Wireshark-users: Re: [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki
From: Bas Nedermeijer <baswire@xxxxxxxx>
Date: Thu, 13 Sep 2012 23:16:50 +0200
Hi, I have tried the test/suite-decryption.sh (from trunk-1.8.2). It seems to fail on my system (gentoo 64-bit). Info of tshark (I do see an undefined symbol error, not sure if it is related) =========================================== ../tshark -v Could not open file: 'AlcatelLucent.xml', error: No such file or directory /usr/src/wireshark/epan/.libs/libwireshark.so.2: undefined symbol: py_create_dissector_handle TShark 1.8.3 (SVN Rev Unknown from unknown) Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GLib 2.32.4, with libpcap, with libz 1.2.7, with POSIX capabilities (Linux), without SMI, without c-ares, without ADNS, with Lua 5.1, with Python 2.7.3, with GnuTLS 2.12.18, with Gcrypt 1.5.0, with MIT Kerberos, without GeoIP. Running on Linux 3.5.3-gentoo, with locale en_US.utf8, with libpcap version 1.1.1, with libz 1.2.7. Built using gcc 4.6.3. =========================================== I did enable the ssl-debug-file. Contents: =========================================== Private key imported: KeyID dd:29:74:15:7b:e6:76:47:f5:f0:68:3e:8a:55:61:62:... ssl_init IPv4 addr '127.0.0.1' (127.0.0.1) port '443' filename '/usr/src/wireshark/test/keys/rsasnakeoil2.key' password(only for p12 file) '' ssl_init private key file /usr/src/wireshark/test/keys/rsasnakeoil2.key successfully loaded. association_add TCP port 443 protocol http handle 0xb47af0 =========================================== Test suite output: ============================================ ./test.sh ---------------------------------------------------------------------- ### Test suite: All ### Subitems: --------- 1 Suite: Prerequisites (2 subitems) 2 Suite: Command line options (6 subitems) 3 Suite: File I/O (1 subitems) 4 Suite: Capture (3 subitems) 5 Suite: Unit tests (3 subitems) 6 Suite: File formats (1 subitems) 7 Suite: Decryption (1 subitems) 1-7 : Select item Enter: Test All Q : Quit ---------------------------------------------------------------------- ### Test suite: Decryption ### Subitems: --------- 1 Suite: TShark decryption (4 subitems) 1-1 : Select item Enter: Test All U : Up Q : Quit ---------------------------------------------------------------------- ### Decryption ### 1 Suite: TShark decryption 1.1 Step: IEEE 802.11 WPA PSK Decryption Remark: ../80211_keys exists. One or more tests may fail. Remark: ../dtlsdecrypttablefile exists. One or more tests may fail. Remark: ../ssl_keys exists. One or more tests may fail. Could not open file: 'AlcatelLucent.xml', error: No such file or directory OK 1.2 Step: DTLS Decryption Remark: ../80211_keys exists. One or more tests may fail. Remark: ../dtlsdecrypttablefile exists. One or more tests may fail. Remark: ../ssl_keys exists. One or more tests may fail. Could not open file: 'AlcatelLucent.xml', error: No such file or directory 1 "DTLS Decryption" Failed! Failed to decrypt DTLS =================================================== I have added a echo which outputs the exitcode of the command (It is 1 ). The same error occurs if I start the SSL test first (instead of the DTLS). Removing the ../ssl_keys ../dtlsdecrypttablefile ../80211_keys has no effect. The configure command of my build: ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share -- sysconfdir=/etc --localstatedir=/var/lib --libdir=/usr/lib64 --disable- dependency-tracking --disable-setuid-install --enable-setcap-install --enable- wireshark --enable-ipv6 --disable-profile-build --with-libcap --with-gcrypt -- without-geoip --with-krb5 --with-lua --with-dumpcap-group=wireshark --with- pcap --without-portaudio --with-python --without-libsmi --with-gnutls --with- zlib --disable-extra-gcc-checks --disable-usr-local -- sysconfdir=/etc/wireshark --without-adns --without-c-ares I am unable to downgrade my gnutls library, I am afraid it will break too much on my system. Kind regards, Bas Nedermeijer On Monday 10 September 2012 13:45:19 Gerald Combs wrote: > On 9/10/12 1:32 PM, Sake Blok wrote: > > Usually that means that you are using a private key that does not match > > the certificate. But it is the 3rd time I hear problems (on Linux) with > > decrypting the traffic with a key that is indeed matching the > > certificate. It might be the version of your SSL libraries that has a > > bug. Or Wireshark has a bug in the linux version. Could you file a > > bugreport on https://bugs.wireshark.org? > For what it's worth the Buildbot tests decryption of rsasnakeoil2.cap > via test/suite-decryption.sh. We currently run tests on Windows XP, > Windows 7, Ubuntu 12.04 and Solaris 10. > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki
- From: Grant Edwards
- Re: [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki
- From: Sake Blok
- Re: [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki
- From: Gerald Combs
- [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki
- Prev by Date: Re: [Wireshark-users] Filtering on fields in tunnel headers
- Next by Date: [Wireshark-users] mpeg2-ts as RTP payload and frame type?
- Previous by thread: Re: [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki
- Next by thread: [Wireshark-users] Filtering on fields in tunnel headers
- Index(es):