Wireshark-bugs: [Wireshark-bugs] [Bug 11480] New: SSL: RFC 7250 format for encoding raw public k
Date: Fri, 28 Aug 2015 11:49:41 +0000
Bug ID 11480
Summary SSL: RFC 7250 format for encoding raw public keys in certificate message
Product Wireshark
Version Git
Hardware All
OS All
Status UNCONFIRMED
Severity Minor
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter bergmann@tzi.org

Created attachment 13829 [details]
DTLS handshake using RPK in Certificate message

Build Information:
Wireshark 1.99.9 (v1.99.9rc0-403-g8b4ff24 from unknown)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>Wireshark 1.99.9
(v1.99.9rc0-403-g8b4ff24 from unknown)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 4.8.6, with libpcap, without POSIX capabilities,
without libnl, with libz 1.2.8, with GLib 2.42.1, without SMI, without c-ares,
without ADNS, with Lua 5.2, with GnuTLS 3.3.8, without Gcrypt, without
Kerberos,
without GeoIP, without PortAudio, without AirPcap.

Running on Linux 4.1.5, with locale C, with libpcap version 1.6.2, with libz
1.2.8, with GnuTLS 3.3.8.
Intel(R) Core(TM)2 Duo CPU     P9700  @ 2.80GHz

Built using gcc 4.9.2.

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 4.8.6, with libpcap, without POSIX capabilities,
without libnl, with libz 1.2.8, with GLib 2.42.1, without SMI, without c-ares,
without ADNS, with Lua 5.2, with GnuTLS 3.3.8, without Gcrypt, without
Kerberos,
without GeoIP, without PortAudio, without AirPcap.

Running on Linux 4.1.5, with locale C, with libpcap version 1.6.2, with libz
1.2.8, with GnuTLS 3.3.8.
Intel(R) Core(TM)2 Duo CPU     P9700  @ 2.80GHz

Built using gcc 4.9.2.

--
This bugtracker entry contains additional information for the change suggested
in 
https://code.wireshark.org/review/10272.

In short: 

ssl_dissect_hnd_cert() in epan/dissectors/packet-ssl-utils.c tries to parse the
raw public key conveyed in a Certificate Message as a list of certificates. RFC
7250 instead defines the data structure to consist of only a singe
subjectPublicKeyInfo entry without an additional length field for a
certificate_list. A trace showing a DTLS-1.2-handshake using raw public keys is
attached.


You are receiving this mail because:
  • You are watching all bug changes.