Wireshark mailing list archives
Re: Supported GnuTLS/glib/libgcrypt versions?
From: Peter Wu <peter () lekensteyn nl>
Date: Wed, 14 Oct 2015 20:25:57 +0200
On Mon, Oct 12, 2015 at 02:02:18PM -0400, Jeff Morriss wrote:
On 10/11/15 17:32, Peter Wu wrote:Hi, Michal reported to me that a recent change in the SSL dissector was not compatible with older GnuTLS versions[1]. The changes introduced the use of functions gnutls_pubkey_import and gnutls_pubkey_import_rsa_raw which were introduced with GnuTLS 2.12.0 in 2011-03-24 (2.11.3 development). Michal is using (RHEL6?) GnuTLS 2.8.5 (released in November 2009). Since the minimum Qt4 version for upcoming Wireshark 2.0 is already higher than what RHEL6 ships, would you mind if the GnuTLS version is also bumped?Since GnuTLS is optional [and I don't do decryption very often ;-)] I don't really mind. I can't say that I know how much the rest of the RHEL 6 world uses decryption though.
Looks like GnuTLS is only needed if you have to supply a RSA private key. When using the SSL keylog file, having just libgcrypt is sufficient. Currently the SSL dissector requires both to be present for decryption, but that is an unnecessary restriction. I'll move code around so that at least decryption with a SSL keylog file can be supported.
But you do raise a good point: I should start doing test compiles of the 2.0 rc on RHEL 6. I hadn't realized my users would have to continue using the Gtk+ GUI. Too bad...
I have started testing with cmake + CentOS 6, it is not doing bad. At least these fixes are needed to fix the build: https://code.wireshark.org/review/10916 https://code.wireshark.org/review/11041 GnuTLS needs more work, for now it RHEL6 support for decryption with a RSA private key will be dropped. Maybe I'll find a solution later. The version check is updated at https://code.wireshark.org/review/11044.
Speaking of bumping library versions, can we also bump the glib and libgcrypt versions? Current versions are glib 2.14 and libgcrypt 1.1.92. If we could go to glib 2.28 (Feb 2011) and gcrypt 1.5.0 (Jun 2011), it would enable us to use newer functions such as g_list_free_full.The glib change is OK for me (for RHEL 6) but it does appear to mean we'd lose support for all SLES versions; I'd tend to think that would be a bad thing.
I made a mistake, SLES 12 includes glib2 2.38.2, the wiki is now updated to reflect that. For now the minimum gcrypt version is 1.4.2 (https://code.wireshark.org/review/11043). -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Supported GnuTLS/glib/libgcrypt versions? Peter Wu (Oct 11)
- Re: Supported GnuTLS/glib/libgcrypt versions? Michal Labedzki (Oct 11)
- Re: Supported GnuTLS/glib/libgcrypt versions? Jeff Morriss (Oct 12)
- Re: Supported GnuTLS/glib/libgcrypt versions? Gerald Combs (Oct 12)
- Re: Supported GnuTLS/glib/libgcrypt versions? Jeff Morriss (Oct 12)
- Re: Supported GnuTLS/glib/libgcrypt versions? Peter Wu (Oct 14)
- Re: Supported GnuTLS/glib/libgcrypt versions? Jeff Morriss (Oct 15)
- Re: Supported GnuTLS/glib/libgcrypt versions? Anders Broman (Oct 15)
- Re: Supported GnuTLS/glib/libgcrypt versions? Peter Wu (Oct 15)
- Re: Supported GnuTLS/glib/libgcrypt versions? Gerald Combs (Oct 12)
- Re: Supported GnuTLS/glib/libgcrypt versions? Guy Harris (Oct 15)
- Re: Supported GnuTLS/glib/libgcrypt versions? Peter Wu (Oct 15)