sslkeylog: continue after failed handshake, reject SSLv2

Try to dump as many keys as possible, even if a fatal alert occurred. Wireshark does not support SSLv2, so check that a successful connection does not use SSLv2 before dumping keys (this fixes a crash).
author: Peter Wu <peter@lekensteyn.nl> 2015-01-29 00:15:43 +0100
committer: Peter Wu <peter@lekensteyn.nl> 2015-01-29 00:15:43 +0100
commit: 0d0b245d2632a5ff5ab327d62dbe2a4f78e9e564 (patch)
tree: 2451aee2f57683d289b268789d7da144b8ab0e8f /src/sslkeylog.c
parent: 768ee4b69ac8e83b37b1e22a90c7cb6da5796720 (diff)
download: wireshark-notes-0d0b245d2632a5ff5ab327d62dbe2a4f78e9e564.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/sslkeylog.c b/src/sslkeylog.c
index 861c314..0d09b5d 100644
--- a/src/sslkeylog.c
+++ b/src/sslkeylog.c
@@ -78,7 +78,10 @@ int SSL_connect(SSL *ssl)
         _SSL_connect = (int (*)(SSL *ssl)) dlsym(RTLD_NEXT, "SSL_connect");
     }
     int ret = _SSL_connect(ssl);
-    if (ret >= 0) {
+    /* SSLv2 is not supported (Wireshark does not support it either). Write the
+     * logfile when the master key is available for SSLv3/TLSv1. */
+    if (ssl->s3 != NULL &&
+        ssl->session != NULL && ssl->session->master_key_length > 0) {
         init_keylog_file();
         if (keylog_file_fd >= 0) {
             dump_to_fd(ssl, keylog_file_fd);
author	Peter Wu <peter@lekensteyn.nl>	2015-01-29 00:15:43 +0100
committer	Peter Wu <peter@lekensteyn.nl>	2015-01-29 00:15:43 +0100
commit	0d0b245d2632a5ff5ab327d62dbe2a4f78e9e564 (patch)
tree	2451aee2f57683d289b268789d7da144b8ab0e8f /src/sslkeylog.c
parent	768ee4b69ac8e83b37b1e22a90c7cb6da5796720 (diff)
download	wireshark-notes-0d0b245d2632a5ff5ab327d62dbe2a4f78e9e564.tar.gz