Bug 1240675

Summary: No dissection of the TLS Certificate Verify message
Product: Red Hat Enterprise Linux 6 Reporter: Jaroslav Aster <jaster>
Component: wiresharkAssignee: Martin Sehnoutka <msehnout>
Status: CLOSED ERRATA QA Contact: Jaroslav Aster <jaster>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.8CC: thozza
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: wireshark-1.8.10-17.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1239150 Environment:
Last Closed: 2017-03-21 09:54:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1356054, 1359261    

Description Jaroslav Aster 2015-07-07 13:40:52 UTC 
The same issue on rhel-6.

+++ This bug was initially created as a clone of Bug #1239150 +++

Description of problem:
When dissecting TLS 1.2 protocol traffic, the Handshake message Certificate Verify is not dissected in detail.

Version-Release number of selected component (if applicable):
wireshark-1.10.3-12.el7_0.x86_64

How reproducible:
Always

Steps to Reproduce:
1. tshark -o 'ssl.desegment_ssl_records:TRUE' -r capture.pcap -V -d tcp.port==4433,ssl | grep -A10 "Certificate Verify"

Actual results:
        Handshake Protocol: Certificate Verify
            Handshake Type: Certificate Verify (15)
            Length: 75
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

Expected results:
        Handshake Protocol: Certificate Verify
            Handshake Type: Certificate Verify (15)
            Length: 75
            Signature Hash Algorithm: 0x0402
                Signature Hash Algorithm Hash: SHA256 (4)
                Signature Hash Algorithm Signature: DSA (2)
            Signature length: 71
            Signature: 3045022044efb28004eb6107bf7fb42e053cd86d82033b3b...
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

Additional info:
The functionality is present in rather old upstream development snapshot - Version 1.99.6 (v1.99.6rc0-158-g356e9c4 from master).

Haven't checked GUI, it may have the same problem.
Comment 9 errata-xmlrpc 2017-03-21 09:54:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0631.html