From Ivan Sy:

Add a more descriptive log message on DH key exchange. svn path=/trunk/; revision=29825
author: Jaap Keuter <jaap.keuter@xs4all.nl> 2009-09-09 19:09:57 +0000
committer: Jaap Keuter <jaap.keuter@xs4all.nl> 2009-09-09 19:09:57 +0000
commit: 564eff837f4341c497649c1f094e79fc662a56d4 (patch)
tree: aa840c9a3732d6e776f3d4b15e9d5127f0e5b820 /epan/dissectors/packet-ssl-utils.c
parent: 0fb1a3eca3f4707f5d6a46dd6f8864c96212116b (diff)
download: wireshark-564eff837f4341c497649c1f094e79fc662a56d4.tar.gz
1 files changed, 7 insertions, 3 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 599045def0..a0781e4794 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -1801,10 +1801,14 @@ ssl_decrypt_pre_master_secret(SslDecryptSession*ssl_session,
 {
     gint i;
 
-    if(ssl_session->cipher_suite.kex!=KEX_RSA) {
-        ssl_debug_printf("ssl_decrypt_pre_master_secret key %d different from KEX_RSA(%d)\n",
+    if(ssl_session->cipher_suite.kex == KEX_DH) {
+        ssl_debug_printf("ssl_decrypt_pre_master_secret session uses DH (%d) key exchange, which is impossible to decrypt\n",
+            KEX_DH);
+        return -1;
+    } else if(ssl_session->cipher_suite.kex != KEX_RSA) {
+         ssl_debug_printf("ssl_decrypt_pre_master_secret key exchange %d different from KEX_RSA (%d)\n",
             ssl_session->cipher_suite.kex, KEX_RSA);
-        return(-1);
+        return -1;
     }
 
     /* with tls key loading will fail if not rsa type, so no need to check*/
author	Jaap Keuter <jaap.keuter@xs4all.nl>	2009-09-09 19:09:57 +0000
committer	Jaap Keuter <jaap.keuter@xs4all.nl>	2009-09-09 19:09:57 +0000
commit	564eff837f4341c497649c1f094e79fc662a56d4 (patch)
tree	aa840c9a3732d6e776f3d4b15e9d5127f0e5b820 /epan/dissectors/packet-ssl-utils.c
parent	0fb1a3eca3f4707f5d6a46dd6f8864c96212116b (diff)
download	wireshark-564eff837f4341c497649c1f094e79fc662a56d4.tar.gz