Skip to content

Commit

Permalink
record_version is in fact spurious
Browse files Browse the repository at this point in the history
  • Loading branch information
@majek
majek committed May 14, 2012
1 parent 2bda00c commit b9781d4
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 5 deletions.
8 changes: 4 additions & 4 deletions fp_ssl.c
View file
Expand Up @@ -396,7 +396,7 @@ static int fingerprint_ssl_v2(struct ssl_sig *sig, const u8 *pay, u32 pay_len) {
message. -1 on parsing error, 1 if signature was extracted. */

static int fingerprint_ssl_v3(struct ssl_sig *sig, const u8 *fragment,
u32 frag_len, u32 local_time) {
u32 frag_len, u16 record_version, u32 local_time) {

int i;
const u8 *record = fragment;
Expand Down Expand Up @@ -452,7 +452,7 @@ static int fingerprint_ssl_v3(struct ssl_sig *sig, const u8 *fragment,

sig->request_version = (pay[0] << 8) | pay[1];

if (sig->request_version != sig->record_version) {
if (sig->request_version != record_version) {
sig->flags |= SSL_FLAG_VER;
}

Expand Down Expand Up @@ -791,7 +791,6 @@ u8 process_ssl(u8 to_srv, struct packet_flow *f) {
if (f->req_len < 2 + msg_length) return can_get_more;

memset(&sig, 0, sizeof(struct ssl_sig));
sig.record_version = 0x0200;
sig.flags |= SSL_FLAG_V2;

success = fingerprint_ssl_v2(&sig, f->request, msg_length + 2);
Expand All @@ -813,11 +812,12 @@ u8 process_ssl(u8 to_srv, struct packet_flow *f) {
return can_get_more;

memset(&sig, 0, sizeof(struct ssl_sig));
sig.record_version = (hdr3->ver_maj << 8) | hdr3->ver_min;
u16 record_version = (hdr3->ver_maj << 8) | hdr3->ver_min;

u8 *fragment = f->request + sizeof(struct ssl3_record_hdr);

success = fingerprint_ssl_v3(&sig, fragment, fragment_len,
record_version,
f->client->last_seen);

}
Expand Down
1 change: 0 additions & 1 deletion fp_ssl.h
View file
Expand Up @@ -58,7 +58,6 @@ struct ssl_sig_record;

struct ssl_sig {

u16 record_version; /* TLS version used on the record layer. */
u16 request_version; /* Requested SSL version (maj << 8) | min */

u32 remote_time; /* ClientHello message gmt_unix_time field */
Expand Down

0 comments on commit b9781d4

Please sign in to comment.