Age | Commit message (Collapse) | Author | Files | Lines |
|
This should eventually replace the "ssl_keys" UAT which additionally
contains a useless address, port and protocol field. This prepares for
HSM support through PKCS #11.
Change-Id: I59409c98aeedf260d19266d18e14ef7d9b40b582
Reviewed-on: https://code.wireshark.org/review/30977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Even if the certificate has a RSA public key, be sure to lookup the key
only if it is an actual RSA key exchange. Move the hashtable to the
secrets module to enable reuse.
Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5
Reviewed-on: https://code.wireshark.org/review/30854
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Switch from RSA decryption using Libgcrypt to GnuTLS. This prepares for
decryption using a PKCS#11 token. Requires GnuTLS 3.0.2 (or newer).
Change-Id: Ic42d84c825488e1f45b443a3e56d01600dd594c9
Reviewed-on: https://code.wireshark.org/review/30833
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
RSA private keys can only be used for decrypting TLS sessions with a
full handshake that use the RSA key exchange. However currently the RSA
private key is always looked up even if it cannot be used (for example,
due to an (EC)DHE cipher or due to a resumed session).
Defer lookup of these private keys and make some more code conditional
on the availability of GnuTLS at compile time since future changes
switch to GnuTLS for RSA decryption.
Change-Id: I31dfd6cdfbd733818c798b1fb0e895cf5a987c5a
Reviewed-on: https://code.wireshark.org/review/30831
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a new secrets API to the core, one that can outlive the lifetime of
a single capture file. Expose decryption secrets from wiretap through a
callback and let the secrets API route it to a dissector.
Bug: 15252
Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7
Reviewed-on: https://code.wireshark.org/review/30705
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6b89d07ee5b57d3f3b709d7af7e3362206518a62
Reviewed-on: https://code.wireshark.org/review/30471
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
* max_ack_delay (0x000c)
* original_connection_id (0x000d)
Change-Id: I95fb14cf337faef57525afe1ec1a2d6e79edd3c7
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/30418
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
As seen in a capture from Firefox Nightly.
Change-Id: I0bb69b716c02df565f91afa2606d0957c79ee6fc
Reviewed-on: https://code.wireshark.org/review/29991
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
See https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03
the value is TEMPORARY registered to IANA (registered 2018-05-23, expires 2019-05-23
Change-Id: I5a91ad4f1366cd7f0fa077677f227a66591494b6
Reviewed-on: https://code.wireshark.org/review/29796
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
In case the TLS key log file is provided by means other than a file,
split the file reading part from the contents processing part. Adjust
the line handling logic to allow immutable strings. Stick to fgets to
avoid partial lines in case the read buffer is full.
Rename some SSL -> TLS while at it.
Change-Id: I28da96834833e6096074ce122a6ebc3484655d9f
Reviewed-on: https://code.wireshark.org/review/29890
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
See https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03
The value is TEMPORARY registered to IANA (registered 2018-05-23, expires 2019-05-23):
https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
Missing new HandshakeType
Change-Id: Ie6aac3099a86310ffe91e45a8ce088d3c81dcd60
Reviewed-on: https://code.wireshark.org/review/29758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch].
Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06
Reviewed-on: https://code.wireshark.org/review/29659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|