Wireshark-dev: Re: [Wireshark-dev] SSL + DTLS
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Thu, 29 Jun 2006 09:21:18 +0000
ah, a misunderstanding.

ok.    so the dtls stuff does not require linking with openssl then
there wont be any problem at all.

thanks for clarifying.



please also see   wiki.wireshark.org/SSL
i just checked in a change to the preference syntax that is not
backward compatible for ssl decryption.

i think it makes it better.   please mimic these changes in dtls
dissector   (i have little interest in dtls personally now   but great
interest in ssl decryption)


i will do more changes and refactoring to ssl decryption over time.





On 6/29/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:
hi,


I was talking about modifying directly openssl implementation allowing
me to make test on dtls dissector implementation.
In ethereal I can use (its the fact actually) gnutls because the only
usefull fonction to realize dissector is the cryptographics ones no
the send or receive one (based on tcp) that's why I choose to continue
with modifying dtls dissector in the same scheme as ssl one and
modifying openssl dtls implementation to have a complete dtls
implementation (and dissection with wireshark ;) )
so I can make mistake but the dtls dissector can be added on win32
version (like ssl?), the fact is dtls ans ssl dissectors use the same
functions in packet-ssl-utils.h so I think there is no problem (dtls
dissector don't use openssl at all).
tell me if I am right

regards,

samuel


On 6/29/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> it would just mean that dtls decryption would not work out of the box
> for win32 users since we can not ship win32 versions of ethereal
> linked with openssl.
>
> no drama.   if there is enough interest in the feature someone will
> implement the required gnutls magic if you dont have time.    if not
> it just mean there is no interest.
>
>
> i have associates that need the ssl decryption feature now so dont
> worry about ssl.    ill do the updates required to ssl.
> (beware     preference breaking update/change estimated to go in in 10
minutes)
>
> please ty to follow the ssl changes i do to svn for your dtls code.
>
>
>
>
>
>
> On 6/29/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:
> > hi,
> >
> > it isn't compatible  at all(bsd licence), and i have already posted on
> > gnutls mailing list to propose a dtls implementation.
> > in a first time i think it could be a good idea to have an
> > implementation that work correctly and in a second time another to
> > test interoperability
> > I have only one month to consacrate to project i don't think that i
> > could make gnutls implementation in this time....(i will do all i can
> > because i would like a gpl'ed implementation)
> > gnutls have the advantage that it implement TLS 1.1 but in other side
> > it have to change a lot of things for UDP adaptation
> >
> > I will try to finish openssl implem and in a second time i will look
> > at gnutls (if you are ready to help me  ;) )
> >
> > regards,
> >
> > samuel
> >
> > On 6/28/06, Joerg Mayer <jmayer@xxxxxxxxx> wrote:
> > > On Wed, Jun 28, 2006 at 11:31:28AM +0200, authesserre samuel wrote:
> > > > but dtls work on openssl version 0.9.b who contains many errors (I
> > > > have listed them on openssl-dev mailing list and correct 2 of them)
> > > > but in current time i havent time to finish implementation of dtls
> > > > (i'll try to correct it during july and dtls dissector in the same
> > > > time)
> > >
> > > Would it be feasible to use another lib than openssl (gnutls + gcrypt)
> > > instead? I'm still not really convinced that the way we provide
openssl
> > > is really compatible with gpl (and especially distros enabling it).
> > >
> > >  Ciao
> > >       Joerg
> > > --
> > > Joerg Mayer
<jmayer@xxxxxxxxx>
> > > We are stuck with technology when what we really want is just stuff
that
> > > works. Some say that should read Microsoft instead of technology.
> > > _______________________________________________
> > > Wireshark-dev mailing list
> > > Wireshark-dev@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > >
> >
> >
> > --
> > Authesserre Samuel
> > 12 rue de la défense passive
> > 14000 CAEN
> > FRANCE
> > 06-27-28-13-32
> > sauthess@xxxxxxxxx
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>


--
Authesserre Samuel
12 rue de la défense passive
14000 CAEN
FRANCE
06-27-28-13-32
sauthess@xxxxxxxxx
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev