Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Add SSL segment data and SSL reassmebled data fields and improve readability of the hex/ASCII data blocks written to the SSL debug log
svn path=/trunk/; revision=46572
This patch will print the information if an
invalid string was entered. It would be better to have a button to click on in
the UAT dialog to show valid values, but I don't know how I could do that with
the UAT system. So I'm simply printing it now in the error dialog, which should
be good enough.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7949
svn path=/trunk/; revision=45866
Replace the last instance of gnutls_datum with gnutls_datum_t. The former
is deprecated, and the latter is already being used elsewhere in the file.
svn path=/trunk/; revision=44611
double-free bug triggered by using the "any" address wildcard.
Use g_malloc0 instead of zeroing elements by hand. Check for SSL_FAST
the same way everywhere.
svn path=/trunk/; revision=40365
Enable decryption of TLS 1.2.
Add some cipher suites from RFC5246 and RFC5289.
Fixed a bug in the handling of stream cipher.
(The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688
svn path=/trunk/; revision=40273
From Marc Petit-Huguenin:
- Removed directResponseForwarding.
- The certificate_type enum is now defined as RFC 6091's CertificateType
so moved the definition to packet-ssl-utils.[ch].
- Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER
Kinds.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967
svn path=/trunk/; revision=37452
Fix compilation if we HAVE_LIBGNUTLS but we do not HAVE_LIBGCRYPT. (The
former can be built using libnettle instead of the latter.)
svn path=/trunk/; revision=37102
5. A guaranteed null pointer access violation is fixed in packet-ssl-utils.c
when DTLS succeeded in dissecting its payload.
svn path=/trunk/; revision=37058
This patch adds support for getting the pre-master secret of a TLS
connection from a log file. Currently Wireshark can decrypt and TLS
connection only if it has the server's private key.
I commonly have a use case where I control the TLS client, but not the
server. In order to decrypt in this case, I've added support to NSS
(used by Chrome and Firefox) to log the keys to a file on disk:
https://bugzilla.mozilla.org/show_bug.cgi?id=536474
Given this file, Wireshark can then decrypt the resulting TLS connections.
The format is such that Wireshark opens and linearly scans the file each
time it sees a ClientKeyExchange. If the key log grows too large, this
is pretty inefficient. However, it's simple and the number of
interesting TLS connections when debugging is usually very small.
svn path=/trunk/; revision=36876
- Support for DTLS and SSL RSA keys list using User Accessible Table
- Support for IPv6 SSL as posted by bug#3343 comment#1
- 'any' and 'anyipv4' for IPv4 wildcard
- 'anyipv6' for IPv6 wildcard
- UAT fields validation.
From me:
- Update paramaters to match UAT API changes.
- Change the UAT filename.
- Fix buffer overflow for IPv6 addresses.
- Allow the use of hostnames along with numeric addresses.
- Don't convert strings to addresses twice.
- Don't use the same variable name for different data types.
- Make "any" mean "any IPv4 or any IPv6".
- Bend the concept of obsolete preferences slightly so that we can convert
and old-style key list to a UAT.
- Clean up whitespace.
- Don't point to a User's Guide section for now; it may make more sense to
keep using the wiki page.
SSL dissector changes have been tested. DTLS dissector changes have not.
svn path=/trunk/; revision=36875
Jaap Keuter