From 04a9a0dc38a1c5555efcb3a48dc4c82b63ab0f27 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 4 Oct 2011 13:19:11 -0400 Subject: [PATCH] Fixed an error when calculating x509 certificate hashes (reported by Martin Holste). --- scripts/policy/protocols/ssl/cert-hash.bro | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/policy/protocols/ssl/cert-hash.bro b/scripts/policy/protocols/ssl/cert-hash.bro index 0d0397e9c7..80a937f670 100644 --- a/scripts/policy/protocols/ssl/cert-hash.bro +++ b/scripts/policy/protocols/ssl/cert-hash.bro @@ -10,11 +10,11 @@ export { }; } -event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string) &priority=10 +event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string) &priority=4 { # We aren't tracking client certificates yet and we are also only tracking - # the primary cert. - if ( ! is_server || chain_idx != 0 ) + # the primary cert. Watch that this came from an SSL analyzed session too. + if ( ! is_server || chain_idx != 0 || ! c?$ssl ) return; c$ssl$cert_hash = md5_hash(der_cert);