Added check if SSL connection ids exist to prevent exceptions in zeek

[blightzero]

When JA4 and JA4s scripts respectively were run they would sometimes create exceptions like this:

JA4s:

1709820249.822994 error in /opt/zeek/share/zeek/site/./ja4/./ja4s/./main.zeek, line 163: connection ID not a known connection (lookup_connection(FINGERPRINT::JA4S::rec$id) and [orig_h=x.x.x.x, orig_p=56810/tcp, resp_h=x.x.x.x, resp_p=443/tcp])

JA4:

error in /opt/zeek/share/zeek/site/./ja4/./ja4/./main.zeek, line 205: connection ID not a known connection (lookup_connection(FINGERPRINT::JA4::rec$id) and [orig_h=x.x.x.x, orig_p=x/tcp, resp_h=x.x.x.x, resp_p=x/tcp])

This patch first checks if the connection ID exists and then does the lookup, thus avoiding the exception output.

[john-althouse]

Thanks! We're looking into a more elegant solution to this problem that wont cause any data loss. Will keep you updated.

[J0eJ0h]

I added logic to make sure the information is available on the SSL::Info at time of logging to connection state remove in https://github.com/FoxIO-LLC/ja4/pull/88

[john-althouse]

Merged #88 which solves this issue as well. Thanks for bringing it to our attention!!