From b3fddf3bfae1c84fd71ce400141d8aca714ad96c Mon Sep 17 00:00:00 2001
From: Zied Aouini <aouinizied@gmail.com>
Date: Tue, 18 Feb 2020 20:21:12 +0100
Subject: [PATCH] Fix client/server SSL fields.

---
 nfstream/plugin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nfstream/plugin.py b/nfstream/plugin.py
index bdfabff..bf61902 100644
--- a/nfstream/plugin.py
+++ b/nfstream/plugin.py
@@ -221,8 +221,8 @@ def update_ndpi_infos(entry, ndpi_flow, ndpi_protocol, ndpi):
         entry.client_info = ndpi.get_str_field(ndpi_flow.protos.ssh.client_signature)
         entry.server_info = ndpi.get_str_field(ndpi_flow.protos.ssh.server_signature)
     elif is_ndpi_proto(entry, 91) or ndpi.get_str_field(ndpi_flow.protos.stun_ssl.ssl.ja3_client) != '':  # TLS
-        entry.client_info = ndpi.get_str_field(ndpi_flow.protos.stun_ssl.ssl.client_certificate)
-        entry.server_info = ndpi.get_str_field(ndpi_flow.protos.stun_ssl.ssl.server_certificate)
+        entry.client_info = ndpi.get_str_field(ndpi_flow.protos.stun_ssl.ssl.client_requested_server_name)
+        entry.server_info = ndpi.get_str_field(ndpi_flow.protos.stun_ssl.ssl.server_names)
         entry.j3a_client = ndpi.get_str_field(ndpi_flow.protos.stun_ssl.ssl.ja3_client)
         entry.j3a_server = ndpi.get_str_field(ndpi_flow.protos.stun_ssl.ssl.ja3_server)
     else: