From Marc Petit-Huguenin:
- Removed directResponseForwarding.
- The certificate_type enum is now defined as RFC 6091's CertificateType
so moved the definition to packet-ssl-utils.[ch].
- Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER
Kinds.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967
svn path=/trunk/; revision=37452
Fix compilation if we HAVE_LIBGNUTLS but we do not HAVE_LIBGCRYPT. (The
former can be built using libnettle instead of the latter.)
svn path=/trunk/; revision=37102
5. A guaranteed null pointer access violation is fixed in packet-ssl-utils.c
when DTLS succeeded in dissecting its payload.
svn path=/trunk/; revision=37058
This patch adds support for getting the pre-master secret of a TLS
connection from a log file. Currently Wireshark can decrypt and TLS
connection only if it has the server's private key.
I commonly have a use case where I control the TLS client, but not the
server. In order to decrypt in this case, I've added support to NSS
(used by Chrome and Firefox) to log the keys to a file on disk:
https://bugzilla.mozilla.org/show_bug.cgi?id=536474
Given this file, Wireshark can then decrypt the resulting TLS connections.
The format is such that Wireshark opens and linearly scans the file each
time it sees a ClientKeyExchange. If the key log grows too large, this
is pretty inefficient. However, it's simple and the number of
interesting TLS connections when debugging is usually very small.
svn path=/trunk/; revision=36876
- Support for DTLS and SSL RSA keys list using User Accessible Table
- Support for IPv6 SSL as posted by bug#3343 comment#1
- 'any' and 'anyipv4' for IPv4 wildcard
- 'anyipv6' for IPv6 wildcard
- UAT fields validation.
From me:
- Update paramaters to match UAT API changes.
- Change the UAT filename.
- Fix buffer overflow for IPv6 addresses.
- Allow the use of hostnames along with numeric addresses.
- Don't convert strings to addresses twice.
- Don't use the same variable name for different data types.
- Make "any" mean "any IPv4 or any IPv6".
- Bend the concept of obsolete preferences slightly so that we can convert
and old-style key list to a UAT.
- Clean up whitespace.
- Don't point to a User's Guide section for now; it may make more sense to
keep using the wiki page.
SSL dissector changes have been tested. DTLS dissector changes have not.
svn path=/trunk/; revision=36875
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Don't pass a NULL pointer to a string to ssl_debug_printf() (which eventually
calls vfprintf()): Solaris doesn't like it when you do that.
svn path=/trunk/; revision=34386
for GNUTLS since they provide 32-bit and 64-bit Windows packages. We no
longer have winposixtype.h, so remove its #includes and add a ssize_t
typedef to config.h.win32.
svn path=/trunk/; revision=31341
1) This indicates that the string has ephemeral lifetime
2) More consistent with its existing seasonal counterpart, se_address_to_str().
svn path=/trunk/; revision=29747
Fix a final eth_fopen -> ws_fopen
When configuring with --without-zlib these functions need to have some parameters tagged _U_
svn path=/trunk/; revision=26212