aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-ssl.c
AgeCommit message (Collapse)AuthorFilesLines
2011-09-21(Trivial) Remove trailing whitespace from lines for a few files.Bill Meier1-22/+22
svn path=/trunk/; revision=39084
2011-09-21Fix vi "modeline" so it works;Bill Meier1-1/+1
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5748 svn path=/trunk/; revision=39074
2011-09-20From Dirk via bug 6361:Stig Bjørlykke1-2/+2
Use File/Directory Dialog as a field type for UAT preferences. svn path=/trunk/; revision=39059
2011-09-02Use ENC_BIG_ENDIANAnders Broman1-65/+65
svn path=/trunk/; revision=38859
2011-09-02From Eric Wustrow:Anders Broman1-7/+197
TLS Diffie-Hellman key exchange dissection support. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6277 svn path=/trunk/; revision=38858
2011-05-28Add "File -> Export -> SSL Session Keys..." to be able to save the keyring ↵Sake Blok1-1/+3
info for each session in the trace file. This makes it possible to give someone the trace and the exported keys so that they can decrypt the traffic in the trace, but not new sessions to the same server. (See also: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444) svn path=/trunk/; revision=37446
2011-05-27Make TVBs opaque for most users.Jeff Morriss1-3/+3
Convert TVB_RAW_OFFSET() and TVB_GET_DS_TVB() into functions. svn path=/trunk/; revision=37422
2011-05-25Extended the SSL key log import routine to be able to read the following format:Sake Blok1-2/+14
RSA Session-ID:xxxx Master-Key:xxxx This makes it easy to use the "openssl s_client" output for decryption (see: http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id) It also paves the way for exporting SSL keyring material. See also the enhancement request in: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444 svn path=/trunk/; revision=37401
2011-04-26If HAVE_LIBGNUTLS isn't defined, don't build functions that are usedGuy Harris1-0/+2
only if HAVE_LIBGNUTLS is defined. svn path=/trunk/; revision=36878
2011-04-26From Adam Langley via bug 4349:Gerald Combs1-12/+19
This patch adds support for getting the pre-master secret of a TLS connection from a log file. Currently Wireshark can decrypt and TLS connection only if it has the server's private key. I commonly have a use case where I control the TLS client, but not the server. In order to decrypt in this case, I've added support to NSS (used by Chrome and Firefox) to log the keys to a file on disk: https://bugzilla.mozilla.org/show_bug.cgi?id=536474 Given this file, Wireshark can then decrypt the resulting TLS connections. The format is such that Wireshark opens and linearly scans the file each time it sees a ClientKeyExchange. If the key log grows too large, this is pretty inefficient. However, it's simple and the number of interesting TLS connections when debugging is usually very small. svn path=/trunk/; revision=36876
2011-04-26From Ivan Sy via bug 3343:Gerald Combs1-61/+163
- Support for DTLS and SSL RSA keys list using User Accessible Table - Support for IPv6 SSL as posted by bug#3343 comment#1 - 'any' and 'anyipv4' for IPv4 wildcard - 'anyipv6' for IPv6 wildcard - UAT fields validation. From me: - Update paramaters to match UAT API changes. - Change the UAT filename. - Fix buffer overflow for IPv6 addresses. - Allow the use of hostnames along with numeric addresses. - Don't convert strings to addresses twice. - Don't use the same variable name for different data types. - Make "any" mean "any IPv4 or any IPv6". - Bend the concept of obsolete preferences slightly so that we can convert and old-style key list to a UAT. - Clean up whitespace. - Don't point to a User's Guide section for now; it may make more sense to keep using the wiki page. SSL dissector changes have been tested. DTLS dissector changes have not. svn path=/trunk/; revision=36875
2011-03-25From Didier via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3055 :Jeff Morriss1-12/+13
Apply rev 25869 to most of the rest of the TCP-desegmenting dissectors. (The SSL dissector was already updated in one of two spots with bug 4535/rev 32456.) A couple of the patches had to be manually applied. From me: Fix the comments to match the change (including in the TCP and SSL dissectors.) svn path=/trunk/; revision=36332
2011-03-24If we've already seen a segment which starts a multi-segment pdu (i.e., it'sJeff Morriss1-112/+130
a retransmission), don't add it to the list (tree) of multi-segment pdus. Otherwise, if we'd already seen the rest of the pdu and the other segments were not retransmitted, the retransmission would break dissection of the pdu because lookups for the segment would find the retransmission (to which the other segments were not attached). Since we know this segment is a retransmission, don't bother handing it off to the subdissector either. Use PINFO_FD_VISITED(). Add some white space in the desegmentation routine to improve readability. Apply the same changes to the SSL dissector. svn path=/trunk/; revision=36304
2011-02-10Modify proto_tree_add_bytes_format() and proto_tree_add_bytes_format_value()Jeff Morriss1-4/+2
so that if the start_ptr is NULL the bytes are extracted from the given TVB using the given offset and length. Replace a bunch of: proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, tvb_get_ptr(tvb, offset, length), [...]) with: proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, NULL, [...]) svn path=/trunk/; revision=35896
2011-01-30Introduce "Fragment count" filter element for all protocols doing reassembly.Stig Bjørlykke1-0/+7
svn path=/trunk/; revision=35705
2011-01-26From Kaspar Brand:Anders Broman1-0/+84
SSL/TLS dissector: add support for "Certificate Status" messages (aka OCSP stapling) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5503 svn path=/trunk/; revision=35655
2011-01-16There's no need to pass the result of tvb_get_ptr() as the 'value' inJeff Morriss1-4/+3
proto_tree_add_*(): just use proto_tree_add_item(). Replace some tvb_get_ptr()s with tvb_get_ephemeral_string() or tvb_get_const_stringz(). Use tvb_memeql() & tvb_memcmp(). svn path=/trunk/; revision=35558
2010-12-18Add support for the TLSv1.2 format of the CertificateRequest handshake message.Sake Blok1-3/+137
(see: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5485 ) svn path=/trunk/; revision=35216
2010-12-14Rename "Secure Socket Layer" to "Secure Sockets Layer" (plural) and updateStephen Fisher1-3/+3
protocol reference URLs. svn path=/trunk/; revision=35186
2010-12-14Minor cleanup:Bill Meier1-1015/+1020
- Initialize a few static global variables; - Remove two unnecessary calls to g_hash_table_foreach_remove; - Do whitespace cleanup and use consistent indentation; - Fix a few typos and fix up several comments. svn path=/trunk/; revision=35183
2010-10-29Use value_string_ext fcns to access two value-string arrays;Bill Meier1-2/+2
Reorder value-string arrays slightly so they are in ascending order. svn path=/trunk/; revision=34699
2010-09-23Replace blurbs that match the name (case insensitive) with NULL.Jeff Morriss1-4/+4
svn path=/trunk/; revision=34227
2010-06-24Try to fix the build.Anders Broman1-1/+1
svn path=/trunk/; revision=33310
2010-06-24From "wiresharkbugzilla@jdkbx.cjb.net":Anders Broman1-27/+105
Support for RFC4279 Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4853 svn path=/trunk/; revision=33309
2010-05-28Move some code (including the optional objects) into libwsutilJeff Morriss1-1/+3
svn path=/trunk/; revision=33012
2010-05-23Fix for bug 4544 - Decrypted data for STARTLS session is not shown in packet ↵Sake Blok1-0/+1
list when using "starttls" SSL decryption preference - make sure the SSL dissector knows how to reach the original dissector for the decrypted data - make sure the SMTP dissector does not call the SSL dissector again with the decrypted data svn path=/trunk/; revision=32921
2010-05-13As suggested in ↵Jeff Morriss1-20/+4
http://www.wireshark.org/lists/wireshark-dev/200809/msg00075.html (as referenced in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2907 ) and https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3411 : Write a new convenience routine for finding a conversation and, if it is not found, create it. The frame number and addresses are taken from pinfo (as is the common case). Use this function in a bunch of dissectors. svn path=/trunk/; revision=32790
2010-05-11From Yaniv Kaul: Fix errors found by clang static code analyzer and add ↵Bill Meier1-58/+36
some consts. svn path=/trunk/; revision=32760
2010-04-13Fix for bug 4535: The SSL dissector can not correctly resemple SSL records ↵Sake Blok1-1/+5
when the record header is spit between packets svn path=/trunk/; revision=32456
2010-02-19Ditch the last direct indexed character array.Jaap Keuter1-12/+12
And some minor formatting updates. svn path=/trunk/; revision=31921
2010-02-03Changed "reassembled_length" -> "reassembled.length".Stig Bjørlykke1-1/+1
svn path=/trunk/; revision=31776
2010-02-02Introduce "Reassembled length" filter element for all protocols doingStig Bjørlykke1-0/+6
reassembly. svn path=/trunk/; revision=31767
2010-01-31From Jens Weibler:Jaap Keuter1-6/+126
Just a small patch to add information about elliptic curves for SSL-connections. svn path=/trunk/; revision=31744
2009-12-21Only add a delimiter to COL_INFO when actually adding something more.Stig Bjørlykke1-40/+55
(remaining data can be TCP segment data) Removed calls to col_check(). svn path=/trunk/; revision=31332
2009-12-19For fields of type FT_ABSOLUTE_TIME, have the "display" value be one ofGuy Harris1-1/+1
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL == (int)BASE_NONE, so there's no source or binary compatiblity issue, although we might want to eliminate BASE_NONE at some point and have the BASE_ values used with integral types start at 0, so that you can't specify BASE_NONE for an integral field. svn path=/trunk/; revision=31319
2009-11-23Guard #include <sys/types.h> with HAVE_SYS_TYPES_H.Stig Bjørlykke1-0/+2
svn path=/trunk/; revision=31053
2009-09-24* Prefer col_append_str instead of col_append_fstr for constant stringsKovarththanan Rajaratnam1-18/+9
* Remove check_col guards svn path=/trunk/; revision=30127
2009-09-14Fix for bug 4008:Jaap Keuter1-9/+0
Crash on TLSv1.2 packets, caused by ssl_short_name array overrun. svn path=/trunk/; revision=29906
2009-08-16Switch a bunch of dissectors over to using tvb_new_subset_remaining()Kovarththanan Rajaratnam1-1/+1
svn path=/trunk/; revision=29446
2009-08-13Fix SSL decryption failure if client and server have the same TCP portTomas Kukosa1-56/+16
svn path=/trunk/; revision=29400
2009-08-09Don't guard col_set_str (COL_INFO/COL_PROTOCOL) with col_checkKovarththanan Rajaratnam1-10/+3
svn path=/trunk/; revision=29345
2009-08-09Don't guard col_clear with col_checkKovarththanan Rajaratnam1-2/+1
svn path=/trunk/; revision=29344
2009-06-18From Kovarththanan Rajaratnam via bug 3548:Stig Bjørlykke1-10/+10
(1) Trailing/leading spaces are removed from 'name's/'blurb's (2) Duplicate 'blurb's are replaced with NULL (3) Empty ("") 'blurb's are replaced with NULL (4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME, FT_PROTOCOL, FT_STRING and FT_STRINGZ field types (5) Only allow non-zero value for 'display' if 'bitmask' is non-zero svn path=/trunk/; revision=28770
2009-05-13Apply some of the patches from:Anders Broman1-8/+2
http://wiki.wireshark.org/Development/Optimization svn path=/trunk/; revision=28356
2009-04-21Turn on -Wshorten-64-to-32 by default, and fix some issues that turnedGuy Harris1-1/+1
up (99 44/100% of which were assignments of double-precision floating-point constants to floats). Hopefully this will catch at least some P64 issues on UN*X. svn path=/trunk/; revision=28108
2009-04-19When a frame contains the remainder of a previous PDU and a new PDU, the Sake Blok1-1/+9
protocol tree would show two "Secure Socket Layer" branches and the INFO column would fail to show the content type of the second PDU. Don't give control back to TCP for the second PDU by just fetching the remaining bytes of the first PDU, but ask for a whole new segment so that all processing will be done within the SSL dissector itself. svn path=/trunk/; revision=28088
2009-02-11- detect TLS 1.2 Tomas Kukosa1-2/+22
- ciphersuite list updated - list of alerts and extensions updated svn path=/trunk/; revision=27421
2008-12-20Fix various typos and spelling errors (mostly in text strings)Bill Meier1-1/+1
svn path=/trunk/; revision=27065
2008-12-19Back out r27047 and r27053.Gerald Combs1-0/+2
svn path=/trunk/; revision=27062
2008-12-18Update calls to proto_tree_add_bytes_format to reflect r27047.Gerald Combs1-2/+0
svn path=/trunk/; revision=27053
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 07:43:01 +0000