Wireshark-bugs: [Wireshark-bugs] [Bug 5485] improper decode of TLS 1.2 packet containing both Ce
Date: Mon, 13 Dec 2010 08:32:41 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5485

--- Comment #3 from Kevin Fall <[email protected]> 2010-12-13 08:32:41 PST ---
(In reply to comment #2)
> (In reply to comment #1)
> > I'm getting a malformed packet warning. This looks like RFC5485 Errata ID: 1585
> 
> Ugh, so that means gnutls is generating pre-errata CertificateRequest formats. 
> How would you feel about arranging the decode to check if the 2nd/3rd bytes of
> the CertificateRequest message look like a valid sig alg and if not decode
> w/out that field (and note "pre Errata 1585-missing Sig ID") or some such?

Upon further inspection, no... it looks like the packet is ok.  I also receive
a "Malformed Packet: SSL" message.  The problem appears to be that the version
of Wireshark mentioned above simply doesn't proceed past the CertificateRequest
message to process the ServerHelloDone message in the same packet (which means
that gnutls is doing the right thing).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.