From 8627b87b3ef0aa88aa9ec477f76b1bee223e8f65 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sat, 8 Oct 2011 00:13:20 -0400 Subject: [PATCH] Fixing another "field missing" error reported by Martin. --- scripts/policy/protocols/ssl/known-certs.bro | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro index 7e21bc3c6b..90f6ee6186 100644 --- a/scripts/policy/protocols/ssl/known-certs.bro +++ b/scripts/policy/protocols/ssl/known-certs.bro @@ -47,7 +47,8 @@ event bro_init() &priority=5 event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string) &priority=3 { # Make sure this is the server cert and we have a hash for it. - if ( chain_idx == 0 && ! c$ssl?$cert_hash ) return; + if ( chain_idx != 0 || ! c$ssl?$cert_hash ) + return; local host = c$id$resp_h; if ( [host, c$ssl$cert_hash] !in certs && addr_matches_host(host, cert_tracking) )