Bug 1240675 - No dissection of the TLS Certificate Verify message
Summary: No dissection of the TLS Certificate Verify message
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: wireshark
Version: 6.8
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Martin Sehnoutka
QA Contact: Jaroslav Aster
URL:
Whiteboard:
Depends On:
Blocks: 1356054 1359261
TreeView+ depends on / blocked
 
Reported: 2015-07-07 13:40 UTC by Jaroslav Aster
Modified: 2017-03-21 09:54 UTC (History)
1 user (show)

Fixed In Version: wireshark-1.8.10-17.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1239150
Environment:
Last Closed: 2017-03-21 09:54:36 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0631 normal SHIPPED_LIVE Moderate: wireshark security and bug fix update 2017-03-21 12:29:55 UTC

Description Jaroslav Aster 2015-07-07 13:40:52 UTC
The same issue on rhel-6.

+++ This bug was initially created as a clone of Bug #1239150 +++

Description of problem:
When dissecting TLS 1.2 protocol traffic, the Handshake message Certificate Verify is not dissected in detail.

Version-Release number of selected component (if applicable):
wireshark-1.10.3-12.el7_0.x86_64

How reproducible:
Always

Steps to Reproduce:
1. tshark -o 'ssl.desegment_ssl_records:TRUE' -r capture.pcap -V -d tcp.port==4433,ssl | grep -A10 "Certificate Verify"

Actual results:
        Handshake Protocol: Certificate Verify
            Handshake Type: Certificate Verify (15)
            Length: 75
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

Expected results:
        Handshake Protocol: Certificate Verify
            Handshake Type: Certificate Verify (15)
            Length: 75
            Signature Hash Algorithm: 0x0402
                Signature Hash Algorithm Hash: SHA256 (4)
                Signature Hash Algorithm Signature: DSA (2)
            Signature length: 71
            Signature: 3045022044efb28004eb6107bf7fb42e053cd86d82033b3b...
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

Additional info:
The functionality is present in rather old upstream development snapshot - Version 1.99.6 (v1.99.6rc0-158-g356e9c4 from master).

Haven't checked GUI, it may have the same problem.

Comment 9 errata-xmlrpc 2017-03-21 09:54:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0631.html


Note You need to log in before you can comment on or make changes to this bug.