Age | Commit message (Collapse) | Author | Files | Lines |
|
message according to RFC 5077.
svn path=/trunk/; revision=41427
|
|
svn path=/trunk/; revision=41244
|
|
svn path=/trunk/; revision=41203
|
|
From me: Some cleanup
Initial work was done by Denis Jaeger and
Lukas Scharlau, but the code got rewritten by Robin.
svn path=/trunk/; revision=41189
|
|
Patch to fix DTLS decryption.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6847
svn path=/trunk/; revision=41036
|
|
Remove a debug line.
svn path=/trunk/; revision=40774
|
|
option ssl_ignore_mac_failed.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6748
svn path=/trunk/; revision=40752
|
|
Enhance SSL Key Exchange dissection.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6716
svn path=/trunk/; revision=40748
|
|
double-free bug triggered by using the "any" address wildcard.
Use g_malloc0 instead of zeroing elements by hand. Check for SSL_FAST
the same way everywhere.
svn path=/trunk/; revision=40365
|
|
Enable decryption of TLS 1.2.
Add some cipher suites from RFC5246 and RFC5289.
Fixed a bug in the handling of stream cipher.
(The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688
svn path=/trunk/; revision=40273
|
|
Also: remove unneeded #includes.
svn path=/trunk/; revision=40221
|
|
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5748
svn path=/trunk/; revision=39074
|
|
Use File/Directory Dialog as a field type for UAT preferences.
svn path=/trunk/; revision=39059
|
|
Coverity 597.
svn path=/trunk/; revision=39049
|
|
Patch to show GOST certificate types in CertificateRequest message.
svn path=/trunk/; revision=37776
|
|
Patch to TLS dissector to show GOST ciphesuites names.
svn path=/trunk/; revision=37775
|
|
(Code commented out since it may be required in the future (at least in some cases).
svn path=/trunk/; revision=37723
|
|
From Marc Petit-Huguenin:
- Removed directResponseForwarding.
- The certificate_type enum is now defined as RFC 6091's CertificateType
so moved the definition to packet-ssl-utils.[ch].
- Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER
Kinds.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967
svn path=/trunk/; revision=37452
|
|
info for each session in the trace file. This makes it possible to give someone the trace and the exported keys so that they can decrypt the traffic in the trace, but not new sessions to the same server.
(See also: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444)
svn path=/trunk/; revision=37446
|
|
RSA Session-ID:xxxx Master-Key:xxxx
This makes it easy to use the "openssl s_client" output for decryption
(see: http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id)
It also paves the way for exporting SSL keyring material. See also the enhancement request in:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444
svn path=/trunk/; revision=37401
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5800 :
Fix compilation if we HAVE_LIBGNUTLS but we do not HAVE_LIBGCRYPT. (The
former can be built using libnettle instead of the latter.)
svn path=/trunk/; revision=37102
|
|
5. A guaranteed null pointer access violation is fixed in packet-ssl-utils.c
when DTLS succeeded in dissecting its payload.
svn path=/trunk/; revision=37058
|
|
XXX, should this code use g_try_malloc instead?
svn path=/trunk/; revision=36988
|
|
This patch adds support for getting the pre-master secret of a TLS
connection from a log file. Currently Wireshark can decrypt and TLS
connection only if it has the server's private key.
I commonly have a use case where I control the TLS client, but not the
server. In order to decrypt in this case, I've added support to NSS
(used by Chrome and Firefox) to log the keys to a file on disk:
https://bugzilla.mozilla.org/show_bug.cgi?id=536474
Given this file, Wireshark can then decrypt the resulting TLS connections.
The format is such that Wireshark opens and linearly scans the file each
time it sees a ClientKeyExchange. If the key log grows too large, this
is pretty inefficient. However, it's simple and the number of
interesting TLS connections when debugging is usually very small.
svn path=/trunk/; revision=36876
|
|
- Support for DTLS and SSL RSA keys list using User Accessible Table
- Support for IPv6 SSL as posted by bug#3343 comment#1
- 'any' and 'anyipv4' for IPv4 wildcard
- 'anyipv6' for IPv6 wildcard
- UAT fields validation.
From me:
- Update paramaters to match UAT API changes.
- Change the UAT filename.
- Fix buffer overflow for IPv6 addresses.
- Allow the use of hostnames along with numeric addresses.
- Don't convert strings to addresses twice.
- Don't use the same variable name for different data types.
- Make "any" mean "any IPv4 or any IPv6".
- Bend the concept of obsolete preferences slightly so that we can convert
and old-style key list to a UAT.
- Clean up whitespace.
- Don't point to a User's Guide section for now; it may make more sense to
keep using the wiki page.
SSL dissector changes have been tested. DTLS dissector changes have not.
svn path=/trunk/; revision=36875
|
|
Coverity 597.
svn path=/trunk/; revision=36246
|
|
Fixes Bug #5662
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5662
svn path=/trunk/; revision=36174
|
|
SSL/TLS dissector: add support for "Certificate Status" messages (aka OCSP stapling)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5503
svn path=/trunk/; revision=35655
|
|
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
|
|
(see: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5485 )
svn path=/trunk/; revision=35216
|
|
Reorder value-string arrays slightly so they are in ascending order.
svn path=/trunk/; revision=34699
|
|
svn path=/trunk/; revision=34458
|
|
Don't pass a NULL pointer to a string to ssl_debug_printf() (which eventually
calls vfprintf()): Solaris doesn't like it when you do that.
svn path=/trunk/; revision=34386
|
|
%hh is C99 so remove it from packet-ssl-utils and add it to the banned list
(similar to %ll) in checkAPIs.pl .
svn path=/trunk/; revision=34120
|
|
[PATCH] Add SSL cipher 'Transport Layer Security (TLS) Renegotiation Indication Extension' (RFC 5746)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5207
svn path=/trunk/; revision=34110
|
|
svn path=/trunk/; revision=33948
|
|
Support for RFC4279 Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4853
svn path=/trunk/; revision=33309
|
|
And some minor formatting updates.
svn path=/trunk/; revision=31921
|
|
Just a small patch to add information about elliptic curves for SSL-connections.
svn path=/trunk/; revision=31744
|
|
Follow SSL Stream for TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_NULL_MD5.
svn path=/trunk/; revision=31733
|
|
(found by Adam Langley in bug 4349)
svn path=/trunk/; revision=31628
|
|
svn path=/trunk/; revision=31623
|
|
"%lu".
svn path=/trunk/; revision=31541
|
|
return a size_t and then not define a size_t format specifier for sprintf?
svn path=/trunk/; revision=31342
|
|
for GNUTLS since they provide 32-bit and 64-bit Windows packages. We no
longer have winposixtype.h, so remove its #includes and add a ssize_t
typedef to config.h.win32.
svn path=/trunk/; revision=31341
|
|
Cleanup dissector code - use proper memory functions.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4164
svn path=/trunk/; revision=30691
|
|
svn path=/trunk/; revision=29914
|
|
Crash on TLSv1.2 packets, caused by ssl_short_name array overrun.
svn path=/trunk/; revision=29906
|
|
Add a more descriptive log message on DH key exchange.
svn path=/trunk/; revision=29825
|
|
1) This indicates that the string has ephemeral lifetime
2) More consistent with its existing seasonal counterpart, se_address_to_str().
svn path=/trunk/; revision=29747
|