Merge pull request #2349 from ejohnstown/watch-chain

Sniffer Watch Cert Chain

src/sniffer.c

@@ -2314,6 +2314,8 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
         SnifferSession* session, char* error)
 {
     Sha256 sha;
+    const byte* certChain;
+    word32 certChainSz;
     word32 certSz;
     int ret;
     byte digest[SHA256_DIGEST_SIZE];
@@ -2330,7 +2332,9 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
         return -1;
     }
 
+    ato24(input, &certChainSz);
     input += CERT_HEADER_SZ;
+    certChain = input;
     ato24(input, &certSz);
     input += OPAQUE24_LEN;
 
@@ -2344,8 +2348,8 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
         return -1;
     }
 
-    ret = WatchCb((void*)session, digest, sizeof(digest), input, certSz,
+    ret = WatchCb((void*)session, digest, sizeof(digest),
-            WatchCbCtx, error);
+            certChain, certChainSz, WatchCbCtx, error);
     if (ret != 0) {
 #ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslKeysUnmatched);

wolfssl/sniffer.h

@@ -168,8 +168,10 @@ SSL_SNIFFER_API int ssl_ReadResetStatistics(SSLStats* stats);
 
 
 typedef int (*SSLWatchCb)(void* vSniffer,
-                        const unsigned char* certHash, unsigned int certHashSz,
+                        const unsigned char* certHash,
-                        const unsigned char* cert, unsigned int certSz,
+                        unsigned int certHashSz,
+                        const unsigned char* certChain,
+                        unsigned int certChainSz,
                         void* ctx, char* error);
 
 WOLFSSL_API