tls: fix connection encrypted flags #117

From now on connection is considered encrypted only when sngrep
captures change_cipher_spec message and has both client and server
cipher contexts.

Before gathering all that information, all application_data messages
will be ignored.
This commit is contained in:
Kaian 2016-05-04 20:40:26 +02:00
parent 19af2ac5cb
commit 2b6ca86f72
2 changed files with 4 additions and 2 deletions

View File

@ -393,7 +393,8 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
break;
case change_cipher_spec:
// From now on, this connection will be encrypted using MasterSecret
conn->encrypted = 1;
if (conn->client_cipher_ctx.cipher && conn->server_cipher_ctx.cipher)
conn->encrypted = 1;
break;
case application_data:
if (conn->encrypted) {

View File

@ -366,7 +366,8 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
break;
case change_cipher_spec:
// From now on, this connection will be encrypted using MasterSecret
conn->encrypted = 1;
if (conn->client_cipher_ctx.cipher && conn->server_cipher_ctx.cipher)
conn->encrypted = 1;
break;
case application_data:
if (conn->encrypted) {