Wireshark-bugs: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures
Date: Tue, 5 May 2009 12:01:43 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444





--- Comment #12 from Sake <sake@xxxxxxxxxx>  2009-05-05 12:01:39 PDT ---
(In reply to comment #9)
> We have already some parts implemented.
> There is function ssl_set_master_secret() which sets master key and additional
> parameters into SSL decoders.
> 
> We need only some of its parameters for this functionality.
> It would be called in following way
> ssl_set_master_secret(frame_num=0, addr_srv, addr_cli, ptype=PT_TCP, port_srv,
> port_cli, version=SSL_VER_UNKNOWN, cipher=0, _master_secret,
> _client_random=NULL, _server_random=NULL, client_seq=0, server_seq=0)

Hmmm... I don't see this function being used anywhere at the moment. Was it
prepared for something, but never used? Or is it a leftover from earlier times?

Looks like things can be done more easily, there is a ssl_session_hash which
keeps a record of all the master keys, indexed by the ssl_session_id. We could
use ssl_save_session(ssl, ssl_session_hash) to add the master keys to this
table. Then in the master key file all the master keys need to be indexed by
ssl_session_id, instead of srcip:sport->dstip:dport. 

(This will also solve the problem when TCP ports are being reused)


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.