On Fri, Feb 08, 2008 at 08:38:45PM +0000, DePriest, Jason R. wrote:
> On Feb 8, 2008 8:49 AM, Sake Blok <> wrote:
> > On Thu, Feb 07, 2008 at 11:40:12PM -0600, DePriest, Jason R. wrote:
> >
> > In case it is a full proxy, have you tried using the following
> > in the ssl protocol settings?
> >
> > <ip-of-proxy>,<proxy-port>,http,<keyfile>
>
> It is a full proxy auto-configured by PAC using a wpad.dat file.
>
> I had already tried the exact syntax you propose. The problem seems
> to be getting the right <keyfile> from the proxy.
>
> ssl_init keys string:
> 10.70.4.5,8080,http,C:\Program Files\Wireshark\proxy-key.pem
> ssl_init found host entry 10.70.4.5,8080,http,C:\Program
> Files\Wireshark\proxy-key.pem
> ssl_init addr 10.70.4.5 port 8080 filename C:\Program
> Files\Wireshark\proxy-key.pem
> ssl_load_key: can't import pem data
Does your "proxy-key.pem" file has a similar heading like this:
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDDheBxxgRp9Zg/D6pGzTEx0sn4C6vkLj/ftPp62XVD8Af7VbE7
If not, you need to fiddle around with OpenSSL some more.
If it looks like a binary file the key is probably in DER format.
Try: openssl rsa -in proxy-key.pem -inform DER -out proxy-key-pem.pem
If it looks something like:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,0F30F91E577C7C84
scqGvyiks3J+eIluLMtIRwHRBqGhN+zE1yez4SZ9373C9ttZkWPWVX0ULl1XUkjV
Then the key is protected by a passphrase and unfortunately Wireshark
is not (yet?) able to read passphrase protected key files.
You can strip the passphrase with:
openssl rsa -in proxy-key.pem -out proxy-key-cleartext.pem
Hope this helps,
Cheers,
Sake
