suricata
detect-tls-cert-validity.c
Go to the documentation of this file.
1 /* Copyright (C) 2015-2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Mats Klepsland <mats.klepsland@gmail.com>
22  *
23  */
24 
25 #include "detect-engine-build.h"
26 #include "detect-engine-alert.h"
27 #include "app-layer-parser.h"
28 
29 /**
30  * \test This is a test for a valid value 1430000000.
31  *
32  * \retval 1 on success.
33  * \retval 0 on failure.
34  */
35 static int ValidityTestParse01 (void)
36 {
37  DetectTlsValidityData *dd = NULL;
38  dd = DetectTlsValidityParse("1430000000");
39  FAIL_IF_NULL(dd);
40  FAIL_IF_NOT(dd->epoch == 1430000000 && dd->mode == DETECT_TLS_VALIDITY_EQ);
41  DetectTlsValidityFree(NULL, dd);
42  PASS;
43 }
44 
45 /**
46  * \test This is a test for a valid value >1430000000.
47  *
48  * \retval 1 on success.
49  * \retval 0 on failure.
50  */
51 static int ValidityTestParse02 (void)
52 {
53  DetectTlsValidityData *dd = NULL;
54  dd = DetectTlsValidityParse(">1430000000");
55  FAIL_IF_NULL(dd);
56  FAIL_IF_NOT(dd->epoch == 1430000000 && dd->mode == DETECT_TLS_VALIDITY_GT);
57  DetectTlsValidityFree(NULL, dd);
58  PASS;
59 }
60 
61 /**
62  * \test This is a test for a valid value <1430000000.
63  *
64  * \retval 1 on success.
65  * \retval 0 on failure.
66  */
67 static int ValidityTestParse03 (void)
68 {
69  DetectTlsValidityData *dd = NULL;
70  dd = DetectTlsValidityParse("<1430000000");
71  FAIL_IF_NULL(dd);
72  FAIL_IF_NOT(dd->epoch == 1430000000 && dd->mode == DETECT_TLS_VALIDITY_LT);
73  DetectTlsValidityFree(NULL, dd);
74  PASS;
75 }
76 
77 /**
78  * \test This is a test for a valid value 1430000000<>1470000000.
79  *
80  * \retval 1 on success.
81  * \retval 0 on failure.
82  */
83 static int ValidityTestParse04 (void)
84 {
85  DetectTlsValidityData *dd = NULL;
86  dd = DetectTlsValidityParse("1430000000<>1470000000");
87  FAIL_IF_NULL(dd);
88  FAIL_IF_NOT(dd->epoch == 1430000000 && dd->epoch2 == 1470000000 &&
90  DetectTlsValidityFree(NULL, dd);
91  PASS;
92 }
93 
94 /**
95  * \test This is a test for a invalid value A.
96  *
97  * \retval 1 on success.
98  * \retval 0 on failure.
99  */
100 static int ValidityTestParse05 (void)
101 {
102  DetectTlsValidityData *dd = NULL;
103  dd = DetectTlsValidityParse("A");
104  FAIL_IF_NOT_NULL(dd);
105  PASS;
106 }
107 
108 /**
109  * \test This is a test for a invalid value >1430000000<>1470000000.
110  *
111  * \retval 1 on success.
112  * \retval 0 on failure.
113  */
114 static int ValidityTestParse06 (void)
115 {
116  DetectTlsValidityData *dd = NULL;
117  dd = DetectTlsValidityParse(">1430000000<>1470000000");
118  FAIL_IF_NOT_NULL(dd);
119  PASS;
120 }
121 
122 /**
123  * \test This is a test for a invalid value 1430000000<>.
124  *
125  * \retval 1 on success.
126  * \retval 0 on failure.
127  */
128 static int ValidityTestParse07 (void)
129 {
130  DetectTlsValidityData *dd = NULL;
131  dd = DetectTlsValidityParse("1430000000<>");
132  FAIL_IF_NOT_NULL(dd);
133  PASS;
134 }
135 
136 /**
137  * \test This is a test for a invalid value <>1430000000.
138  *
139  * \retval 1 on success.
140  * \retval 0 on failure.
141  */
142 static int ValidityTestParse08 (void)
143 {
144  DetectTlsValidityData *dd = NULL;
145  dd = DetectTlsValidityParse("<>1430000000");
146  FAIL_IF_NOT_NULL(dd);
147  PASS;
148 }
149 
150 /**
151  * \test This is a test for a invalid value "".
152  *
153  * \retval 1 on success.
154  * \retval 0 on failure.
155  */
156 static int ValidityTestParse09 (void)
157 {
158  DetectTlsValidityData *dd = NULL;
159  dd = DetectTlsValidityParse("");
160  FAIL_IF_NOT_NULL(dd);
161  PASS;
162 }
163 
164 /**
165  * \test This is a test for a invalid value " ".
166  *
167  * \retval 1 on success.
168  * \retval 0 on failure.
169  */
170 static int ValidityTestParse10 (void)
171 {
172  DetectTlsValidityData *dd = NULL;
173  dd = DetectTlsValidityParse(" ");
174  FAIL_IF_NOT_NULL(dd);
175  PASS;
176 }
177 
178 /**
179  * \test This is a test for a invalid value 1490000000<>1430000000.
180  *
181  * \retval 1 on success.
182  * \retval 0 on failure.
183  */
184 static int ValidityTestParse11 (void)
185 {
186  DetectTlsValidityData *dd = NULL;
187  dd = DetectTlsValidityParse("1490000000<>1430000000");
188  FAIL_IF_NOT_NULL(dd);
189  PASS;
190 }
191 
192 /**
193  * \test This is a test for a valid value 1430000000 <> 1490000000.
194  *
195  * \retval 1 on success.
196  * \retval 0 on failure.
197  */
198 static int ValidityTestParse12 (void)
199 {
200  DetectTlsValidityData *dd = NULL;
201  dd = DetectTlsValidityParse("1430000000 <> 1490000000");
202  FAIL_IF_NULL(dd);
203  FAIL_IF_NOT(dd->epoch == 1430000000 && dd->epoch2 == 1490000000 &&
205  DetectTlsValidityFree(NULL, dd);
206  PASS;
207 }
208 
209 /**
210  * \test This is a test for a valid value > 1430000000.
211  *
212  * \retval 1 on success.
213  * \retval 0 on failure.
214  */
215 static int ValidityTestParse13 (void)
216 {
217  DetectTlsValidityData *dd = NULL;
218  dd = DetectTlsValidityParse("> 1430000000 ");
219  FAIL_IF_NULL(dd);
220  FAIL_IF_NOT(dd->epoch == 1430000000 && dd->mode == DETECT_TLS_VALIDITY_GT);
221  DetectTlsValidityFree(NULL, dd);
222  PASS;
223 }
224 
225 /**
226  * \test This is a test for a valid value < 1490000000.
227  *
228  * \retval 1 on success.
229  * \retval 0 on failure.
230  */
231 static int ValidityTestParse14 (void)
232 {
233  DetectTlsValidityData *dd = NULL;
234  dd = DetectTlsValidityParse("< 1490000000 ");
235  FAIL_IF_NULL(dd);
236  FAIL_IF_NOT(dd->epoch == 1490000000 && dd->mode == DETECT_TLS_VALIDITY_LT);
237  DetectTlsValidityFree(NULL, dd);
238  PASS;
239 }
240 
241 /**
242  * \test This is a test for a valid value 1490000000.
243  *
244  * \retval 1 on success.
245  * \retval 0 on failure.
246  */
247 static int ValidityTestParse15 (void)
248 {
249  DetectTlsValidityData *dd = NULL;
250  dd = DetectTlsValidityParse(" 1490000000 ");
251  FAIL_IF_NULL(dd);
252  FAIL_IF_NOT(dd->epoch == 1490000000 && dd->mode == DETECT_TLS_VALIDITY_EQ);
253  DetectTlsValidityFree(NULL, dd);
254  PASS;
255 }
256 
257 /**
258  * \test This is a test for a valid value 2015-10.
259  *
260  * \retval 1 on success.
261  * \retval 0 on failure.
262  */
263 static int ValidityTestParse16 (void)
264 {
265  DetectTlsValidityData *dd = NULL;
266  dd = DetectTlsValidityParse("2015-10");
267  FAIL_IF_NULL(dd);
268  FAIL_IF_NOT(dd->epoch == 1443657600 && dd->mode == DETECT_TLS_VALIDITY_EQ);
269  DetectTlsValidityFree(NULL, dd);
270  PASS;
271 }
272 
273 /**
274  * \test This is a test for a valid value >2015-10-22.
275  *
276  * \retval 1 on success.
277  * \retval 0 on failure.
278  */
279 static int ValidityTestParse17 (void)
280 {
281  DetectTlsValidityData *dd = NULL;
282  dd = DetectTlsValidityParse(">2015-10-22");
283  FAIL_IF_NULL(dd);
284  FAIL_IF_NOT(dd->epoch == 1445472000 && dd->mode == DETECT_TLS_VALIDITY_GT);
285  DetectTlsValidityFree(NULL, dd);
286  PASS;
287 }
288 
289 /**
290  * \test This is a test for a valid value <2015-10-22 23.
291  *
292  * \retval 1 on success.
293  * \retval 0 on failure.
294  */
295 static int ValidityTestParse18 (void)
296 {
297  DetectTlsValidityData *dd = NULL;
298  dd = DetectTlsValidityParse("<2015-10-22 23");
299  FAIL_IF_NULL(dd);
300  FAIL_IF_NOT(dd->epoch == 1445554800 && dd->mode == DETECT_TLS_VALIDITY_LT);
301  DetectTlsValidityFree(NULL, dd);
302  PASS;
303 }
304 
305 /**
306  * \test This is a test for a valid value 2015-10-22 23:59.
307  *
308  * \retval 1 on success.
309  * \retval 0 on failure.
310  */
311 static int ValidityTestParse19 (void)
312 {
313  DetectTlsValidityData *dd = NULL;
314  dd = DetectTlsValidityParse("2015-10-22 23:59");
315  FAIL_IF_NULL(dd);
316  FAIL_IF_NOT(dd->epoch == 1445558340 && dd->mode == DETECT_TLS_VALIDITY_EQ);
317  DetectTlsValidityFree(NULL, dd);
318  PASS;
319 }
320 
321 /**
322  * \test This is a test for a valid value 2015-10-22 23:59:59.
323  *
324  * \retval 1 on success.
325  * \retval 0 on failure.
326  */
327 static int ValidityTestParse20 (void)
328 {
329  DetectTlsValidityData *dd = NULL;
330  dd = DetectTlsValidityParse("2015-10-22 23:59:59");
331  FAIL_IF_NULL(dd);
332  FAIL_IF_NOT(dd->epoch == 1445558399 && dd->mode == DETECT_TLS_VALIDITY_EQ);
333  DetectTlsValidityFree(NULL, dd);
334  PASS;
335 }
336 
337 /**
338  * \test This is a test for a valid value 2015-10-22T23.
339  *
340  * \retval 1 on success.
341  * \retval 0 on failure.
342  */
343 static int ValidityTestParse21 (void)
344 {
345  DetectTlsValidityData *dd = NULL;
346  dd = DetectTlsValidityParse("2015-10-22T23");
347  FAIL_IF_NULL(dd);
348  FAIL_IF_NOT(dd->epoch == 1445554800 && dd->mode == DETECT_TLS_VALIDITY_EQ);
349  DetectTlsValidityFree(NULL, dd);
350  PASS;
351 }
352 
353 /**
354  * \test This is a test for a valid value 2015-10-22T23:59.
355  *
356  * \retval 1 on success.
357  * \retval 0 on failure.
358  */
359 static int ValidityTestParse22 (void)
360 {
361  DetectTlsValidityData *dd = NULL;
362  dd = DetectTlsValidityParse("2015-10-22T23:59");
363  FAIL_IF_NULL(dd);
364  FAIL_IF_NOT(dd->epoch == 1445558340 && dd->mode == DETECT_TLS_VALIDITY_EQ);
365  DetectTlsValidityFree(NULL, dd);
366  PASS;
367 }
368 
369 /**
370  * \test This is a test for a valid value 2015-10-22T23:59:59.
371  *
372  * \retval 1 on success.
373  * \retval 0 on failure.
374  */
375 static int ValidityTestParse23 (void)
376 {
377  DetectTlsValidityData *dd = NULL;
378  dd = DetectTlsValidityParse("2015-10-22T23:59:59");
379  FAIL_IF_NULL(dd);
380  FAIL_IF_NOT(dd->epoch == 1445558399 && dd->mode == DETECT_TLS_VALIDITY_EQ);
381  DetectTlsValidityFree(NULL, dd);
382  PASS;
383 }
384 
385 /**
386  * \test This is a test for a valid value of 1970-01-01T00:00:00
387  * that is at epoch 0, within the range of acceptable
388  * values (1950-2049) as per RFC 5280. (https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1)
389  *
390  * \retval 1 on success.
391  * \retval 0 on failure.
392  */
393 static int ValidityTestParse24(void)
394 {
395  DetectTlsValidityData *dd = NULL;
396  dd = DetectTlsValidityParse("1970-01-01T00:00:00");
397  FAIL_IF_NULL(dd);
398  FAIL_IF_NOT(dd->epoch == 0 && dd->mode == DETECT_TLS_VALIDITY_EQ);
399  DetectTlsValidityFree(NULL, dd);
400  PASS;
401 }
402 
403 /**
404  * \test This is a test for a valid value of 1965-10-22T23:59:59
405  * that is lower than epoch 0, but within the range of
406  * acceptable values (1950-2049) as per RFC 5280.
407  * (https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1)
408  *
409  * \retval 1 on success.
410  * \retval 0 on failure.
411  */
412 static int ValidityTestParse25(void)
413 {
414  DetectTlsValidityData *dd = NULL;
415  dd = DetectTlsValidityParse("1969-12-31T23:59:59");
416  FAIL_IF_NULL(dd);
417  FAIL_IF_NOT(dd->epoch == -1 && dd->mode == DETECT_TLS_VALIDITY_EQ);
418  DetectTlsValidityFree(NULL, dd);
419  PASS;
420 }
421 
422 /**
423  * \test Test matching on validity dates in a certificate.
424  *
425  * \retval 1 on success.
426  * \retval 0 on failure.
427  */
428 static int ValidityTestDetect01(void)
429 {
430  /* client hello */
431  uint8_t client_hello[] = {
432  0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
433  0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
434  0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
435  0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
436  0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
437  0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
438  0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
439  0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
440  0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
441  0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
442  0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
443  0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
444  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
445  0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
446  0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
447  0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
448  0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
449  0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
450  0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
451  0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
452  0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
453  0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
454  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
455  0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
456  0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
457  0x03, 0x04, 0x02, 0x02, 0x02
458  };
459 
460  /* server hello */
461  uint8_t server_hello[] = {
462  0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
463  0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
464  0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
465  0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
466  0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
467  0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
468  0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
469  0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
470  0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
471  0x0b, 0x00, 0x02, 0x01, 0x00
472  };
473 
474  /* certificate */
475  uint8_t certificate[] = {
476  0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
477  0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
478  0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
479  0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
480  0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
481  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
482  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
483  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
484  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
485  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
486  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
487  0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
488  0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
489  0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
490  0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
491  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
492  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
493  0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
494  0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
495  0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
496  0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
497  0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
498  0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
499  0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
500  0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
501  0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
502  0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
503  0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
504  0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
505  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
506  0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
507  0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
508  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
509  0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
510  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
511  0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
512  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
513  0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
514  0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
515  0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
516  0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
517  0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
518  0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
519  0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
520  0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
521  0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
522  0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
523  0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
524  0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
525  0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
526  0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
527  0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
528  0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
529  0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
530  0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
531  0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
532  0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
533  0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
534  0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
535  0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
536  0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
537  0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
538  0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
539  0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
540  0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
541  0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
542  0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
543  0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
544  0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
545  0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
546  0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
547  0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
548  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
549  0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
550  0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
551  0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
552  0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
553  0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
554  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
555  0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
556  0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
557  0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
558  0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
559  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
560  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
561  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
562  0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
563  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
564  0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
565  0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
566  0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
567  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
568  0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
569  0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
570  0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
571  0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
572  0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
573  0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
574  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
575  0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
576  0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
577  0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
578  0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
579  0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
580  0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
581  0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
582  0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
583  0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
584  0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
585  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
586  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
587  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
588  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
589  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
590  0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
591  0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
592  0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
593  0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
594  0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
595  0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
596  0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
597  0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
598  0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
599  0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
600  0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
601  0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
602  0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
603  0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
604  0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
605  0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
606  0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
607  0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
608  0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
609  0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
610  0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
611  0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
612  0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
613  0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
614  0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
615  0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
616  0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
617  0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
618  0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
619  0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
620  0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
621  0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
622  0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
623  };
624 
625  Flow f;
626  SSLState *ssl_state = NULL;
627  TcpSession ssn;
628  Packet *p1 = NULL;
629  Packet *p2 = NULL;
630  Packet *p3 = NULL;
631  ThreadVars tv;
632  DetectEngineThreadCtx *det_ctx = NULL;
634 
635  memset(&tv, 0, sizeof(ThreadVars));
636  memset(&f, 0, sizeof(Flow));
637  memset(&ssn, 0, sizeof(TcpSession));
638 
639  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
640  "192.168.1.5", "192.168.1.1", 51251, 443);
641  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
642  "192.168.1.1", "192.168.1.5", 443, 51251);
643  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
644  "192.168.1.1", "192.168.1.5", 443, 51251);
645 
646  FLOW_INITIALIZE(&f);
647  f.flags |= FLOW_IPV4;
648  f.proto = IPPROTO_TCP;
650  f.alproto = ALPROTO_TLS;
651 
652  p1->flow = &f;
656  p1->pcap_cnt = 1;
657 
658  p2->flow = &f;
662  p2->pcap_cnt = 2;
663 
664  p3->flow = &f;
668  p3->pcap_cnt = 3;
669 
670  StreamTcpInitConfig(true);
671 
674 
675  de_ctx->flags |= DE_QUIET;
676 
677  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
678  "(msg:\"Test tls_cert_notbefore\"; "
679  "tls_cert_notbefore:<2016-07-20; sid:1;)");
680  FAIL_IF_NULL(s);
681 
682  s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
683  "(msg:\"Test tls_cert_notafter\"; "
684  "tls_cert_notafter:>2016-09-01; sid:2;)");
685  FAIL_IF_NULL(s);
686 
688  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
689 
690  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS,
691  STREAM_TOSERVER, client_hello,
692  sizeof(client_hello));
693 
694  FAIL_IF(r != 0);
695 
696  ssl_state = f.alstate;
697  FAIL_IF_NULL(ssl_state);
698 
699  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
700 
701  FAIL_IF(PacketAlertCheck(p1, 1));
702  FAIL_IF(PacketAlertCheck(p1, 2));
703 
704  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
705  server_hello, sizeof(server_hello));
706 
707  FAIL_IF(r != 0);
708 
709  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
710 
711  FAIL_IF(PacketAlertCheck(p2, 1));
712  FAIL_IF(PacketAlertCheck(p2, 2));
713 
714  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
715  certificate, sizeof(certificate));
716 
717  FAIL_IF(r != 0);
718 
719  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
720 
723 
725  DetectEngineThreadCtxDeinit(&tv, det_ctx);
727 
728  StreamTcpFreeConfig(true);
729  FLOW_DESTROY(&f);
730  UTHFreePacket(p1);
731  UTHFreePacket(p2);
732  UTHFreePacket(p3);
733 
734  PASS;
735 }
736 
737 /**
738  * \test Test matching on an expired certificate.
739  *
740  * Traffic from expired.badssl.com
741  *
742  * \retval 1 on success.
743  * \retval 0 on failure.
744  */
745 static int ExpiredTestDetect01(void)
746 {
747  /* client hello */
748  uint8_t client_hello[] = {
749  0x16, 0x03, 0x03, 0x00, 0x5a, 0x01, 0x00, 0x00,
750  0x56, 0x03, 0x03, 0x62, 0x87, 0xa4, 0x11, 0x3e,
751  0x11, 0x32, 0x7d, 0xbc, 0x5b, 0x63, 0xb7, 0xaf,
752  0x55, 0x8d, 0x46, 0x5b, 0x8f, 0xac, 0x50, 0x02,
753  0x90, 0xe3, 0x55, 0x03, 0xfe, 0xad, 0xa6, 0x92,
754  0x56, 0x75, 0xf9, 0x00, 0x00, 0x08, 0x00, 0x35,
755  0x00, 0x2f, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00,
756  0x00, 0x25, 0x00, 0x00, 0x00, 0x17, 0x00, 0x15,
757  0x00, 0x00, 0x12, 0x65, 0x78, 0x70, 0x69, 0x72,
758  0x65, 0x64, 0x2e, 0x62, 0x61, 0x64, 0x73, 0x73,
759  0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x0d, 0x00,
760  0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
761  };
762 
763  /* server hello */
764  uint8_t server_hello[] = {
765  0x16, 0x03, 0x03, 0x00, 0x55, 0x02, 0x00, 0x00,
766  0x51, 0x03, 0x03, 0x22, 0xa1, 0xd8, 0xd0, 0x3c,
767  0x8d, 0x32, 0x7e, 0x4f, 0x60, 0x27, 0xf6, 0x0c,
768  0x99, 0x7a, 0x8e, 0x6e, 0x52, 0xa5, 0xf4, 0x20,
769  0x2e, 0xa1, 0xa4, 0x0b, 0xd5, 0x80, 0x9b, 0xec,
770  0xbd, 0x2c, 0x6c, 0x20, 0x7a, 0x9b, 0xcc, 0x6b,
771  0xbf, 0x3d, 0xfc, 0x7c, 0x31, 0x78, 0x65, 0x1e,
772  0xcc, 0x41, 0x0b, 0x8b, 0x3d, 0x4e, 0xde, 0x45,
773  0xe5, 0x20, 0xf5, 0xbd, 0x8e, 0x99, 0xce, 0xc2,
774  0xad, 0x88, 0x08, 0x27, 0x00, 0x2f, 0x00, 0x00,
775  0x09, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00,
776  0x01, 0x00
777  };
778 
779  /* certificate */
780  uint8_t certificate[] = {
781  0x16, 0x03, 0x03, 0x05, 0x59, 0x0b, 0x00, 0x05,
782  0x55, 0x00, 0x05, 0x52, 0x00, 0x05, 0x4f, 0x30,
783  0x82, 0x05, 0x4b, 0x30, 0x82, 0x04, 0x33, 0xa0,
784  0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x4a, 0xe7,
785  0x95, 0x49, 0xfa, 0x9a, 0xbe, 0x3f, 0x10, 0x0f,
786  0x17, 0xa4, 0x78, 0xe1, 0x69, 0x09, 0x30, 0x0d,
787  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
788  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x90,
789  0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
790  0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, 0x30,
791  0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12,
792  0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20,
793  0x4d, 0x61, 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74,
794  0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
795  0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6c,
796  0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18,
797  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x43,
798  0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41,
799  0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64,
800  0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04,
801  0x03, 0x13, 0x2d, 0x43, 0x4f, 0x4d, 0x4f, 0x44,
802  0x4f, 0x20, 0x52, 0x53, 0x41, 0x20, 0x44, 0x6f,
803  0x6d, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x61, 0x6c,
804  0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20,
805  0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53,
806  0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41,
807  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x34,
808  0x30, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
809  0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x34, 0x31,
810  0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a,
811  0x30, 0x59, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03,
812  0x55, 0x04, 0x0b, 0x13, 0x18, 0x44, 0x6f, 0x6d,
813  0x61, 0x69, 0x6e, 0x20, 0x43, 0x6f, 0x6e, 0x74,
814  0x72, 0x6f, 0x6c, 0x20, 0x56, 0x61, 0x6c, 0x69,
815  0x64, 0x61, 0x74, 0x65, 0x64, 0x31, 0x1d, 0x30,
816  0x1b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x14,
817  0x50, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65,
818  0x53, 0x53, 0x4c, 0x20, 0x57, 0x69, 0x6c, 0x64,
819  0x63, 0x61, 0x72, 0x64, 0x31, 0x15, 0x30, 0x13,
820  0x06, 0x03, 0x55, 0x04, 0x03, 0x14, 0x0c, 0x2a,
821  0x2e, 0x62, 0x61, 0x64, 0x73, 0x73, 0x6c, 0x2e,
822  0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30,
823  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
824  0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82,
825  0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
826  0x82, 0x01, 0x01, 0x00, 0xc2, 0x04, 0xec, 0xf8,
827  0x8c, 0xee, 0x04, 0xc2, 0xb3, 0xd8, 0x50, 0xd5,
828  0x70, 0x58, 0xcc, 0x93, 0x18, 0xeb, 0x5c, 0xa8,
829  0x68, 0x49, 0xb0, 0x22, 0xb5, 0xf9, 0x95, 0x9e,
830  0xb1, 0x2b, 0x2c, 0x76, 0x3e, 0x6c, 0xc0, 0x4b,
831  0x60, 0x4c, 0x4c, 0xea, 0xb2, 0xb4, 0xc0, 0x0f,
832  0x80, 0xb6, 0xb0, 0xf9, 0x72, 0xc9, 0x86, 0x02,
833  0xf9, 0x5c, 0x41, 0x5d, 0x13, 0x2b, 0x7f, 0x71,
834  0xc4, 0x4b, 0xbc, 0xe9, 0x94, 0x2e, 0x50, 0x37,
835  0xa6, 0x67, 0x1c, 0x61, 0x8c, 0xf6, 0x41, 0x42,
836  0xc5, 0x46, 0xd3, 0x16, 0x87, 0x27, 0x9f, 0x74,
837  0xeb, 0x0a, 0x9d, 0x11, 0x52, 0x26, 0x21, 0x73,
838  0x6c, 0x84, 0x4c, 0x79, 0x55, 0xe4, 0xd1, 0x6b,
839  0xe8, 0x06, 0x3d, 0x48, 0x15, 0x52, 0xad, 0xb3,
840  0x28, 0xdb, 0xaa, 0xff, 0x6e, 0xff, 0x60, 0x95,
841  0x4a, 0x77, 0x6b, 0x39, 0xf1, 0x24, 0xd1, 0x31,
842  0xb6, 0xdd, 0x4d, 0xc0, 0xc4, 0xfc, 0x53, 0xb9,
843  0x6d, 0x42, 0xad, 0xb5, 0x7c, 0xfe, 0xae, 0xf5,
844  0x15, 0xd2, 0x33, 0x48, 0xe7, 0x22, 0x71, 0xc7,
845  0xc2, 0x14, 0x7a, 0x6c, 0x28, 0xea, 0x37, 0x4a,
846  0xdf, 0xea, 0x6c, 0xb5, 0x72, 0xb4, 0x7e, 0x5a,
847  0xa2, 0x16, 0xdc, 0x69, 0xb1, 0x57, 0x44, 0xdb,
848  0x0a, 0x12, 0xab, 0xde, 0xc3, 0x0f, 0x47, 0x74,
849  0x5c, 0x41, 0x22, 0xe1, 0x9a, 0xf9, 0x1b, 0x93,
850  0xe6, 0xad, 0x22, 0x06, 0x29, 0x2e, 0xb1, 0xba,
851  0x49, 0x1c, 0x0c, 0x27, 0x9e, 0xa3, 0xfb, 0x8b,
852  0xf7, 0x40, 0x72, 0x00, 0xac, 0x92, 0x08, 0xd9,
853  0x8c, 0x57, 0x84, 0x53, 0x81, 0x05, 0xcb, 0xe6,
854  0xfe, 0x6b, 0x54, 0x98, 0x40, 0x27, 0x85, 0xc7,
855  0x10, 0xbb, 0x73, 0x70, 0xef, 0x69, 0x18, 0x41,
856  0x07, 0x45, 0x55, 0x7c, 0xf9, 0x64, 0x3f, 0x3d,
857  0x2c, 0xc3, 0xa9, 0x7c, 0xeb, 0x93, 0x1a, 0x4c,
858  0x86, 0xd1, 0xca, 0x85, 0x02, 0x03, 0x01, 0x00,
859  0x01, 0xa3, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01,
860  0xd1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
861  0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x90, 0xaf,
862  0x6a, 0x3a, 0x94, 0x5a, 0x0b, 0xd8, 0x90, 0xea,
863  0x12, 0x56, 0x73, 0xdf, 0x43, 0xb4, 0x3a, 0x28,
864  0xda, 0xe7, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
865  0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, 0xee, 0xc1,
866  0x7b, 0x81, 0x0b, 0x3a, 0x47, 0x69, 0x71, 0x18,
867  0x7d, 0x11, 0x37, 0x93, 0xbc, 0xa5, 0x1b, 0x3f,
868  0xfb, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
869  0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
870  0xa0, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
871  0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30,
872  0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16,
873  0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
874  0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
875  0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x4f,
876  0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x48, 0x30,
877  0x46, 0x30, 0x3a, 0x06, 0x0b, 0x2b, 0x06, 0x01,
878  0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x02, 0x07,
879  0x30, 0x2b, 0x30, 0x29, 0x06, 0x08, 0x2b, 0x06,
880  0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1d,
881  0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f,
882  0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x2e, 0x63,
883  0x6f, 0x6d, 0x6f, 0x64, 0x6f, 0x2e, 0x63, 0x6f,
884  0x6d, 0x2f, 0x43, 0x50, 0x53, 0x30, 0x08, 0x06,
885  0x06, 0x67, 0x81, 0x0c, 0x01, 0x02, 0x01, 0x30,
886  0x54, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x4d,
887  0x30, 0x4b, 0x30, 0x49, 0xa0, 0x47, 0xa0, 0x45,
888  0x86, 0x43, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
889  0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
890  0x6f, 0x64, 0x6f, 0x63, 0x61, 0x2e, 0x63, 0x6f,
891  0x6d, 0x2f, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f,
892  0x52, 0x53, 0x41, 0x44, 0x6f, 0x6d, 0x61, 0x69,
893  0x6e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
894  0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72,
895  0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43,
896  0x41, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x81, 0x85,
897  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
898  0x01, 0x01, 0x04, 0x79, 0x30, 0x77, 0x30, 0x4f,
899  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
900  0x30, 0x02, 0x86, 0x43, 0x68, 0x74, 0x74, 0x70,
901  0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x74, 0x2e, 0x63,
902  0x6f, 0x6d, 0x6f, 0x64, 0x6f, 0x63, 0x61, 0x2e,
903  0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x4f, 0x4d, 0x4f,
904  0x44, 0x4f, 0x52, 0x53, 0x41, 0x44, 0x6f, 0x6d,
905  0x61, 0x69, 0x6e, 0x56, 0x61, 0x6c, 0x69, 0x64,
906  0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63,
907  0x75, 0x72, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
908  0x72, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30,
909  0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
910  0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74,
911  0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70,
912  0x2e, 0x63, 0x6f, 0x6d, 0x6f, 0x64, 0x6f, 0x63,
913  0x61, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x23, 0x06,
914  0x03, 0x55, 0x1d, 0x11, 0x04, 0x1c, 0x30, 0x1a,
915  0x82, 0x0c, 0x2a, 0x2e, 0x62, 0x61, 0x64, 0x73,
916  0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0a,
917  0x62, 0x61, 0x64, 0x73, 0x73, 0x6c, 0x2e, 0x63,
918  0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
919  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
920  0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6a, 0x7a,
921  0xf1, 0xda, 0xff, 0x03, 0x07, 0x72, 0x78, 0xc5,
922  0x66, 0xa1, 0x4f, 0x46, 0x43, 0x0e, 0x5f, 0x14,
923  0x21, 0x8c, 0x75, 0x1a, 0xeb, 0x36, 0xe0, 0x1f,
924  0xa4, 0x10, 0x15, 0xec, 0xda, 0x33, 0x25, 0x7c,
925  0x3b, 0xb5, 0x0a, 0xc7, 0x01, 0x38, 0x3d, 0x27,
926  0xfd, 0x58, 0xd9, 0xcc, 0xea, 0x2d, 0x69, 0x39,
927  0x7c, 0xbe, 0x97, 0xef, 0x0b, 0xd6, 0x0b, 0x58,
928  0xe7, 0x8c, 0x7f, 0xbf, 0xb3, 0x4c, 0x1d, 0xf3,
929  0xb7, 0x90, 0x80, 0xa6, 0x36, 0x7c, 0x14, 0x5b,
930  0xec, 0x07, 0x2d, 0x02, 0x3e, 0x1b, 0x5b, 0x63,
931  0x5b, 0x15, 0xab, 0x00, 0xfa, 0x1f, 0x3b, 0x19,
932  0x2d, 0xdf, 0xe2, 0x23, 0x10, 0x11, 0x07, 0x7e,
933  0x72, 0x7f, 0xe2, 0xbf, 0xb7, 0x00, 0x1b, 0x98,
934  0x2f, 0x2c, 0x3f, 0xce, 0x85, 0x9a, 0x27, 0x8c,
935  0x10, 0x22, 0x08, 0x41, 0x2b, 0x8a, 0x3e, 0x82,
936  0x4e, 0xfc, 0xdd, 0x21, 0xc6, 0x56, 0x74, 0x70,
937  0xa4, 0x34, 0xf2, 0xb1, 0x40, 0x9e, 0x2b, 0x58,
938  0xa2, 0x59, 0x0f, 0x1d, 0x48, 0xef, 0xeb, 0x11,
939  0x3e, 0xc1, 0x4a, 0x9e, 0xbc, 0x65, 0x55, 0x6d,
940  0xc6, 0xa3, 0xef, 0xd5, 0xd4, 0x96, 0xcd, 0xf1,
941  0xae, 0x27, 0xf7, 0xa4, 0x57, 0x14, 0x3c, 0x94,
942  0x41, 0x05, 0x7a, 0x8b, 0xa1, 0x37, 0x47, 0xd7,
943  0xf5, 0x7d, 0xdc, 0xfa, 0xce, 0x6f, 0x31, 0xa2,
944  0xb0, 0x8c, 0xea, 0xcc, 0x12, 0x9b, 0x22, 0xf1,
945  0x34, 0x70, 0xcf, 0x7d, 0x75, 0x4a, 0x8b, 0x68,
946  0x29, 0x0c, 0x1e, 0xe9, 0x96, 0xa8, 0xcf, 0xb0,
947  0x12, 0x1f, 0x5c, 0x2a, 0xee, 0x67, 0x2f, 0x7f,
948  0xbd, 0x73, 0xf3, 0x5a, 0x01, 0x22, 0x0c, 0x70,
949  0xfa, 0xcd, 0x45, 0xef, 0x78, 0x5c, 0xce, 0x0d,
950  0xfa, 0x4e, 0xe1, 0xef, 0xce, 0x65, 0x9f, 0x47,
951  0x0c, 0x4f, 0xbb, 0x36, 0x44, 0x68, 0x56, 0x5c,
952  0x56, 0x59, 0xad, 0xaa, 0x8a, 0xbc,
953  };
954 
955  Flow f;
956  SSLState *ssl_state = NULL;
957  TcpSession ssn;
958  Packet *p1 = NULL;
959  Packet *p2 = NULL;
960  Packet *p3 = NULL;
961  ThreadVars tv;
962  DetectEngineThreadCtx *det_ctx = NULL;
964 
965  memset(&tv, 0, sizeof(ThreadVars));
966  memset(&f, 0, sizeof(Flow));
967  memset(&ssn, 0, sizeof(TcpSession));
968 
969  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
970  "192.168.1.5", "192.168.1.1", 51251, 443);
971  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
972  "192.168.1.1", "192.168.1.5", 443, 51251);
973  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
974  "192.168.1.1", "192.168.1.5", 443, 51251);
975 
976  FLOW_INITIALIZE(&f);
977  f.flags |= FLOW_IPV4;
978  f.proto = IPPROTO_TCP;
980  f.alproto = ALPROTO_TLS;
981 
982  p1->flow = &f;
986  p1->pcap_cnt = 1;
987 
988  p2->flow = &f;
992  p2->pcap_cnt = 2;
993 
994  p3->flow = &f;
998  p3->pcap_cnt = 3;
999 
1000  f.lastts = SCTIME_FROM_SECS(1474978656L); /* 2016-09-27 */
1001 
1002  StreamTcpInitConfig(true);
1003 
1006 
1007  de_ctx->flags |= DE_QUIET;
1008 
1009  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
1010  "(msg:\"Test tls_cert_expired\"; "
1011  "tls_cert_expired; sid:1;)");
1012  FAIL_IF_NULL(s);
1013 
1015  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
1016 
1017  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER,
1018  client_hello, sizeof(client_hello));
1019 
1020  FAIL_IF(r != 0);
1021 
1022  ssl_state = f.alstate;
1023  FAIL_IF_NULL(ssl_state);
1024 
1025  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
1026 
1027  FAIL_IF(PacketAlertCheck(p1, 1));
1028 
1029  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
1030  server_hello, sizeof(server_hello));
1031 
1032  FAIL_IF(r != 0);
1033 
1034  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
1035 
1036  FAIL_IF(PacketAlertCheck(p2, 1));
1037 
1038  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
1039  certificate, sizeof(certificate));
1040 
1041  FAIL_IF(r != 0);
1042 
1043  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
1044 
1045  FAIL_IF_NOT(PacketAlertCheck(p3, 1));
1046 
1048  DetectEngineThreadCtxDeinit(&tv, det_ctx);
1050 
1051  StreamTcpFreeConfig(true);
1052  FLOW_DESTROY(&f);
1053  UTHFreePacket(p1);
1054  UTHFreePacket(p2);
1055  UTHFreePacket(p3);
1056 
1057  PASS;
1058 }
1059 
1060 /**
1061  * \test Test matching on a valid TLS certificate.
1062  *
1063  * \retval 1 on success.
1064  * \retval 0 on failure.
1065  */
1066 static int ValidTestDetect01(void)
1067 {
1068  /* client hello */
1069  uint8_t client_hello[] = {
1070  0x16, 0x03, 0x01, 0x00, 0xc8, 0x01, 0x00, 0x00,
1071  0xc4, 0x03, 0x03, 0xd6, 0x08, 0x5a, 0xa2, 0x86,
1072  0x5b, 0x85, 0xd4, 0x40, 0xab, 0xbe, 0xc0, 0xbc,
1073  0x41, 0xf2, 0x26, 0xf0, 0xfe, 0x21, 0xee, 0x8b,
1074  0x4c, 0x7e, 0x07, 0xc8, 0xec, 0xd2, 0x00, 0x46,
1075  0x4c, 0xeb, 0xb7, 0x00, 0x00, 0x16, 0xc0, 0x2b,
1076  0xc0, 0x2f, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13,
1077  0xc0, 0x14, 0x00, 0x33, 0x00, 0x39, 0x00, 0x2f,
1078  0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x85,
1079  0x00, 0x00, 0x00, 0x12, 0x00, 0x10, 0x00, 0x00,
1080  0x0d, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
1081  0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0xff, 0x01,
1082  0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00,
1083  0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
1084  0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
1085  0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00,
1086  0x29, 0x00, 0x27, 0x05, 0x68, 0x32, 0x2d, 0x31,
1087  0x36, 0x05, 0x68, 0x32, 0x2d, 0x31, 0x35, 0x05,
1088  0x68, 0x32, 0x2d, 0x31, 0x34, 0x02, 0x68, 0x32,
1089  0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e,
1090  0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
1091  0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00,
1092  0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00,
1093  0x14, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02,
1094  0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02,
1095  0x03, 0x04, 0x02, 0x02, 0x02
1096  };
1097 
1098  /* server hello */
1099  uint8_t server_hello[] = {
1100  0x16, 0x03, 0x03, 0x00, 0x48, 0x02, 0x00, 0x00,
1101  0x44, 0x03, 0x03, 0x57, 0x91, 0xb8, 0x63, 0xdd,
1102  0xdb, 0xbb, 0x23, 0xcf, 0x0b, 0x43, 0x02, 0x1d,
1103  0x46, 0x11, 0x27, 0x5c, 0x98, 0xcf, 0x67, 0xe1,
1104  0x94, 0x3d, 0x62, 0x7d, 0x38, 0x48, 0x21, 0x23,
1105  0xa5, 0x62, 0x31, 0x00, 0xc0, 0x2f, 0x00, 0x00,
1106  0x1c, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
1107  0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10,
1108  0x00, 0x05, 0x00, 0x03, 0x02, 0x68, 0x32, 0x00,
1109  0x0b, 0x00, 0x02, 0x01, 0x00
1110  };
1111 
1112  /* certificate */
1113  uint8_t certificate[] = {
1114  0x16, 0x03, 0x03, 0x04, 0x93, 0x0b, 0x00, 0x04,
1115  0x8f, 0x00, 0x04, 0x8c, 0x00, 0x04, 0x89, 0x30,
1116  0x82, 0x04, 0x85, 0x30, 0x82, 0x03, 0x6d, 0xa0,
1117  0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x19,
1118  0xb7, 0xb1, 0x32, 0x3b, 0x1c, 0xa1, 0x30, 0x0d,
1119  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1120  0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x49, 0x31,
1121  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
1122  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
1123  0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47,
1124  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
1125  0x63, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55,
1126  0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67,
1127  0x6c, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
1128  0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68,
1129  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
1130  0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37,
1131  0x31, 0x33, 0x31, 0x33, 0x32, 0x34, 0x35, 0x32,
1132  0x5a, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x30, 0x30,
1133  0x35, 0x31, 0x33, 0x31, 0x36, 0x30, 0x30, 0x5a,
1134  0x30, 0x65, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
1135  0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
1136  0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
1137  0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
1138  0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14,
1139  0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
1140  0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20,
1141  0x56, 0x69, 0x65, 0x77, 0x31, 0x13, 0x30, 0x11,
1142  0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x47,
1143  0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e,
1144  0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
1145  0x04, 0x03, 0x0c, 0x0b, 0x2a, 0x2e, 0x67, 0x6f,
1146  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
1147  0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
1148  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1149  0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
1150  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
1151  0xa5, 0x0a, 0xb9, 0xb1, 0xca, 0x36, 0xd1, 0xae,
1152  0x22, 0x38, 0x07, 0x06, 0xc9, 0x1a, 0x56, 0x4f,
1153  0xbb, 0xdf, 0xa8, 0x6d, 0xbd, 0xee, 0x76, 0x16,
1154  0xbc, 0x53, 0x3c, 0x03, 0x6a, 0x5c, 0x94, 0x50,
1155  0x87, 0x2f, 0x28, 0xb4, 0x4e, 0xd5, 0x9b, 0x8f,
1156  0xfe, 0x02, 0xde, 0x2a, 0x83, 0x01, 0xf9, 0x45,
1157  0x61, 0x0e, 0x66, 0x0e, 0x24, 0x22, 0xe2, 0x59,
1158  0x66, 0x0d, 0xd3, 0xe9, 0x77, 0x8a, 0x7e, 0x42,
1159  0xaa, 0x5a, 0xf9, 0x05, 0xbf, 0x30, 0xc7, 0x03,
1160  0x2b, 0xdc, 0xa6, 0x9c, 0xe0, 0x9f, 0x0d, 0xf1,
1161  0x28, 0x19, 0xf8, 0xf2, 0x02, 0xfa, 0xbd, 0x62,
1162  0xa0, 0xf3, 0x02, 0x2b, 0xcd, 0xf7, 0x09, 0x04,
1163  0x3b, 0x52, 0xd8, 0x65, 0x4b, 0x4a, 0x70, 0xe4,
1164  0x57, 0xc9, 0x2e, 0x2a, 0xf6, 0x9c, 0x6e, 0xd8,
1165  0xde, 0x01, 0x52, 0xc9, 0x6f, 0xe9, 0xef, 0x82,
1166  0xbc, 0x0b, 0x95, 0xb2, 0xef, 0xcb, 0x91, 0xa6,
1167  0x0b, 0x2d, 0x14, 0xc6, 0x00, 0xa9, 0x33, 0x86,
1168  0x64, 0x00, 0xd4, 0x92, 0x19, 0x53, 0x3d, 0xfd,
1169  0xcd, 0xc6, 0x1a, 0xf2, 0x0e, 0x67, 0xc2, 0x1d,
1170  0x2c, 0xe0, 0xe8, 0x29, 0x97, 0x1c, 0xb6, 0xc4,
1171  0xb2, 0x02, 0x0c, 0x83, 0xb8, 0x60, 0x61, 0xf5,
1172  0x61, 0x2d, 0x73, 0x5e, 0x85, 0x4d, 0xbd, 0x0d,
1173  0xe7, 0x1a, 0x37, 0x56, 0x8d, 0xe5, 0x50, 0x0c,
1174  0xc9, 0x64, 0x4c, 0x11, 0xea, 0xf3, 0xcb, 0x26,
1175  0x34, 0xbd, 0x02, 0xf5, 0xc1, 0xfb, 0xa2, 0xec,
1176  0x27, 0xbb, 0x60, 0xbe, 0x0b, 0xf6, 0xe7, 0x3c,
1177  0x2d, 0xc9, 0xe7, 0xb0, 0x30, 0x28, 0x17, 0x3d,
1178  0x90, 0xf1, 0x63, 0x8e, 0x49, 0xf7, 0x15, 0x78,
1179  0x21, 0xcc, 0x45, 0xe6, 0x86, 0xb2, 0xd8, 0xb0,
1180  0x2e, 0x5a, 0xb0, 0x58, 0xd3, 0xb6, 0x11, 0x40,
1181  0xae, 0x81, 0x1f, 0x6b, 0x7a, 0xaf, 0x40, 0x50,
1182  0xf9, 0x2e, 0x81, 0x8b, 0xec, 0x26, 0x11, 0x3f,
1183  0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
1184  0x53, 0x30, 0x82, 0x01, 0x4f, 0x30, 0x1d, 0x06,
1185  0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
1186  0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
1187  0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
1188  0x05, 0x07, 0x03, 0x02, 0x30, 0x21, 0x06, 0x03,
1189  0x55, 0x1d, 0x11, 0x04, 0x1a, 0x30, 0x18, 0x82,
1190  0x0b, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
1191  0x65, 0x2e, 0x6e, 0x6f, 0x82, 0x09, 0x67, 0x6f,
1192  0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x6e, 0x6f, 0x30,
1193  0x68, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
1194  0x07, 0x01, 0x01, 0x04, 0x5c, 0x30, 0x5a, 0x30,
1195  0x2b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
1196  0x07, 0x30, 0x02, 0x86, 0x1f, 0x68, 0x74, 0x74,
1197  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
1198  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
1199  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
1200  0x2e, 0x63, 0x72, 0x74, 0x30, 0x2b, 0x06, 0x08,
1201  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
1202  0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
1203  0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73,
1204  0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
1205  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73,
1206  0x70, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
1207  0x04, 0x16, 0x04, 0x14, 0xc6, 0x53, 0x87, 0x42,
1208  0x2d, 0xc8, 0xee, 0x7a, 0x62, 0x1e, 0x83, 0xdb,
1209  0x0d, 0xe2, 0x32, 0xeb, 0x8b, 0xaf, 0x69, 0x40,
1210  0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
1211  0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1f,
1212  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
1213  0x16, 0x80, 0x14, 0x4a, 0xdd, 0x06, 0x16, 0x1b,
1214  0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6,
1215  0xbb, 0x62, 0x1a, 0xba, 0x5a, 0x81, 0x2f, 0x30,
1216  0x21, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x1a,
1217  0x30, 0x18, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06,
1218  0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x05, 0x01,
1219  0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0c, 0x01,
1220  0x02, 0x02, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d,
1221  0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0,
1222  0x23, 0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74,
1223  0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x6b, 0x69, 0x2e,
1224  0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
1225  0x6f, 0x6d, 0x2f, 0x47, 0x49, 0x41, 0x47, 0x32,
1226  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09,
1227  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1228  0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
1229  0x7b, 0x27, 0x00, 0x46, 0x8f, 0xfd, 0x5b, 0xff,
1230  0xcb, 0x05, 0x9b, 0xf7, 0xf1, 0x68, 0xf6, 0x9a,
1231  0x7b, 0xba, 0x53, 0xdf, 0x63, 0xed, 0x11, 0x94,
1232  0x39, 0xf2, 0xd0, 0x20, 0xcd, 0xa3, 0xc4, 0x98,
1233  0xa5, 0x10, 0x74, 0xe7, 0x10, 0x6d, 0x07, 0xf8,
1234  0x33, 0x87, 0x05, 0x43, 0x0e, 0x64, 0x77, 0x09,
1235  0x18, 0x4f, 0x38, 0x2e, 0x45, 0xae, 0xa8, 0x34,
1236  0x3a, 0xa8, 0x33, 0xac, 0x9d, 0xdd, 0x25, 0x91,
1237  0x59, 0x43, 0xbe, 0x0f, 0x87, 0x16, 0x2f, 0xb5,
1238  0x27, 0xfd, 0xce, 0x2f, 0x35, 0x5d, 0x12, 0xa1,
1239  0x66, 0xac, 0xf7, 0x95, 0x38, 0x0f, 0xe5, 0xb1,
1240  0x18, 0x18, 0xe6, 0x80, 0x52, 0x31, 0x8a, 0x66,
1241  0x02, 0x52, 0x1a, 0xa4, 0x32, 0x6a, 0x61, 0x05,
1242  0xcf, 0x1d, 0xf9, 0x90, 0x73, 0xf0, 0xeb, 0x20,
1243  0x31, 0x7b, 0x2e, 0xc0, 0xb0, 0xfb, 0x5c, 0xcc,
1244  0xdc, 0x76, 0x55, 0x72, 0xaf, 0xb1, 0x05, 0xf4,
1245  0xad, 0xf9, 0xd7, 0x73, 0x5c, 0x2c, 0xbf, 0x0d,
1246  0x84, 0x18, 0x01, 0x1d, 0x4d, 0x08, 0xa9, 0x4e,
1247  0x37, 0xb7, 0x58, 0xc4, 0x05, 0x0e, 0x65, 0x63,
1248  0xd2, 0x88, 0x02, 0xf5, 0x82, 0x17, 0x08, 0xd5,
1249  0x8f, 0x80, 0xc7, 0x82, 0x29, 0xbb, 0xe1, 0x04,
1250  0xbe, 0xf6, 0xe1, 0x8c, 0xbc, 0x3a, 0xf8, 0xf9,
1251  0x56, 0xda, 0xdc, 0x8e, 0xc6, 0xe6, 0x63, 0x98,
1252  0x12, 0x08, 0x41, 0x2c, 0x9d, 0x7c, 0x82, 0x0d,
1253  0x1e, 0xea, 0xba, 0xde, 0x32, 0x09, 0xda, 0x52,
1254  0x24, 0x4f, 0xcc, 0xb6, 0x09, 0x33, 0x8b, 0x00,
1255  0xf9, 0x83, 0xb3, 0xc6, 0xa4, 0x90, 0x49, 0x83,
1256  0x2d, 0x36, 0xd9, 0x11, 0x78, 0xd0, 0x62, 0x9f,
1257  0xc4, 0x8f, 0x84, 0xba, 0x7f, 0xaa, 0x04, 0xf1,
1258  0xd9, 0xa4, 0xad, 0x5d, 0x63, 0xee, 0x72, 0xc6,
1259  0x4d, 0xd1, 0x4b, 0x41, 0x8f, 0x40, 0x0f, 0x7d,
1260  0xcd, 0xb8, 0x2e, 0x5b, 0x6e, 0x21, 0xc9, 0x3d
1261  };
1262 
1263  Flow f;
1264  SSLState *ssl_state = NULL;
1265  TcpSession ssn;
1266  Packet *p1 = NULL;
1267  Packet *p2 = NULL;
1268  Packet *p3 = NULL;
1269  ThreadVars tv;
1270  DetectEngineThreadCtx *det_ctx = NULL;
1272 
1273  memset(&tv, 0, sizeof(ThreadVars));
1274  memset(&f, 0, sizeof(Flow));
1275  memset(&ssn, 0, sizeof(TcpSession));
1276 
1277  p1 = UTHBuildPacketReal(client_hello, sizeof(client_hello), IPPROTO_TCP,
1278  "192.168.1.5", "192.168.1.1", 51251, 443);
1279  p2 = UTHBuildPacketReal(server_hello, sizeof(server_hello), IPPROTO_TCP,
1280  "192.168.1.1", "192.168.1.5", 443, 51251);
1281  p3 = UTHBuildPacketReal(certificate, sizeof(certificate), IPPROTO_TCP,
1282  "192.168.1.1", "192.168.1.5", 443, 51251);
1283 
1284  FLOW_INITIALIZE(&f);
1285  f.flags |= FLOW_IPV4;
1286  f.proto = IPPROTO_TCP;
1288  f.alproto = ALPROTO_TLS;
1289 
1290  p1->flow = &f;
1294  p1->pcap_cnt = 1;
1295 
1296  p2->flow = &f;
1300  p2->pcap_cnt = 2;
1301 
1302  p3->flow = &f;
1306  p3->pcap_cnt = 3;
1307 
1308  f.lastts = SCTIME_FROM_SECS(1474978656L); /* 2016-09-27 */
1309 
1310  StreamTcpInitConfig(true);
1311 
1314 
1315  de_ctx->flags |= DE_QUIET;
1316 
1317  Signature *s = DetectEngineAppendSig(de_ctx, "alert tls any any -> any any "
1318  "(msg:\"Test tls_cert_valid\"; "
1319  "tls_cert_valid; sid:1;)");
1320  FAIL_IF_NULL(s);
1321 
1323  DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
1324 
1325  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER,
1326  client_hello, sizeof(client_hello));
1327 
1328  FAIL_IF(r != 0);
1329 
1330  ssl_state = f.alstate;
1331  FAIL_IF_NULL(ssl_state);
1332 
1333  SigMatchSignatures(&tv, de_ctx, det_ctx, p1);
1334 
1335  FAIL_IF(PacketAlertCheck(p1, 1));
1336 
1337  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
1338  server_hello, sizeof(server_hello));
1339 
1340  FAIL_IF(r != 0);
1341 
1342  SigMatchSignatures(&tv, de_ctx, det_ctx, p2);
1343 
1344  FAIL_IF(PacketAlertCheck(p2, 1));
1345 
1346  r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
1347  certificate, sizeof(certificate));
1348 
1349  FAIL_IF(r != 0);
1350 
1351  SigMatchSignatures(&tv, de_ctx, det_ctx, p3);
1352 
1353  FAIL_IF_NOT(PacketAlertCheck(p3, 1));
1354 
1356  DetectEngineThreadCtxDeinit(&tv, det_ctx);
1358 
1359  StreamTcpFreeConfig(true);
1360  FLOW_DESTROY(&f);
1361  UTHFreePacket(p1);
1362  UTHFreePacket(p2);
1363  UTHFreePacket(p3);
1364 
1365  PASS;
1366 }
1367 
1368 /**
1369  * \brief Register unit tests for tls_cert_notbefore.
1370  */
1372 {
1373  UtRegisterTest("ValidityTestParse01", ValidityTestParse01);
1374  UtRegisterTest("ValidityTestParse03", ValidityTestParse03);
1375  UtRegisterTest("ValidityTestParse05", ValidityTestParse05);
1376  UtRegisterTest("ValidityTestParse07", ValidityTestParse07);
1377  UtRegisterTest("ValidityTestParse09", ValidityTestParse09);
1378  UtRegisterTest("ValidityTestParse11", ValidityTestParse11);
1379  UtRegisterTest("ValidityTestParse13", ValidityTestParse13);
1380  UtRegisterTest("ValidityTestParse15", ValidityTestParse15);
1381  UtRegisterTest("ValidityTestParse17", ValidityTestParse17);
1382  UtRegisterTest("ValidityTestParse19", ValidityTestParse19);
1383  UtRegisterTest("ValidityTestParse21", ValidityTestParse21);
1384  UtRegisterTest("ValidityTestParse23", ValidityTestParse23);
1385  UtRegisterTest("ValidityTestParse24", ValidityTestParse24);
1386  UtRegisterTest("ValidityTestParse25", ValidityTestParse25);
1387  UtRegisterTest("ValidityTestDetect01", ValidityTestDetect01);
1388 }
1389 
1390 /**
1391  * \brief Register unit tests for tls_cert_notafter.
1392  */
1394 {
1395  UtRegisterTest("ValidityTestParse02", ValidityTestParse02);
1396  UtRegisterTest("ValidityTestParse04", ValidityTestParse04);
1397  UtRegisterTest("ValidityTestParse06", ValidityTestParse06);
1398  UtRegisterTest("ValidityTestParse08", ValidityTestParse08);
1399  UtRegisterTest("ValidityTestParse10", ValidityTestParse10);
1400  UtRegisterTest("ValidityTestParse12", ValidityTestParse12);
1401  UtRegisterTest("ValidityTestParse14", ValidityTestParse14);
1402  UtRegisterTest("ValidityTestParse16", ValidityTestParse16);
1403  UtRegisterTest("ValidityTestParse18", ValidityTestParse18);
1404  UtRegisterTest("ValidityTestParse20", ValidityTestParse20);
1405  UtRegisterTest("ValidityTestParse22", ValidityTestParse22);
1406 }
1407 
1408 /**
1409  * \brief Register unit tests for tls_cert_expired
1410  */
1412 {
1413  UtRegisterTest("ExpiredTestDetect01", ExpiredTestDetect01);
1414 }
1415 
1416 /**
1417  * \brief Register unit tests for tls_cert_valid
1418  */
1420 {
1421  UtRegisterTest("ValidTestDetect01", ValidTestDetect01);
1422 }
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:296
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
PKT_HAS_FLOW
#define PKT_HAS_FLOW
Definition: decode.h:1273
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
DETECT_TLS_VALIDITY_EQ
#define DETECT_TLS_VALIDITY_EQ
Definition: detect-tls-cert-validity.h:27
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:601
TlsNotBeforeRegisterTests
void TlsNotBeforeRegisterTests(void)
Register unit tests for tls_cert_notbefore.
Definition: detect-tls-cert-validity.c:1371
Flow_::proto
uint8_t proto
Definition: flow.h:378
TlsNotAfterRegisterTests
void TlsNotAfterRegisterTests(void)
Register unit tests for tls_cert_notafter.
Definition: detect-tls-cert-validity.c:1393
PacketAlertCheck
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:141
Packet_::flags
uint32_t flags
Definition: decode.h:516
Flow_
Flow data structure.
Definition: flow.h:356
Flow_::protomap
uint8_t protomap
Definition: flow.h:450
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:841
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2597
DETECT_TLS_VALIDITY_RA
#define DETECT_TLS_VALIDITY_RA
Definition: detect-tls-cert-validity.h:30
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition: app-layer-parser.c:300
FLOW_PKT_TOSERVER
#define FLOW_PKT_TOSERVER
Definition: flow.h:232
DE_QUIET
#define DE_QUIET
Definition: detect.h:323
SigMatchSignatures
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Definition: detect.c:1938
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2587
Packet_::flowflags
uint8_t flowflags
Definition: decode.h:510
UTHBuildPacketReal
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
Definition: util-unittest-helper.c:260
FLOW_IPV4
#define FLOW_IPV4
Definition: flow.h:99
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
SCTIME_FROM_SECS
#define SCTIME_FROM_SECS(s)
Definition: util-time.h:69
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:461
FLOW_INITIALIZE
#define FLOW_INITIALIZE(f)
Definition: flow-util.h:38
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1093
Flow_::lastts
SCTime_t lastts
Definition: flow.h:415
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition: fuzz_applayerparserparse.c:22
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
DetectTlsValidityData_
Definition: detect-tls-cert-validity.h:41
DetectTlsValidityData_::mode
uint8_t mode
Definition: detect-tls-cert-validity.h:44
app-layer-parser.h
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:97
Packet_
Definition: decode.h:479
detect-engine-build.h
detect-engine-alert.h
FLOW_PKT_TOCLIENT
#define FLOW_PKT_TOCLIENT
Definition: flow.h:233
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2161
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition: app-layer-parser.c:279
Packet_::flow
struct Flow_ * flow
Definition: decode.h:518
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:3323
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:792
DETECT_TLS_VALIDITY_LT
#define DETECT_TLS_VALIDITY_LT
Definition: detect-tls-cert-validity.h:28
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition: app-layer-parser.c:1265
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:3550
DetectTlsValidityData_::epoch2
time_t epoch2
Definition: detect-tls-cert-validity.h:43
DETECT_TLS_VALIDITY_GT
#define DETECT_TLS_VALIDITY_GT
Definition: detect-tls-cert-validity.h:29
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
UTHFreePacket
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
Definition: util-unittest-helper.c:467
Flow_::alstate
void * alstate
Definition: flow.h:481
TlsValidRegisterTests
void TlsValidRegisterTests(void)
Register unit tests for tls_cert_valid.
Definition: detect-tls-cert-validity.c:1419
Flow_::flags
uint32_t flags
Definition: flow.h:426
DetectTlsValidityData_::epoch
time_t epoch
Definition: detect-tls-cert-validity.h:42
Signature_
Signature container.
Definition: detect.h:601
FLOW_PKT_ESTABLISHED
#define FLOW_PKT_ESTABLISHED
Definition: flow.h:234
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2558
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:843
AppLayerParserThreadCtx_
Definition: app-layer-parser.c:58
TcpSession_
Definition: stream-tcp-private.h:283
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:455
FLOW_DESTROY
#define FLOW_DESTROY(f)
Definition: flow-util.h:121
TlsExpiredRegisterTests
void TlsExpiredRegisterTests(void)
Register unit tests for tls_cert_expired.
Definition: detect-tls-cert-validity.c:1411
PKT_STREAM_EST
#define PKT_STREAM_EST
Definition: decode.h:1270