Wireshark-bugs: [Wireshark-bugs] [Bug 4349] Add support for TLS key logs
Date: Mon, 25 Jan 2010 10:01:52 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4349 --- Comment #16 from Adam Langley <agl@xxxxxxxxxxxx> 2010-01-25 10:01:47 PST --- (In reply to comment #15) > - IO channels are not (yet) used within Wireshark, I'm no expert on portability > (which the IO channels seem to be aiming for), but the documentation says: > "Currently full support is available on UNIX platforms, support for Windows is > only partially complete.". I think the use of IO channels should be discussed > on wireshark-dev first Have changed IO channels to stdio. I didn't have any particular reason for using them, I just noticed that wireshark was using glib and I checked for file handing functions in the glib reference. > - I'm not a fan of rereading the key-log file for each SSL negotiation in the > tracefile. I would suggest loading the PMS from file when the dissector > initiates, just like it is done for the certificates. The reason for the constant re-reading of the keylog file is that my typical use case is that the client is running concurrently with wireshark on the same host. So the client writes the keylog line just before writing to the socket and then wireshark can find it a few milliseconds later. > It would be nice to have > this "PMS cache" implemented in such a way it can be used to export the keys > too (when decryption was based on a certificate), as a start for implementing > bug 3444. Agreed. But I'm going to punt on that for now :) > - Please don't use C++ style comments, Wireshark is using ANSI-C for > portability. Fixed > - I've already checked in the "entrypted" spelling error fix :-) (SVN: 31628) Dropped. > Now that the export function is in NSS, will it be available in the official > Firefox/Chrome releases? Or does a custom debug version must be built? The code is only compiled into NSS if you build it with DEBUG and TRACE defined. (This is mainly for security reasons: we wouldn't want this stuff in normal builds). However, NSS and libssl3 are shared libraries, so you can build NSS in debug mode and set LD_LIBRARY_PATH to use them with Firefox. (Chrome is a little different. Chrome has its own copy of libssl because we have local patches. There you would need to build *Chrome* in debug mode.) -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- Prev by Date: [Wireshark-bugs] [Bug 3270] Wireshark locks up some Windows 2000 systems
- Next by Date: [Wireshark-bugs] [Bug 4349] Add support for TLS key logs
- Previous by thread: [Wireshark-bugs] [Bug 4349] Add support for TLS key logs
- Next by thread: [Wireshark-bugs] [Bug 4349] Add support for TLS key logs
- Index(es):
- Get Wireshark
- Download
- Code of Conduct