diff options
Diffstat (limited to 'epan/dissectors/packet-ssl.c')
-rw-r--r-- | epan/dissectors/packet-ssl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 6c17bd276e..1b8513278f 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -2133,8 +2133,14 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, /* * Add handshake message (including type, length, etc.) to hash (for * Extended Master Secret). + * Hash ClientHello up to and including ClientKeyExchange. As the + * premaster secret is looked up during ChangeCipherSpec processing (an + * implementation detail), we must skip the CertificateVerify message + * which can appear between CKE and CCS when mutual auth is enabled. */ - ssl_calculate_handshake_hash(ssl, tvb, hs_offset, 4 + length); + if (msg_type != SSL_HND_CERT_VERIFY) { + ssl_calculate_handshake_hash(ssl, tvb, hs_offset, 4 + length); + } /* now dissect the handshake message, if necessary */ switch ((HandshakeType) msg_type) { |