diff options
author | Peter Wu <peter@lekensteyn.nl> | 2015-01-29 00:15:43 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2015-01-29 00:15:43 +0100 |
commit | 0d0b245d2632a5ff5ab327d62dbe2a4f78e9e564 (patch) | |
tree | 2451aee2f57683d289b268789d7da144b8ab0e8f /src/sslkeylog.c | |
parent | 768ee4b69ac8e83b37b1e22a90c7cb6da5796720 (diff) | |
download | wireshark-notes-0d0b245d2632a5ff5ab327d62dbe2a4f78e9e564.tar.gz |
sslkeylog: continue after failed handshake, reject SSLv2
Try to dump as many keys as possible, even if a fatal alert occurred.
Wireshark does not support SSLv2, so check that a successful connection
does not use SSLv2 before dumping keys (this fixes a crash).
Diffstat (limited to 'src/sslkeylog.c')
-rw-r--r-- | src/sslkeylog.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/sslkeylog.c b/src/sslkeylog.c index 861c314..0d09b5d 100644 --- a/src/sslkeylog.c +++ b/src/sslkeylog.c @@ -78,7 +78,10 @@ int SSL_connect(SSL *ssl) _SSL_connect = (int (*)(SSL *ssl)) dlsym(RTLD_NEXT, "SSL_connect"); } int ret = _SSL_connect(ssl); - if (ret >= 0) { + /* SSLv2 is not supported (Wireshark does not support it either). Write the + * logfile when the master key is available for SSLv3/TLSv1. */ + if (ssl->s3 != NULL && + ssl->session != NULL && ssl->session->master_key_length > 0) { init_keylog_file(); if (keylog_file_fd >= 0) { dump_to_fd(ssl, keylog_file_fd); |