aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--epan/dissectors/packet-ssl.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 6c17bd2..1b85132 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2133,8 +2133,14 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
/*
* Add handshake message (including type, length, etc.) to hash (for
* Extended Master Secret).
+ * Hash ClientHello up to and including ClientKeyExchange. As the
+ * premaster secret is looked up during ChangeCipherSpec processing (an
+ * implementation detail), we must skip the CertificateVerify message
+ * which can appear between CKE and CCS when mutual auth is enabled.
*/
- ssl_calculate_handshake_hash(ssl, tvb, hs_offset, 4 + length);
+ if (msg_type != SSL_HND_CERT_VERIFY) {
+ ssl_calculate_handshake_hash(ssl, tvb, hs_offset, 4 + length);
+ }
/* now dissect the handshake message, if necessary */
switch ((HandshakeType) msg_type) {