summaryrefslogtreecommitdiff
path: root/epan/dissectors/packet-ssl-utils.c
AgeCommit message (Collapse)AuthorFilesLines
2012-03-08From Robin Seggelmann: Add support for the New Session TicketMichael Tüxen1-0/+1
message according to RFC 5077. svn path=/trunk/; revision=41427
2012-02-29Fix some Dead Store (Dead assignement/Dead increment) Warning found by ClangAlexis La Goutte1-11/+9
svn path=/trunk/; revision=41244
2012-02-27Error: Found deprecated APIs in packet-ssl-utils.c: dissector_addAnders Broman1-1/+1
svn path=/trunk/; revision=41203
2012-02-26From Robin Seggelmann: Add support for RFC 6520.Michael Tüxen1-4/+20
From me: Some cleanup Initial work was done by Denis Jaeger and Lukas Scharlau, but the code got rewritten by Robin. svn path=/trunk/; revision=41189
2012-02-16From Naoyoshi Ueda:Anders Broman1-19/+20
Patch to fix DTLS decryption. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6847 svn path=/trunk/; revision=41036
2012-01-30From Andreas Heise:Anders Broman1-2/+2
Remove a debug line. svn path=/trunk/; revision=40774
2012-01-28From Andreas Heise:Anders Broman1-7/+33
option ssl_ignore_mac_failed. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6748 svn path=/trunk/; revision=40752
2012-01-28From Michael:Anders Broman1-0/+202
Enhance SSL Key Exchange dissection. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6716 svn path=/trunk/; revision=40748
2012-01-04Make sure each value in a GHashTable is unique. This avoids aGerald Combs1-24/+19
double-free bug triggered by using the "any" address wildcard. Use g_malloc0 instead of zeroing elements by hand. Check for SSL_FAST the same way everywhere. svn path=/trunk/; revision=40365
2011-12-22From Naoyoshi Ueda:Anders Broman1-17/+87
Enable decryption of TLS 1.2. Add some cipher suites from RFC5246 and RFC5289. Fixed a bug in the handling of stream cipher. (The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688 svn path=/trunk/; revision=40273
2011-12-16Fix tvb memory leak; Add missing call to add_new_data_source();Bill Meier1-15/+13
Also: remove unneeded #includes. svn path=/trunk/; revision=40221
2011-09-21Fix vi "modeline" so it works;Bill Meier1-1/+1
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5748 svn path=/trunk/; revision=39074
2011-09-20From Dirk via bug 6361:Stig Bjørlykke1-10/+7
Use File/Directory Dialog as a field type for UAT preferences. svn path=/trunk/; revision=39059
2011-09-19Close fp before checking if private_key is NULL to avoid memory leak. Fixes ↵Chris Maynard1-5/+5
Coverity 597. svn path=/trunk/; revision=39049
2011-06-23From Andrey Kulikov:Jaap Keuter1-0/+5
Patch to show GOST certificate types in CertificateRequest message. svn path=/trunk/; revision=37776
2011-06-23From Andrey Kulikov:Jaap Keuter1-0/+5
Patch to TLS dissector to show GOST ciphesuites names. svn path=/trunk/; revision=37775
2011-06-20Fix some gcc 4.6 "set but not used [-Wunused-but-set-variable]" warnings;Bill Meier1-2/+2
(Code commented out since it may be required in the future (at least in some cases). svn path=/trunk/; revision=37723
2011-05-29- Added new SignatureIdentity values.Anders Broman1-0/+7
From Marc Petit-Huguenin: - Removed directResponseForwarding. - The certificate_type enum is now defined as RFC 6091's CertificateType so moved the definition to packet-ssl-utils.[ch]. - Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER Kinds. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967 svn path=/trunk/; revision=37452
2011-05-28Add "File -> Export -> SSL Session Keys..." to be able to save the keyring ↵Sake Blok1-1/+1
info for each session in the trace file. This makes it possible to give someone the trace and the exported keys so that they can decrypt the traffic in the trace, but not new sessions to the same server. (See also: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444) svn path=/trunk/; revision=37446
2011-05-25Extended the SSL key log import routine to be able to read the following format:Sake Blok1-36/+97
RSA Session-ID:xxxx Master-Key:xxxx This makes it easy to use the "openssl s_client" output for decryption (see: http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id) It also paves the way for exporting SSL keyring material. See also the enhancement request in: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444 svn path=/trunk/; revision=37401
2011-05-12From Richard Brodie via ↵Jeff Morriss1-2/+2
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5800 : Fix compilation if we HAVE_LIBGNUTLS but we do not HAVE_LIBGCRYPT. (The former can be built using libnettle instead of the latter.) svn path=/trunk/; revision=37102
2011-05-11From Michael Chen via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5863 :Jeff Morriss1-5/+7
5. A guaranteed null pointer access violation is fixed in packet-ssl-utils.c when DTLS succeeded in dissecting its payload. svn path=/trunk/; revision=37058
2011-05-04Cleanup: g_malloc can't return NULL, remove checks for them.Jakub Zawadzki1-4/+0
XXX, should this code use g_try_malloc instead? svn path=/trunk/; revision=36988
2011-04-26From Adam Langley via bug 4349:Gerald Combs1-0/+101
This patch adds support for getting the pre-master secret of a TLS connection from a log file. Currently Wireshark can decrypt and TLS connection only if it has the server's private key. I commonly have a use case where I control the TLS client, but not the server. In order to decrypt in this case, I've added support to NSS (used by Chrome and Firefox) to log the keys to a file on disk: https://bugzilla.mozilla.org/show_bug.cgi?id=536474 Given this file, Wireshark can then decrypt the resulting TLS connections. The format is such that Wireshark opens and linearly scans the file each time it sees a ClientKeyExchange. If the key log grows too large, this is pretty inefficient. However, it's simple and the number of interesting TLS connections when debugging is usually very small. svn path=/trunk/; revision=36876
2011-04-26From Ivan Sy via bug 3343:Gerald Combs1-130/+185
- Support for DTLS and SSL RSA keys list using User Accessible Table - Support for IPv6 SSL as posted by bug#3343 comment#1 - 'any' and 'anyipv4' for IPv4 wildcard - 'anyipv6' for IPv6 wildcard - UAT fields validation. From me: - Update paramaters to match UAT API changes. - Change the UAT filename. - Fix buffer overflow for IPv6 addresses. - Allow the use of hostnames along with numeric addresses. - Don't convert strings to addresses twice. - Don't use the same variable name for different data types. - Make "any" mean "any IPv4 or any IPv6". - Bend the concept of obsolete preferences slightly so that we can convert and old-style key list to a UAT. - Clean up whitespace. - Don't point to a User's Guide section for now; it may make more sense to keep using the wiki page. SSL dissector changes have been tested. DTLS dissector changes have not. svn path=/trunk/; revision=36875
2011-03-22Close fp in error case in ssl_parse_key_list to avoid leakage.Stig Bjørlykke1-0/+1
Coverity 597. svn path=/trunk/; revision=36246
2011-03-09Check that imported private key is RSA; Prevents a crash.Bill Meier1-0/+14
Fixes Bug #5662 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5662 svn path=/trunk/; revision=36174
2011-01-26From Kaspar Brand:Anders Broman1-0/+6
SSL/TLS dissector: add support for "Certificate Status" messages (aka OCSP stapling) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5503 svn path=/trunk/; revision=35655
2010-12-20Rename the routines that handle dissector tables with unsigned integerGuy Harris1-3/+3
keys to have _uint in their names, to match the routines that handle dissector tables with string keys. (Using _port can confuse people into thinking they're intended solely for use with TCP/UDP/etc. ports when, in fact, they work better for things such as Ethernet types, where the binding of particular values to particular protocols are a lot stronger.) svn path=/trunk/; revision=35224
2010-12-18Add support for the TLSv1.2 format of the CertificateRequest handshake message.Sake Blok1-0/+19
(see: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5485 ) svn path=/trunk/; revision=35216
2010-10-29Use value_string_ext fcns to access two value-string arrays;Bill Meier1-34/+48
Reorder value-string arrays slightly so they are in ascending order. svn path=/trunk/; revision=34699
2010-10-10Define some fcns & vars as static ...Bill Meier1-1/+2
svn path=/trunk/; revision=34458
2010-10-05Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5277 :Jeff Morriss1-1/+1
Don't pass a NULL pointer to a string to ssl_debug_printf() (which eventually calls vfprintf()): Solaris doesn't like it when you do that. svn path=/trunk/; revision=34386
2010-09-15Follow up to bug 5209 and rev 34115:Jeff Morriss1-12/+18
%hh is C99 so remove it from packet-ssl-utils and add it to the banned list (similar to %ll) in checkAPIs.pl . svn path=/trunk/; revision=34120
2010-09-13From Yaniv Kaul:Anders Broman1-3/+25
[PATCH] Add SSL cipher 'Transport Layer Security (TLS) Renegotiation Indication Extension' (RFC 5746) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5207 svn path=/trunk/; revision=34110
2010-08-27Take in updates from the TLS registery.Jaap Keuter1-0/+30
svn path=/trunk/; revision=33948
2010-06-24From "wiresharkbugzilla@jdkbx.cjb.net":Anders Broman1-0/+4
Support for RFC4279 Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4853 svn path=/trunk/; revision=33309
2010-02-19Ditch the last direct indexed character array.Jaap Keuter1-10/+10
And some minor formatting updates. svn path=/trunk/; revision=31921
2010-01-31From Jens Weibler:Jaap Keuter1-4/+44
Just a small patch to add information about elliptic curves for SSL-connections. svn path=/trunk/; revision=31744
2010-01-29From Laurent Boulard:Jaap Keuter1-3/+18
Follow SSL Stream for TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_NULL_MD5. svn path=/trunk/; revision=31733
2010-01-22Fix a spelling error : entrypted -> encryptedSake Blok1-8/+8
(found by Adam Langley in bug 4349) svn path=/trunk/; revision=31628
2010-01-22Fix some gcc -Wshadow warningsBill Meier1-709/+712
svn path=/trunk/; revision=31623
2010-01-16Use G_GSIZE_MODIFIER rather than casting to "gulong" and printing withGuy Harris1-2/+2
"%lu". svn path=/trunk/; revision=31541
2009-12-21Can someone explain why it's a good idea that functions like strlenGerald Combs1-4/+4
return a size_t and then not define a size_t format specifier for sprintf? svn path=/trunk/; revision=31342
2009-12-21Switch to using a bundled version of the openSUSE Build Service packagesGerald Combs1-14/+14
for GNUTLS since they provide 32-bit and 64-bit Windows packages. We no longer have winposixtype.h, so remove its #includes and add a ssize_t typedef to config.h.win32. svn path=/trunk/; revision=31341
2009-10-25From Jakub Zawadzki:Anders Broman1-2/+1
Cleanup dissector code - use proper memory functions. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4164 svn path=/trunk/; revision=30691
2009-09-15ssl_association_remove(): free assoc->info tooJeff Morriss1-0/+2
svn path=/trunk/; revision=29914
2009-09-14Fix for bug 4008:Jaap Keuter1-0/+11
Crash on TLSv1.2 packets, caused by ssl_short_name array overrun. svn path=/trunk/; revision=29906
2009-09-09From Ivan Sy:Jaap Keuter1-3/+7
Add a more descriptive log message on DH key exchange. svn path=/trunk/; revision=29825
2009-09-06Rename address_to_str() to ep_address_to_str() because:Kovarththanan Rajaratnam1-2/+2
1) This indicates that the string has ephemeral lifetime 2) More consistent with its existing seasonal counterpart, se_address_to_str(). svn path=/trunk/; revision=29747
generated by cgit v1.2.1 (git 2.18.0) at 2024-07-13 07:46:12 +0000