diff options
| -rw-r--r-- | readme.md | 12 | ||||
| -rw-r--r-- | src/SSL_Analyze.c | 11 | ||||
| -rw-r--r-- | src/SSL_Analyze.h | 1 | ||||
| -rw-r--r-- | src/SSL_Message.c | 13 | ||||
| -rw-r--r-- | src/ssl.h | 3 | ||||
| -rw-r--r-- | src/ssl_update.txt | 3 |
6 files changed, 37 insertions, 6 deletions
@@ -1,5 +1,17 @@ # 0. 功能升级历史 +* 2021.8.5 + + ssl2.0版本已经废弃,但是可能出现第一个包是ssl2.0,后续数据包tls1.2的情况,因此支持第一个数据包识别错误,第二个数据包继续解析的。参见imaps-64593.pcap + + **注意ssl.h有更新,向上兼容** + +* 2021.7.27 + + 证书拥有者subject和颁发者issuer包括commonName + organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName + + **注意ssl.h有更新** + * 2021.4.17 支持esni提取,使用方法参考ssl.h中 st_esni_t结构体 diff --git a/src/SSL_Analyze.c b/src/SSL_Analyze.c index 1367d03..2833922 100644 --- a/src/SSL_Analyze.c +++ b/src/SSL_Analyze.c @@ -43,7 +43,7 @@ extern "C" ssl_prog_runtime_parameter_t g_ssl_prog_para; -int SSL_VERSION_1_20210727 = 0; +int SSL_VERSION_1_20210805 = 0; void ssl_history() { @@ -102,6 +102,7 @@ void ssl_history() //2021-04-28 V0.2 add certlen for each cert //2021-05-29 V0.2 add SSLSerialNumLen //2021-07-27 V0.2 add subject and issuer = commonName + organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName +//2021-08-05 V0.2 client hello SSL 2.0 @@ -540,7 +541,11 @@ char SSL_ENTRY(struct streaminfo *a_tcp, void**pme, int thread_seq, void *a_pack if(SSL_RETURN_DROPME==return_val || a_ssl_stream->business->return_value&PROT_STATE_DROPME) { state = APP_STATE_DROPME; - } + } + if(SSL_RETURN_GIVEME==return_val) + { + state = APP_STATE_GIVEME; + } if(a_ssl_stream->business->return_value&PROT_STATE_DROPPKT) { state |=APP_STATE_DROPPKT; @@ -551,7 +556,7 @@ char SSL_ENTRY(struct streaminfo *a_tcp, void**pme, int thread_seq, void *a_pack ssl_releaseSslStream(a_tcp, &a_ssl_stream, thread_seq,a_packet); *pme = NULL; } - + return state; break; diff --git a/src/SSL_Analyze.h b/src/SSL_Analyze.h index 4e2588a..a8fab7c 100644 --- a/src/SSL_Analyze.h +++ b/src/SSL_Analyze.h @@ -41,6 +41,7 @@ typedef long atomic_t; #define SSL_RETURN_NORM 0x53 #define SSL_RETURN_UNNORM 0x54 #define SSL_RETURN_RESET_BUFFER 0x55 +#define SSL_RETURN_GIVEME 0x56 #define SSL_RETURN_DROPME 0x57 #define MAX_REGION_NUM 15 diff --git a/src/SSL_Message.c b/src/SSL_Message.c index d7062f1..4fcbc5b 100644 --- a/src/SSL_Message.c +++ b/src/SSL_Message.c @@ -717,11 +717,20 @@ UCHAR ssl_analyseSsl(char *pcSslData, int iDataLen, int *res, ssl_stream *a_ssl_ /**first packet of an hand shake conversation**/ if (UNKNOWN_VERSION == a_ssl_stream->uiSslVersion) { - a_ssl_stream->uiSslVersion = (unsigned int)ssl_protoRecg(pcSslData, iDataLen); + a_ssl_stream->uiSslVersion = (unsigned int)ssl_protoRecg(pcSslData, iDataLen); + /*jump the first pkt*/ if (UNKNOWN_VERSION == a_ssl_stream->uiSslVersion) { *res = -1; - return SSL_RETURN_DROPME; + if(a_ssl_stream->first_pkt_flag==0) + { + a_ssl_stream->first_pkt_flag = 1; + return SSL_RETURN_GIVEME; + } + else + { + return SSL_RETURN_DROPME; + } } /*version callback*/ return_val = ssl_doWithVersion(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet); @@ -5,7 +5,7 @@ #include <stdio.h> #include <string.h> -#define SSH_H_VERSION_20210727_subject 0 +#define SSH_H_VERSION_20210805_ssl20 0 #define SSL_KEY 3 #define SSL_TRUE 1 @@ -263,6 +263,7 @@ typedef struct _ssl_stream_t int uiCurBuffLen; st_new_session_ticket_t* stNewSessionTicket; + unsigned char first_pkt_flag; }ssl_stream; /*ssl_read_all_cert�еĽṹ��*/ diff --git a/src/ssl_update.txt b/src/ssl_update.txt index 2bf284a..0f3d8dc 100644 --- a/src/ssl_update.txt +++ b/src/ssl_update.txt @@ -13,6 +13,9 @@ https://blog.csdn.net/liujiayu2/article/details/51860172 bug��������ʷ ************************************************* +20210727 +subject��issuer����commonName + organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName +************************************************* 20210529 ����SSLSerialNumLen ************************************************* |