Wireshark · Ethereal-dev: [Ethereal-dev] Re: packet-ssl.c patch for certificates

Ethereal-dev: [Ethereal-dev] Re: packet-ssl.c patch for certificates

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>

Date: Thu, 29 Jul 2004 19:06:47 +0200

Same patch as output of 'svn diff' (not 'cvs diff'). Does it matter?

Yaniv Kaul wrote:

Attached please find a patch to packet-ssl.c which adds thelong-waited certificates dissection.


There's a lot more to do, of course.

Specifically, I don't know how to add OIDs (the algorithms OIDs, forexample).


------------------------------------------------------------------------

--- packet-ssl.orig.c	2004-07-29 06:18:36.000000000 +0200
+++ packet-ssl.c	2004-07-29 16:48:34.000000000 +0200
@@ -96,6 +96,7 @@

#include <epan/conversation.h>
#include "prefs.h"
+#include "packet-x509af.h"

static gboolean ssl_desegment = TRUE;

@@ -170,6 +171,7 @@
static int hf_pct_handshake_hash_spec	= -1;
static int hf_pct_handshake_cert_spec	= -1;
static int hf_pct_handshake_cert	= -1;
+static int hf_pct_handshake_server_cert	= -1;
static int hf_pct_handshake_exch_spec	= -1;
static int hf_pct_handshake_hash	= -1;
static int hf_pct_handshake_cipher	= -1;
@@ -713,7 +715,7 @@
                                       guint32 offset);

static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
-                                  proto_tree *tree, guint32 offset);
+                                  proto_tree *tree, guint32 offset, packet_info *pinfo);

static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
                                      proto_tree *tree,
@@ -756,10 +758,10 @@
/* server hello dissector */
static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
                                          proto_tree *tree,
-                                          guint32 offset);
+                                          guint32 offset, packet_info *pinfo);
static void dissect_pct_msg_server_hello(tvbuff_t *tvb,
					 proto_tree *tree,
-					 guint32 offset);
+					 guint32 offset, packet_info *pinfo);


static void dissect_pct_msg_server_verify(tvbuff_t *tvb,
@@ -1427,7 +1429,7 @@
                break;

            case SSL_HND_CERTIFICATE:
-                dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset);
+                dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset, pinfo);
                break;

            case SSL_HND_SERVER_KEY_EXCHG:
@@ -1650,7 +1652,7 @@

static void
dissect_ssl3_hnd_cert(tvbuff_t *tvb,
-                      proto_tree *tree, guint32 offset)
+                      proto_tree *tree, guint32 offset, packet_info *pinfo)
{

    /* opaque ASN.1Cert<2^24-1>;
@@ -1698,14 +1700,15 @@
                                    tvb, offset, 3, FALSE);
                offset += 3;

-                proto_tree_add_bytes_format(subtree,
+                /*proto_tree_add_bytes_format(subtree,
                                            hf_ssl_handshake_certificate,
                                            tvb, offset, cert_length,
                                            tvb_get_ptr(tvb, offset, cert_length),
                                            "Certificate (%u byte%s)",
                                            cert_length,
                                            plurality(cert_length, "", "s"));
-
+				*/
+				dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, subtree, hf_ssl_handshake_certificate);
			   offset += cert_length;
            }
        }
@@ -2075,7 +2078,7 @@
            break;

        case SSL2_HND_SERVER_HELLO:
-            dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset);
+            dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset, pinfo);
            break;

        case SSL2_HND_ERROR:
@@ -2099,7 +2102,7 @@
			dissect_pct_msg_client_hello(tvb, ssl_record_tree, offset);
			break;
        case PCT_MSG_SERVER_HELLO:
-			dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset);
+			dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset, pinfo);
			break;
        case PCT_MSG_CLIENT_MASTER_KEY:
			dissect_pct_msg_client_master_key(tvb, ssl_record_tree, offset);
@@ -2322,7 +2325,7 @@
}

static void
-dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset)
+dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo)
{

/* structure:char SH_MSG_SERVER_HELLO

@@ -2405,7 +2408,8 @@
	offset += 2;
	
	if(SH_CERT_LENGTH) {
-		proto_tree_add_text(tree, tvb, offset, SH_CERT_LENGTH, "Server Certificate (%d bytes)", SH_CERT_LENGTH);
+		dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_pct_handshake_server_cert);
+		//proto_tree_add_text(tree, tvb, offset, SH_CERT_LENGTH, "Server Certificate (%d bytes)", SH_CERT_LENGTH);
		offset += SH_CERT_LENGTH;
	}

@@ -2622,7 +2626,7 @@

static void
dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
-                              proto_tree *tree, guint32 offset)
+                              proto_tree *tree, guint32 offset, packet_info *pinfo)
{
    /* struct {
     *    uint8  msg_type;
@@ -2696,13 +2700,15 @@
    /* now the variable length fields */
    if (certificate_length > 0)
    {
-        proto_tree_add_bytes_format(tree, hf_ssl_handshake_certificate,
+        /*proto_tree_add_bytes_format(tree, hf_ssl_handshake_certificate,
                                    tvb, offset, certificate_length,
                                    tvb_get_ptr(tvb, offset, certificate_length),
                                    "Certificate (%u byte%s)",
                                    certificate_length,
                                    plurality(certificate_length, "", "s"));
-        offset += certificate_length;
+        */
+		dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_ssl_handshake_certificate);
+		offset += certificate_length;
    }

    if (cipher_spec_length > 0)
@@ -3386,7 +3392,7 @@
			"PCT Certificate specification", HFILL }
		},
		{ &hf_pct_handshake_cert,
-		  { "Cert Spec", "pct.handshake.cert",
+		  { "Cert", "pct.handshake.cert",
			FT_UINT16, BASE_HEX, VALS(pct_cert_type), 0x0,
			"PCT Certificate", HFILL }
		},
@@ -3410,6 +3416,11 @@
			FT_UINT16, BASE_HEX, VALS(pct_error_code), 0x0,
			"PCT Error Code", HFILL }
		},
+		{ &hf_pct_handshake_server_cert,
+		  { "Server Cert", "pct.handshake.server_cert",
+			FT_BYTES, BASE_NONE, NULL , 0x0,
+			"PCT Server Certificate", HFILL }
+		},
    };

    /* Setup protocol subtree array */

Index: packet-ssl.c
===================================================================
--- packet-ssl.c	(revision 11567)
+++ packet-ssl.c	(working copy)
@@ -96,6 +96,7 @@
 
 #include <epan/conversation.h>
 #include "prefs.h"
+#include "packet-x509af.h"
 
 static gboolean ssl_desegment = TRUE;
 
@@ -170,6 +171,7 @@
 static int hf_pct_handshake_hash_spec	= -1;
 static int hf_pct_handshake_cert_spec	= -1;
 static int hf_pct_handshake_cert	= -1;
+static int hf_pct_handshake_server_cert	= -1;
 static int hf_pct_handshake_exch_spec	= -1;
 static int hf_pct_handshake_hash	= -1;
 static int hf_pct_handshake_cipher	= -1;
@@ -713,7 +715,7 @@
                                        guint32 offset);
 
 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
-                                  proto_tree *tree, guint32 offset);
+                                  proto_tree *tree, guint32 offset, packet_info *pinfo);
 
 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
                                       proto_tree *tree,
@@ -756,10 +758,10 @@
 /* server hello dissector */
 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
                                           proto_tree *tree,
-                                          guint32 offset);
+                                          guint32 offset, packet_info *pinfo);
 static void dissect_pct_msg_server_hello(tvbuff_t *tvb,
 					 proto_tree *tree,
-					 guint32 offset);
+					 guint32 offset, packet_info *pinfo);
 
 
 static void dissect_pct_msg_server_verify(tvbuff_t *tvb,
@@ -1427,7 +1429,7 @@
                 break;
 
             case SSL_HND_CERTIFICATE:
-                dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset);
+                dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset, pinfo);
                 break;
 
             case SSL_HND_SERVER_KEY_EXCHG:
@@ -1650,7 +1652,7 @@
 
 static void
 dissect_ssl3_hnd_cert(tvbuff_t *tvb,
-                      proto_tree *tree, guint32 offset)
+                      proto_tree *tree, guint32 offset, packet_info *pinfo)
 {
 
     /* opaque ASN.1Cert<2^24-1>;
@@ -1698,14 +1700,15 @@
                                     tvb, offset, 3, FALSE);
                 offset += 3;
 
-                proto_tree_add_bytes_format(subtree,
+                /*proto_tree_add_bytes_format(subtree,
                                             hf_ssl_handshake_certificate,
                                             tvb, offset, cert_length,
                                             tvb_get_ptr(tvb, offset, cert_length),
                                             "Certificate (%u byte%s)",
                                             cert_length,
                                             plurality(cert_length, "", "s"));
-
+				*/
+				dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, subtree, hf_ssl_handshake_certificate);
 			   offset += cert_length;
             }
         }
@@ -2075,7 +2078,7 @@
             break;
 
         case SSL2_HND_SERVER_HELLO:
-            dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset);
+            dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset, pinfo);
             break;
 
         case SSL2_HND_ERROR:
@@ -2099,7 +2102,7 @@
 			dissect_pct_msg_client_hello(tvb, ssl_record_tree, offset);
 			break;
         case PCT_MSG_SERVER_HELLO:
-			dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset);
+			dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset, pinfo);
 			break;
         case PCT_MSG_CLIENT_MASTER_KEY:
 			dissect_pct_msg_client_master_key(tvb, ssl_record_tree, offset);
@@ -2322,7 +2325,7 @@
 }
 
 static void
-dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset)
+dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo)
 {
 /* structure: 
 char SH_MSG_SERVER_HELLO
@@ -2405,7 +2408,8 @@
 	offset += 2;
 	
 	if(SH_CERT_LENGTH) {
-		proto_tree_add_text(tree, tvb, offset, SH_CERT_LENGTH, "Server Certificate (%d bytes)", SH_CERT_LENGTH);
+		dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_pct_handshake_server_cert);
+		//proto_tree_add_text(tree, tvb, offset, SH_CERT_LENGTH, "Server Certificate (%d bytes)", SH_CERT_LENGTH);
 		offset += SH_CERT_LENGTH;
 	}
 
@@ -2622,7 +2626,7 @@
 
 static void
 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
-                              proto_tree *tree, guint32 offset)
+                              proto_tree *tree, guint32 offset, packet_info *pinfo)
 {
     /* struct {
      *    uint8  msg_type;
@@ -2696,13 +2700,15 @@
     /* now the variable length fields */
     if (certificate_length > 0)
     {
-        proto_tree_add_bytes_format(tree, hf_ssl_handshake_certificate,
+        /*proto_tree_add_bytes_format(tree, hf_ssl_handshake_certificate,
                                     tvb, offset, certificate_length,
                                     tvb_get_ptr(tvb, offset, certificate_length),
                                     "Certificate (%u byte%s)",
                                     certificate_length,
                                     plurality(certificate_length, "", "s"));
-        offset += certificate_length;
+        */
+		dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_ssl_handshake_certificate);
+		offset += certificate_length;
     }
 
     if (cipher_spec_length > 0)
@@ -3386,7 +3392,7 @@
 			"PCT Certificate specification", HFILL }
 		},
 		{ &hf_pct_handshake_cert,
-		  { "Cert Spec", "pct.handshake.cert",
+		  { "Cert", "pct.handshake.cert",
 			FT_UINT16, BASE_HEX, VALS(pct_cert_type), 0x0,
 			"PCT Certificate", HFILL }
 		},
@@ -3410,6 +3416,11 @@
 			FT_UINT16, BASE_HEX, VALS(pct_error_code), 0x0,
 			"PCT Error Code", HFILL }
 		},
+		{ &hf_pct_handshake_server_cert,
+		  { "Server Cert", "pct.handshake.server_cert",
+			FT_BYTES, BASE_NONE, NULL , 0x0,
+			"PCT Server Certificate", HFILL }
+		},
     };
 
     /* Setup protocol subtree array */

Follow-Ups:
- Re: [Ethereal-dev] Re: packet-ssl.c patch for certificates
  - From: Olivier Biot
- Re: [Ethereal-dev] Re: packet-ssl.c patch for certificates
  - From: Ronnie Sahlberg
- Re: [Ethereal-dev] Re: packet-ssl.c patch for certificates
  - From: Ronnie Sahlberg

References:
- [Ethereal-dev] packet-ssl.c patch for certificates
  - From: Yaniv Kaul

Prev by Date: RE: [Ethereal-dev] CRC wish list
Next by Date: Re: [Ethereal-dev] Re: packet-ssl.c patch for certificates
Previous by thread: [Ethereal-dev] packet-ssl.c patch for certificates
Next by thread: Re: [Ethereal-dev] Re: packet-ssl.c patch for certificates
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$