diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 05ea4434d3..07dce7a7a3 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -720,14 +720,16 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) break; } + case CAPA: + ProtocolConfirmation(); case UIDL: case LIST: - case CAPA: if (requestForMultiLine == true) multiLine = true; break; case STLS: + ProtocolConfirmation(); tls = true; StartTLS(); return; diff --git a/testing/btest/Baseline/scripts.base.protocols.pop3.starttls/conn.log b/testing/btest/Baseline/scripts.base.protocols.pop3.starttls/conn.log new file mode 100644 index 0000000000..910c42d69f --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.pop3.starttls/conn.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2015-07-23-23-52-44 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1400173552.423915 CXWv6p3arKYeMETxOg 192.168.4.149 54775 192.168.4.149 110 tcp pop3,ssl 2.489002 851 2590 SF - - 0 ShAadDfFr 16 1695 17 3462 (empty) +#close 2015-07-23-23-52-44 diff --git a/testing/btest/scripts/base/protocols/pop3/starttls.bro b/testing/btest/scripts/base/protocols/pop3/starttls.bro index 140c050b36..8e0d1ab5ef 100644 --- a/testing/btest/scripts/base/protocols/pop3/starttls.bro +++ b/testing/btest/scripts/base/protocols/pop3/starttls.bro @@ -1,8 +1,10 @@ # @TEST-EXEC: bro -C -b -r $TRACES/tls/pop3-starttls.pcap %INPUT +# @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log @load base/protocols/conn +@load base/frameworks/dpd @load base/protocols/ssl module POP3;