mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9e03550230
Pierre Chifflier pointed out that a rule like: alert tls any any -> any any (msg:"TLS store"; tls.issuerdn:!"C=FR"; tls.store;) was alerting but not storing the certificate. If the filter was removed: alert tls any any -> any any (msg:"TLS store"; tls.store;) then tls.store is working as expected. This was linked with fact that logging is only done once for a SSL state. So without filter, once we have the info we can log and we run the storage. But when there is a filter, we log and then there is a filter analysis and alerting. And as logging as already be done we don't enter in the logging function and there is no storage. This patch forces the entrance in the log function when there is a request for TLS storage. And it adds an exit in the logging function to only do the storage part if the TLS state has already being logged. |
11 years ago | |
|---|---|---|
| benches | ||
| contrib | ||
| doc | ||
| m4 | ||
| qa | ||
| rules | 11 years ago | |
| scripts | ||
| src | 11 years ago | |
| .gitignore | ||
| COPYING | ||
| ChangeLog | 11 years ago | |
| LICENSE | ||
| Makefile.am | 11 years ago | |
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | ||
| classification.config | ||
| config.rpath | ||
| configure.ac | 11 years ago | |
| doxygen.cfg | ||
| reference.config | ||
| suricata.yaml.in | 11 years ago | |
| threshold.config | ||