Merge pull request #2349 from ejohnstown/watch-chain

Sniffer Watch Cert Chain
2019-07-16 10:43:37 -06:00
parent d620433d1d 3cdb4f8bf0
commit 9f1aa1a27c
2 changed files with 10 additions and 4 deletions
--- a/src/sniffer.c
+++ b/src/sniffer.c
@ -2314,6 +2314,8 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
        SnifferSession* session, char* error)
 {
    Sha256 sha;
+    const byte* certChain;
+    word32 certChainSz;
    word32 certSz;
    int ret;
    byte digest[SHA256_DIGEST_SIZE];
@ -2330,7 +2332,9 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
        return -1;
    }

+    ato24(input, &certChainSz);
    input += CERT_HEADER_SZ;
+    certChain = input;
    ato24(input, &certSz);
    input += OPAQUE24_LEN;

@ -2344,8 +2348,8 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
        return -1;
    }

-    ret = WatchCb((void*)session, digest, sizeof(digest), input, certSz,
-            WatchCbCtx, error);
+    ret = WatchCb((void*)session, digest, sizeof(digest),
+            certChain, certChainSz, WatchCbCtx, error);
    if (ret != 0) {
 #ifdef WOLFSSL_SNIFFER_STATS
        INC_STAT(SnifferStats.sslKeysUnmatched);
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@ -168,8 +168,10 @@ SSL_SNIFFER_API int ssl_ReadResetStatistics(SSLStats* stats);


 typedef int (*SSLWatchCb)(void* vSniffer,
-                        const unsigned char* certHash, unsigned int certHashSz,
-                        const unsigned char* cert, unsigned int certSz,
+                        const unsigned char* certHash,
+                        unsigned int certHashSz,
+                        const unsigned char* certChain,
+                        unsigned int certChainSz,
                        void* ctx, char* error);

 WOLFSSL_API