diff options
| author | liuxueli <[email protected]> | 2023-07-18 18:31:42 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2023-07-18 18:31:42 +0800 |
| commit | 8c0ec9f27c030750759a91be81814327ce4813dc (patch) | |
| tree | b3f70e2e3a3f2c322a1311b5f8557ccff0d424fc | |
| parent | a52514a151f7f71f2630533ed7ea6c2ffbc85faa (diff) | |
增加是否解析证书的开关: PARSE_CERTIFICATE_DETAILv3.0.1
| -rw-r--r-- | bin/ssl/ssl_main.conf | 14 | ||||
| -rw-r--r-- | src/SSL_Analyze.c | 3 | ||||
| -rw-r--r-- | src/SSL_Analyze.h | 1 | ||||
| -rw-r--r-- | src/SSL_Message.c | 4 |
4 files changed, 8 insertions, 14 deletions
diff --git a/bin/ssl/ssl_main.conf b/bin/ssl/ssl_main.conf index e07748e..2c608d6 100644 --- a/bin/ssl/ssl_main.conf +++ b/bin/ssl/ssl_main.conf @@ -1,11 +1,3 @@ -[FUNCTION] -switch_no_biz=1 -#0 means close stat -stat_cycle=5 -#stat output screen 0: screen 1: file -stat_screen_print=1 -stat_file=./log/ssl/ssl_stat.log - -STAT_FIELD_APPNAME=SSL -STAT_FIELD_DST_IP=127.0.0.1 -STAT_FIELD_DST_PORT=8125
\ No newline at end of file +[SSL] +MAX_CACHE_LEN=10240 +PARSE_CERTIFICATE_DETAIL=1 diff --git a/src/SSL_Analyze.c b/src/SSL_Analyze.c index f555b9a..2809c00 100644 --- a/src/SSL_Analyze.c +++ b/src/SSL_Analyze.c @@ -209,7 +209,8 @@ extern "C" int SSL_INIT(void) } const char *filename="./conf/ssl/ssl_main.conf"; - MESA_load_profile_int_def(filename, "FUNCTION", "MAC_CACHE_LEN", &g_ssl_runtime_para.max_cache_len, 10240); + MESA_load_profile_int_def(filename, "SSL", "MAX_CACHE_LEN", &g_ssl_runtime_para.max_cache_len, 10240); + MESA_load_profile_int_def(filename, "SSL", "PARSE_CERTIFICATE_DETAIL", &g_ssl_runtime_para.parse_certificate_detail, 1); ssl_ja3_init(); g_ssl_runtime_para.proto_tag_id=project_producer_register("MESA_PROTO", "struct", ssl_proto_tag_free); diff --git a/src/SSL_Analyze.h b/src/SSL_Analyze.h index 955aff8..e5fe861 100644 --- a/src/SSL_Analyze.h +++ b/src/SSL_Analyze.h @@ -51,6 +51,7 @@ struct ssl_runtime_para char stat_appname[16]; int proto_tag_id ; int max_cache_len; + int parse_certificate_detail; }; struct ssl_business_info diff --git a/src/SSL_Message.c b/src/SSL_Message.c index 82999d5..c8cacb5 100644 --- a/src/SSL_Message.c +++ b/src/SSL_Message.c @@ -140,7 +140,7 @@ int ssl_trunk_cache(struct ssl_runtime_context *ssl_context, char *payload, int ssl_context->record.cache_len=0; int length=MIN(payload_len, g_ssl_runtime_para.max_cache_len); - memcpy(ssl_context->record.cache_buff+ssl_context->record.cache_len, payload, length); + memmove(ssl_context->record.cache_buff+ssl_context->record.cache_len, payload, length); ssl_context->record.cache_len+=length; return 0; @@ -517,7 +517,7 @@ int ssl_parse_new_session_ticket(struct ssl_new_session_ticket *new_session_tick int ssl_parse_certificate_detail(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet) { - if(!(g_ssl_runtime_para.ssl_interested_region_flag&SSL_CERTIFICATE_DETAIL)) + if(!(g_ssl_runtime_para.ssl_interested_region_flag&SSL_CERTIFICATE_DETAIL) || g_ssl_runtime_para.parse_certificate_detail==0) { ssl_context->stream.certificate=NULL; return SSL_TRUE; |