diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2016-09-04 02:06:50 +0200 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2016-09-06 11:53:31 +0000 |
| commit | 10e84a612b629341acd9cd20876517e5bab63d37 (patch) | |
| tree | 5a416f6273b2bd68ae79cab698f54b4857d6e9b1 /epan/dissectors/packet-ssl.c | |
| parent | c8de455f4bcab0c560ec74bc0c1d3c46dad07270 (diff) | |
ssl: really fix session resumption expert info
In a two-pass dissection with renegotiated sessions, the
is_session_resumed flag is not updated according to the current protocol
flow. Fix this by performing detection of abbreviated handshakes in
all cases, do not limit it to the decryption stage (where ssl != NULL).
Reset the resumption assumption after the first ChangeCipherSpec
(normally from the server side, but explicitly add this in case client
packets somehow arrive earlier in the capture). This should not have a
functional effect on normal TLS captures with Session Tickets.
Bug: 12793
Change-Id: I1eb2a8262b4e359b8c1d3d0a1e004a9e856bec8c
Reviewed-on: https://code.wireshark.org/review/17483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-ssl.c')
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 67d4466d26..d16d4f6998 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -1684,6 +1684,11 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, ssl_finalize_decryption(ssl, &ssl_master_key_map); ssl_change_cipher(ssl, ssl_packet_from_server(session, ssl_associations, pinfo)); } + /* Heuristic: any later ChangeCipherSpec is not a resumption of this + * session. Set the flag after ssl_finalize_decryption such that it has + * a chance to use resume using Session Tickets. */ + if (is_from_server) + session->is_session_resumed = FALSE; break; case SSL_ID_ALERT: { @@ -2063,8 +2068,8 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_SVR_HELLO_DONE: - if (ssl) - ssl->state |= SSL_SERVER_HELLO_DONE; + /* This is not an abbreviated handshake, it is certainly not resumed. */ + session->is_session_resumed = FALSE; break; case SSL_HND_CERT_VERIFY: |