Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Decoding New TLS CLient Hello Extension

From: Graham Bloice <graham.bloice () trihedral com>
Date: Fri, 15 Apr 2016 10:05:01 +0100
On 15 April 2016 at 02:24, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:


[Resending with the list in Cc:; I'm not sure why gmail's web interface
decided to drop the list when I hit reply.]

On Thu, Apr 14, 2016 at 3:48 PM, <nalini.elkins () insidethestack com> wrote:




On Thu, Apr 14, 2016 at 3:07 PM, <nalini.elkins () insidethestack com>
wrote:


Your best path forward would likely be to just modify the SSL

dissector's C code; ideally you could then push that code to Wireshark so
future versions will dissect the extension too.

Sure.  Happy to do that (once it all works!) but I was having trouble
finding where that SSL dissector's C code actually was.  It looks like it
may be invoking gnutls libraries?  Thanks for your help.



epan/dissectors/packet-ssl.c, also available here:


https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-ssl.c



I think the TLS client extension stuff is in packet-ssl-utils.c, in
function ssl_dissect_hnd_hello_ext().

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-ssl-utils.c
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-ssl.c>


-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: