From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Tue, 17 Jan 2017 08:23:30 +0000 (+0100)
Subject: lua: add function to print certificate serial number
X-Git-Tag: suricata-4.0.0-beta1~280
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95864375f2a510b122909923bd0ba0f8c0558d74;p=thirdparty%2Fsuricata.git

lua: add function to print certificate serial number

Add function LuaGetCertSerial to print serial number from TLS
certificate.

Example:

function log (args)
    serial = TlsGetCertSerial()

    if serial then
        file:write(serial .. "\n");
        file:flush()
    end
end
---

diff --git a/src/util-lua-tls.c b/src/util-lua-tls.c
index 648eb42312..8472c0f6db 100644
--- a/src/util-lua-tls.c
+++ b/src/util-lua-tls.c
@@ -240,6 +240,38 @@ static int TlsGetSNI(lua_State *luastate)
     return r;
 }
 
+static int GetCertSerial(lua_State *luastate, const Flow *f)
+{
+    void *state = FlowGetAppState(f);
+    if (state == NULL)
+        return LuaCallbackError(luastate, "error: no app layer state");
+
+    SSLState *ssl_state = (SSLState *)state;
+
+    if (ssl_state->server_connp.cert0_serial == NULL)
+        return LuaCallbackError(luastate, "error: no certificate serial");
+
+    return LuaPushStringBuffer(luastate,
+                               (uint8_t *)ssl_state->server_connp.cert0_serial,
+                               strlen(ssl_state->server_connp.cert0_serial));
+}
+
+static int TlsGetCertSerial(lua_State *luastate)
+{
+    int r;
+
+    if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
+        return LuaCallbackError(luastate, "error: protocol not tls");
+
+    Flow *f = LuaStateGetFlow(luastate);
+    if (f == NULL)
+        return LuaCallbackError(luastate, "internal error: no flow");
+
+    r = GetCertSerial(luastate, f);
+
+    return r;
+}
+
 static int GetCertChain(lua_State *luastate, const Flow *f, int direction)
 {
     void *state = FlowGetAppState(f);
@@ -312,6 +344,9 @@ int LuaRegisterTlsFunctions(lua_State *luastate)
     lua_pushcfunction(luastate, TlsGetSNI);
     lua_setglobal(luastate, "TlsGetSNI");
 
+    lua_pushcfunction(luastate, TlsGetCertSerial);
+    lua_setglobal(luastate, "TlsGetCertSerial");
+
     lua_pushcfunction(luastate, TlsGetCertChain);
     lua_setglobal(luastate, "TlsGetCertChain");