From Marc Petit-Huguenin:
- Removed directResponseForwarding.
- The certificate_type enum is now defined as RFC 6091's CertificateType
so moved the definition to packet-ssl-utils.[ch].
- Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER
Kinds.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967
svn path=/trunk/; revision=37452
This patch adds support for getting the pre-master secret of a TLS
connection from a log file. Currently Wireshark can decrypt and TLS
connection only if it has the server's private key.
I commonly have a use case where I control the TLS client, but not the
server. In order to decrypt in this case, I've added support to NSS
(used by Chrome and Firefox) to log the keys to a file on disk:
https://bugzilla.mozilla.org/show_bug.cgi?id=536474
Given this file, Wireshark can then decrypt the resulting TLS connections.
The format is such that Wireshark opens and linearly scans the file each
time it sees a ClientKeyExchange. If the key log grows too large, this
is pretty inefficient. However, it's simple and the number of
interesting TLS connections when debugging is usually very small.
svn path=/trunk/; revision=36876
- Support for DTLS and SSL RSA keys list using User Accessible Table
- Support for IPv6 SSL as posted by bug#3343 comment#1
- 'any' and 'anyipv4' for IPv4 wildcard
- 'anyipv6' for IPv6 wildcard
- UAT fields validation.
From me:
- Update paramaters to match UAT API changes.
- Change the UAT filename.
- Fix buffer overflow for IPv6 addresses.
- Allow the use of hostnames along with numeric addresses.
- Don't convert strings to addresses twice.
- Don't use the same variable name for different data types.
- Make "any" mean "any IPv4 or any IPv6".
- Bend the concept of obsolete preferences slightly so that we can convert
and old-style key list to a UAT.
- Clean up whitespace.
- Don't point to a User's Guide section for now; it may make more sense to
keep using the wiki page.
SSL dissector changes have been tested. DTLS dissector changes have not.
svn path=/trunk/; revision=36875
for GNUTLS since they provide 32-bit and 64-bit Windows packages. We no
longer have winposixtype.h, so remove its #includes and add a ssize_t
typedef to config.h.win32.
svn path=/trunk/; revision=31341
- the StringInfo allocator may fail when a 0 data length is requested
- many wrong values into the cipher_suites table
- duplicated code for ssl session state checking before each
ssl_generate_keyring_material() call
- missing initialization of 'server_data_for_iv.data_len' and
'client_data_for_iv.data_len' in ssl_session_init()
From Jaap Keuter:
- Some code rationalisation
- Gammatical/factual corrections in output and comments
- Whitespace cleanup
svn path=/trunk/; revision=25684
- add ability to read server private key from encrypted PKCS#12 file
- use 0.0.0.0|any|ANY as a wildcard IP address (e.g. if one certificate is used in more servers)
svn path=/trunk/; revision=23995
This patch updates the DTLS dissector to be compatible with OpenSSL 0.9.8f in
the following ways:
* Handle both SSL version number 0xfeff (RFC 4347 and OpenSSL 0.9.8f), and
0x100 (Used by OpenSSL 0.9.8e and earlier)
* Reassemble fragmented handshake messages.
svn path=/trunk/; revision=23369
most have been tagged unused (few have been deleted if dissector has not been
modified since a long time)
move packet-ssl-utils.c to DISSECTOR_SRC
svn path=/trunk/; revision=21431
now that it is no longer a static variable in packet-ssl-utils.h.
Leaving it as static caused a warning turned error that it was unused
in the current file (packet-ssl-utils.h). Resolution: Move the variable
to packet-ssl.c and declare as extern in packet-dtls.c - the only other
place that needs it.
svn path=/trunk/; revision=21161
authesserre samuel <sauthess@gmail.com> kindly pointed out an issue with session renegotiation in the current ssl decryption code.
Encrypted handshake message are decrypted, but the dissector try to interpret the encrypted code. Renegotiation messages are therefore ignored. The attached pcap trace and key can be used to trigger the issue.
The attached patch fix the problem storing the decrypted version of encrypted handshake message and dissecting it when available. The patch also fix bad issue with des cipher (alike the issue fixed in my previous post)
svn path=/trunk/; revision=18081
The attached patch cleanup the debug infrastructure for ssl dissector.
Debug messages are by default off and can be enabled via the ssl
dissector preference. Debug output can be directed to stderr or file.
svn path=/trunk/; revision=17253
>There is still an issue into the HAVE_LIBGNUTLS macro definition. I'm
>fixing it and cleaning a bit the windows side configuration. I hope to
>post soon the fix.
The attached patch should fix the issue. I missed to modify the
config.win32 file and I misstyped a few macros name.
svn path=/trunk/; revision=17200
Set up to build on Windows if we have GNU TLS.
Define "ssl_data_set()" regardless of whether we have GNU TLS or
not, as it's used in either case.
Get rid of an extra #include of epan/gnuc_format_check.h.
svn path=/trunk/; revision=17177