From e07e4ca11736af3aa90a321e8a5af1f28c90eb2c Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Wed, 7 Sep 2011 15:11:01 -0400
Subject: [PATCH] Cleaned up some small SSL mistakes.

---
 scripts/base/protocols/ssl/main.bro             | 5 ++++-
 scripts/policy/protocols/ssl/validate-certs.bro | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index f2e1605aab..857e9073ec 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -113,10 +113,13 @@ event ssl_extension(c: connection, code: count, val: string) &priority=5
 		c$ssl$server_name = sub_bytes(val, 6, |val|);
 	}
 	
-event ssl_established(c: connection) &priority=-5
+event ssl_established(c: connection) &priority=5
 	{
 	set_session(c);
+	}
 	
+event ssl_established(c: connection) &priority=-5
+	{
 	Log::write(SSL::LOG, c$ssl);
 	}
 	
diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro
index 3e457c72ea..bf6421b5c1 100644
--- a/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/scripts/policy/protocols/ssl/validate-certs.bro
@@ -14,7 +14,7 @@ export {
 
 }
 
-event ssl_established(c: connection) &priority=5
+event ssl_established(c: connection) &priority=3
 	{
 	# If there aren't any certs we can't very well do certificate validation.
 	if ( !c$ssl?$cert || !c$ssl?$cert_chain )