in TLSv1.3 or when a session is resumed. --- diff --git a/src/util-lua-tls.c b/src/util-lua-tls.c index 32f851c66e..b87d5961dd 100644 --- a/src/util-lua-tls.c +++ b/src/util-lua-tls.c @@ -187,6 +187,37 @@ static int TlsGetCertInfo(lua_State *luastate) return r; } +static int GetAgreedVersion(lua_State *luastate, const Flow *f) +{ + void *state = FlowGetAppState(f); + if (state == NULL) + return LuaCallbackError(luastate, "error: no app layer state"); + + SSLState *ssl_state = (SSLState *)state; + + char ssl_version[SSL_VERSION_MAX_STRLEN]; + SSLVersionToString(ssl_state->server_connp.version, ssl_version); + + return LuaPushStringBuffer(luastate, (uint8_t *)ssl_version, + strlen(ssl_version)); +} + +static int TlsGetVersion(lua_State *luastate) +{ + int r; + + if (!(LuaStateNeedProto(luastate, ALPROTO_TLS))) + return LuaCallbackError(luastate, "error: protocol not tls"); + + Flow *f = LuaStateGetFlow(luastate); + if (f == NULL) + return LuaCallbackError(luastate, "internal error: no flow"); + + r = GetAgreedVersion(luastate, f); + + return r; +} + static int GetSNI(lua_State *luastate, const Flow *f) { void *state = FlowGetAppState(f); @@ -316,6 +347,9 @@ int LuaRegisterTlsFunctions(lua_State *luastate) lua_pushcfunction(luastate, TlsGetCertNotAfter); lua_setglobal(luastate, "TlsGetCertNotAfter"); + lua_pushcfunction(luastate, TlsGetVersion); + lua_setglobal(luastate, "TlsGetVersion"); + lua_pushcfunction(luastate, TlsGetCertInfo); lua_setglobal(luastate, "TlsGetCertInfo");