diff options
| -rw-r--r-- | include/ssl.h | 1 | ||||
| -rw-r--r-- | src/SSL_Message.c | 15 | ||||
| -rw-r--r-- | test/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | test/pcap/tlcp/tlcp.192.168.54.245.47596-202.99.22.112.6443.pcap | bin | 0 -> 131072 bytes | |||
| -rw-r--r-- | test/pcap/tlcp/tlcp_result.json | 27 |
5 files changed, 42 insertions, 2 deletions
diff --git a/include/ssl.h b/include/ssl.h index ef7ed03..d5c1d96 100644 --- a/include/ssl.h +++ b/include/ssl.h @@ -32,6 +32,7 @@ enum ssl_interested_region #define TLSV1_2_VERSION 0x0303 #define DTLSV1_0_VERSION 0xfeff #define DTLSV1_0_VERSION_NOT 0x0100 +#define TLCPV1_VERSION 0x0101 struct cdata_buf { diff --git a/src/SSL_Message.c b/src/SSL_Message.c index cab9954..792c71f 100644 --- a/src/SSL_Message.c +++ b/src/SSL_Message.c @@ -49,6 +49,7 @@ const struct ssl_serial_string g_astCompression[] = const struct ssl_value2string ssl_version_list[] = { + { TLCPV1_VERSION, "TLCP1.1" }, { DTLSV1_0_VERSION, "DTLS1.0" }, { DTLSV1_0_VERSION_NOT, "DTLS1.0(OpenSSL pre 0.9.8f)" }, { TLSV1_2_VERSION, "TLS1.2" }, @@ -236,7 +237,12 @@ unsigned short ssl_get_hello_version(unsigned char *pcData, unsigned int payload return 0; } - if (03 == pcData[4] && 1 == pcData[5]) + if (1 == pcData[4] && 1 == pcData[5]) + { + /*TLCP 1.1*/ + return TLCPV1_VERSION; + } + else if (03 == pcData[4] && 1 == pcData[5]) { /*TLS 1.0*/ return TLSV1_0_VERSION; @@ -902,7 +908,12 @@ int ssl_identify_version(char *pcData, int payload_len) return 0; } - if (03 == pcData[1] && 1 == pcData[2]) + if (01 == pcData[1] && 1 == pcData[2]) + { + /*TLCP 1.1*/ + return TLCPV1_VERSION; + } + else if (03 == pcData[1] && 1 == pcData[2]) { /*TLS 1.0*/ return TLSV1_0_VERSION; diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index d234fca..124fe18 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -46,3 +46,4 @@ add_test(NAME RUN_CLOSE_CONTAINS_PAYLOAD_TEST COMMAND proto_test_main ${CMAKE_CU add_test(NAME RUN_EXTENSION_EXCEED_16 COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/extensions_exceed_16/extensions_exceed_16_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/extensions_exceed_16/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) add_test(NAME RUN_CLIENT_HELLO_FRAGMENT COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/client_hello_fragment/ssl_client_hello_fragment_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/client_hello_fragment/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) add_test(NAME RUN_ACK_CONTAINS_PAYLOAD COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/tcp_ack_contians_payload/ssl_tcp_ack_contians_payload_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/tcp_ack_contians_payload/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) +add_test(NAME RUN_TLCP COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/tlcp/tlcp_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/tlcp/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) diff --git a/test/pcap/tlcp/tlcp.192.168.54.245.47596-202.99.22.112.6443.pcap b/test/pcap/tlcp/tlcp.192.168.54.245.47596-202.99.22.112.6443.pcap Binary files differnew file mode 100644 index 0000000..c5c5aa7 --- /dev/null +++ b/test/pcap/tlcp/tlcp.192.168.54.245.47596-202.99.22.112.6443.pcap diff --git a/test/pcap/tlcp/tlcp_result.json b/test/pcap/tlcp/tlcp_result.json new file mode 100644 index 0000000..9e300df --- /dev/null +++ b/test/pcap/tlcp/tlcp_result.json @@ -0,0 +1,27 @@ +[ + { + "Tuple4": "192.168.54.245.47596>202.99.22.112.6443", + "ssl_sni": "wap.citicbank.cn", + "ssl_client_version": "TLCP1.1", + "ssl_ja3_hash": "3e8b40596a01530fa02d265ff3c397cc", + "ssl_ja3s_hash": "425270d1bb1ca2d7b07a2f70420d4c07", + "ssl_cert_version": "v3", + "ssl_cert_Issuer": "Beijing SM2 CA;BJCA;BJCA;;;;CN", + "ssl_cert_IssuerCN": "Beijing SM2 CA", + "ssl_cert_IssuerO": "BJCA", + "ssl_cert_IssuerC": "CN", + "ssl_cert_IssuerU": "BJCA", + "ssl_cert_Sub": "wap.citicbank.cn;中信银行股份有限公司;;;;北京;CN", + "ssl_cert_SubCN": "wap.citicbank.cn", + "ssl_cert_SubO": "中信银行股份有限公司", + "ssl_cert_SubC": "CN", + "ssl_cert_SubP": "北京", + "ssl_cert_SubAltName": "wap.citicbank.cn", + "ssl_cert_SerialNum": "0x1a1000000000047f95f8", + "ssl_cert_AgID": "1.2.156.10197.1.501", + "ssl_cert_From": "240408160000Z", + "ssl_cert_To": "250425155959Z", + "ssl_cert_SSLFPAg": "1.2.156.10197.1.501", + "name": "SSL_RESULT_1" + } +]
\ No newline at end of file |