aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-ssl-utils.c
AgeCommit message (Collapse)AuthorFilesLines
2012-08-22From Teguh via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7657Evan Huus1-2/+2
Replace the last instance of gnutls_datum with gnutls_datum_t. The former is deprecated, and the latter is already being used elsewhere in the file. svn path=/trunk/; revision=44611
2012-06-28Update Free Software Foundation address.Jakub Zawadzki1-1/+1
(COPYING will be updated in next commit) svn path=/trunk/; revision=43536
2012-06-24From Adam Langley:Anders Broman1-2/+9
Decrypt resumed, SSL sessions from keylog file- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7396 svn path=/trunk/; revision=43458
2012-06-18Fix a null pointer warning from Clang. Not sure if we'll run into thisGerald Combs1-1/+5
in practice. svn path=/trunk/; revision=43334
2012-06-17Fix reading back exported SSL keys. Bug was introduced in r43097.Sake Blok1-3/+3
svn path=/trunk/; revision=43303
2012-06-05From Adam Langley: Add support for decrypting ECDHE-RSA-RC4-SHA. ↵Anders Broman1-0/+1
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7331 svn path=/trunk/; revision=43100
2012-06-05From Adam Langley: Add support for CLIENT_RANDOM lines in SSL keylog. ↵Anders Broman1-2/+57
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7330 svn path=/trunk/; revision=43099
2012-06-05From Adam Langley: Clean up code for handling keylog files. ↵Anders Broman1-104/+135
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7329 svn path=/trunk/; revision=43097
2012-05-07General minor cleanup including:Bill Meier1-366/+374
- remove unneeded #includes; - use val_to_str_const() as appropriate; - reformat hf[] entries; - reformat long lines; - use #if 0/#endif to coment out code instead of /* ... */; - remove boilerplate comments; - whitespace & indentation svn path=/trunk/; revision=42487
2012-04-30From Martin Kaiser:pascal1-1/+1
Fix some 'intermediate pointers must be const qualified' warnings https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7215 svn path=/trunk/; revision=42355
2012-04-13Remove doubled semicolons and semicolons outside function.Jakub Zawadzki1-1/+1
svn path=/trunk/; revision=42053
2012-03-28From Robin Seggelmann:Michael Tüxen1-1/+6
Support DTLS 1.2 Fix a bug in option handling. svn path=/trunk/; revision=41816
2012-03-22From Yaniv Kaul:Anders Broman1-2/+8
Enhance the SSL dissector to dissect some Hello extensions. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6979 svn path=/trunk/; revision=41736
2012-03-08From Robin Seggelmann: Add support for the New Session TicketMichael Tüxen1-0/+1
message according to RFC 5077. svn path=/trunk/; revision=41427
2012-02-29Fix some Dead Store (Dead assignement/Dead increment) Warning found by ClangAlexis La Goutte1-11/+9
svn path=/trunk/; revision=41244
2012-02-27Error: Found deprecated APIs in packet-ssl-utils.c: dissector_addAnders Broman1-1/+1
svn path=/trunk/; revision=41203
2012-02-26From Robin Seggelmann: Add support for RFC 6520.Michael Tüxen1-4/+20
From me: Some cleanup Initial work was done by Denis Jaeger and Lukas Scharlau, but the code got rewritten by Robin. svn path=/trunk/; revision=41189
2012-02-16From Naoyoshi Ueda:Anders Broman1-19/+20
Patch to fix DTLS decryption. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6847 svn path=/trunk/; revision=41036
2012-01-30From Andreas Heise:Anders Broman1-2/+2
Remove a debug line. svn path=/trunk/; revision=40774
2012-01-28From Andreas Heise:Anders Broman1-7/+33
option ssl_ignore_mac_failed. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6748 svn path=/trunk/; revision=40752
2012-01-28From Michael:Anders Broman1-0/+202
Enhance SSL Key Exchange dissection. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6716 svn path=/trunk/; revision=40748
2012-01-04Make sure each value in a GHashTable is unique. This avoids aGerald Combs1-24/+19
double-free bug triggered by using the "any" address wildcard. Use g_malloc0 instead of zeroing elements by hand. Check for SSL_FAST the same way everywhere. svn path=/trunk/; revision=40365
2011-12-22From Naoyoshi Ueda:Anders Broman1-17/+87
Enable decryption of TLS 1.2. Add some cipher suites from RFC5246 and RFC5289. Fixed a bug in the handling of stream cipher. (The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688 svn path=/trunk/; revision=40273
2011-12-16Fix tvb memory leak; Add missing call to add_new_data_source();Bill Meier1-15/+13
Also: remove unneeded #includes. svn path=/trunk/; revision=40221
2011-09-21Fix vi "modeline" so it works;Bill Meier1-1/+1
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5748 svn path=/trunk/; revision=39074
2011-09-20From Dirk via bug 6361:Stig Bjørlykke1-10/+7
Use File/Directory Dialog as a field type for UAT preferences. svn path=/trunk/; revision=39059
2011-09-19Close fp before checking if private_key is NULL to avoid memory leak. Fixes ↵Chris Maynard1-5/+5
Coverity 597. svn path=/trunk/; revision=39049
2011-06-23From Andrey Kulikov:Jaap Keuter1-0/+5
Patch to show GOST certificate types in CertificateRequest message. svn path=/trunk/; revision=37776
2011-06-23From Andrey Kulikov:Jaap Keuter1-0/+5
Patch to TLS dissector to show GOST ciphesuites names. svn path=/trunk/; revision=37775
2011-06-20Fix some gcc 4.6 "set but not used [-Wunused-but-set-variable]" warnings;Bill Meier1-2/+2
(Code commented out since it may be required in the future (at least in some cases). svn path=/trunk/; revision=37723
2011-05-29- Added new SignatureIdentity values.Anders Broman1-0/+7
From Marc Petit-Huguenin: - Removed directResponseForwarding. - The certificate_type enum is now defined as RFC 6091's CertificateType so moved the definition to packet-ssl-utils.[ch]. - Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER Kinds. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967 svn path=/trunk/; revision=37452
2011-05-28Add "File -> Export -> SSL Session Keys..." to be able to save the keyring ↵Sake Blok1-1/+1
info for each session in the trace file. This makes it possible to give someone the trace and the exported keys so that they can decrypt the traffic in the trace, but not new sessions to the same server. (See also: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444) svn path=/trunk/; revision=37446
2011-05-25Extended the SSL key log import routine to be able to read the following format:Sake Blok1-36/+97
RSA Session-ID:xxxx Master-Key:xxxx This makes it easy to use the "openssl s_client" output for decryption (see: http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id) It also paves the way for exporting SSL keyring material. See also the enhancement request in: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444 svn path=/trunk/; revision=37401
2011-05-12From Richard Brodie via ↵Jeff Morriss1-2/+2
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5800 : Fix compilation if we HAVE_LIBGNUTLS but we do not HAVE_LIBGCRYPT. (The former can be built using libnettle instead of the latter.) svn path=/trunk/; revision=37102
2011-05-11From Michael Chen via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5863 :Jeff Morriss1-5/+7
5. A guaranteed null pointer access violation is fixed in packet-ssl-utils.c when DTLS succeeded in dissecting its payload. svn path=/trunk/; revision=37058
2011-05-04Cleanup: g_malloc can't return NULL, remove checks for them.Jakub Zawadzki1-4/+0
XXX, should this code use g_try_malloc instead? svn path=/trunk/; revision=36988
2011-04-26From Adam Langley via bug 4349:Gerald Combs1-0/+101
This patch adds support for getting the pre-master secret of a TLS connection from a log file. Currently Wireshark can decrypt and TLS connection only if it has the server's private key. I commonly have a use case where I control the TLS client, but not the server. In order to decrypt in this case, I've added support to NSS (used by Chrome and Firefox) to log the keys to a file on disk: https://bugzilla.mozilla.org/show_bug.cgi?id=536474 Given this file, Wireshark can then decrypt the resulting TLS connections. The format is such that Wireshark opens and linearly scans the file each time it sees a ClientKeyExchange. If the key log grows too large, this is pretty inefficient. However, it's simple and the number of interesting TLS connections when debugging is usually very small. svn path=/trunk/; revision=36876
2011-04-26From Ivan Sy via bug 3343:Gerald Combs1-130/+185
- Support for DTLS and SSL RSA keys list using User Accessible Table - Support for IPv6 SSL as posted by bug#3343 comment#1 - 'any' and 'anyipv4' for IPv4 wildcard - 'anyipv6' for IPv6 wildcard - UAT fields validation. From me: - Update paramaters to match UAT API changes. - Change the UAT filename. - Fix buffer overflow for IPv6 addresses. - Allow the use of hostnames along with numeric addresses. - Don't convert strings to addresses twice. - Don't use the same variable name for different data types. - Make "any" mean "any IPv4 or any IPv6". - Bend the concept of obsolete preferences slightly so that we can convert and old-style key list to a UAT. - Clean up whitespace. - Don't point to a User's Guide section for now; it may make more sense to keep using the wiki page. SSL dissector changes have been tested. DTLS dissector changes have not. svn path=/trunk/; revision=36875
2011-03-22Close fp in error case in ssl_parse_key_list to avoid leakage.Stig Bjørlykke1-0/+1
Coverity 597. svn path=/trunk/; revision=36246
2011-03-09Check that imported private key is RSA; Prevents a crash.Bill Meier1-0/+14
Fixes Bug #5662 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5662 svn path=/trunk/; revision=36174
2011-01-26From Kaspar Brand:Anders Broman1-0/+6
SSL/TLS dissector: add support for "Certificate Status" messages (aka OCSP stapling) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5503 svn path=/trunk/; revision=35655
2010-12-20Rename the routines that handle dissector tables with unsigned integerGuy Harris1-3/+3
keys to have _uint in their names, to match the routines that handle dissector tables with string keys. (Using _port can confuse people into thinking they're intended solely for use with TCP/UDP/etc. ports when, in fact, they work better for things such as Ethernet types, where the binding of particular values to particular protocols are a lot stronger.) svn path=/trunk/; revision=35224
2010-12-18Add support for the TLSv1.2 format of the CertificateRequest handshake message.Sake Blok1-0/+19
(see: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5485 ) svn path=/trunk/; revision=35216
2010-10-29Use value_string_ext fcns to access two value-string arrays;Bill Meier1-34/+48
Reorder value-string arrays slightly so they are in ascending order. svn path=/trunk/; revision=34699
2010-10-10Define some fcns & vars as static ...Bill Meier1-1/+2
svn path=/trunk/; revision=34458
2010-10-05Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5277 :Jeff Morriss1-1/+1
Don't pass a NULL pointer to a string to ssl_debug_printf() (which eventually calls vfprintf()): Solaris doesn't like it when you do that. svn path=/trunk/; revision=34386
2010-09-15Follow up to bug 5209 and rev 34115:Jeff Morriss1-12/+18
%hh is C99 so remove it from packet-ssl-utils and add it to the banned list (similar to %ll) in checkAPIs.pl . svn path=/trunk/; revision=34120
2010-09-13From Yaniv Kaul:Anders Broman1-3/+25
[PATCH] Add SSL cipher 'Transport Layer Security (TLS) Renegotiation Indication Extension' (RFC 5746) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5207 svn path=/trunk/; revision=34110
2010-08-27Take in updates from the TLS registery.Jaap Keuter1-0/+30
svn path=/trunk/; revision=33948
2010-06-24From "wiresharkbugzilla@jdkbx.cjb.net":Anders Broman1-0/+4
Support for RFC4279 Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4853 svn path=/trunk/; revision=33309
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 00:08:46 +0000