Hi,
I have tried the test/suite-decryption.sh (from trunk-1.8.2). It seems to fail
on my system (gentoo 64-bit).
Info of tshark (I do see an undefined symbol error, not sure if it is related)
===========================================
../tshark -v
Could not open file: 'AlcatelLucent.xml', error: No such file or directory
/usr/src/wireshark/epan/.libs/libwireshark.so.2: undefined symbol:
py_create_dissector_handle
TShark 1.8.3 (SVN Rev Unknown from unknown)
Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.32.4, with libpcap, with libz 1.2.7, with POSIX
capabilities (Linux), without SMI, without c-ares, without ADNS, with Lua 5.1,
with Python 2.7.3, with GnuTLS 2.12.18, with Gcrypt 1.5.0, with MIT Kerberos,
without GeoIP.
Running on Linux 3.5.3-gentoo, with locale en_US.utf8, with libpcap version
1.1.1, with libz 1.2.7.
Built using gcc 4.6.3.
===========================================
I did enable the ssl-debug-file. Contents:
===========================================
Private key imported: KeyID
dd:29:74:15:7b:e6:76:47:f5:f0:68:3e:8a:55:61:62:...
ssl_init IPv4 addr '127.0.0.1' (127.0.0.1) port '443' filename
'/usr/src/wireshark/test/keys/rsasnakeoil2.key' password(only for p12 file) ''
ssl_init private key file /usr/src/wireshark/test/keys/rsasnakeoil2.key
successfully loaded.
association_add TCP port 443 protocol http handle 0xb47af0
===========================================
Test suite output:
============================================
./test.sh
----------------------------------------------------------------------
### Test suite: All ###
Subitems:
---------
1 Suite: Prerequisites (2 subitems)
2 Suite: Command line options (6 subitems)
3 Suite: File I/O (1 subitems)
4 Suite: Capture (3 subitems)
5 Suite: Unit tests (3 subitems)
6 Suite: File formats (1 subitems)
7 Suite: Decryption (1 subitems)
1-7 : Select item
Enter: Test All
Q : Quit
----------------------------------------------------------------------
### Test suite: Decryption ###
Subitems:
---------
1 Suite: TShark decryption (4 subitems)
1-1 : Select item
Enter: Test All
U : Up
Q : Quit
----------------------------------------------------------------------
### Decryption ###
1 Suite: TShark decryption
1.1 Step: IEEE 802.11 WPA PSK Decryption Remark: ../80211_keys exists. One or
more tests may fail.
Remark: ../dtlsdecrypttablefile exists. One or more tests may fail.
Remark: ../ssl_keys exists. One or more tests may fail.
Could not open file: 'AlcatelLucent.xml', error: No such file or directory
OK
1.2 Step: DTLS Decryption Remark: ../80211_keys exists. One or more tests may
fail.
Remark: ../dtlsdecrypttablefile exists. One or more tests may fail.
Remark: ../ssl_keys exists. One or more tests may fail.
Could not open file: 'AlcatelLucent.xml', error: No such file or directory
1
"DTLS Decryption" Failed!
Failed to decrypt DTLS
===================================================
I have added a echo which outputs the exitcode of the command (It is 1 ).
The same error occurs if I start the SSL test first (instead of the DTLS).
Removing the ../ssl_keys ../dtlsdecrypttablefile ../80211_keys has no effect.
The configure command of my build:
./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu
--mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --
sysconfdir=/etc --localstatedir=/var/lib --libdir=/usr/lib64 --disable-
dependency-tracking --disable-setuid-install --enable-setcap-install --enable-
wireshark --enable-ipv6 --disable-profile-build --with-libcap --with-gcrypt --
without-geoip --with-krb5 --with-lua --with-dumpcap-group=wireshark --with-
pcap --without-portaudio --with-python --without-libsmi --with-gnutls --with-
zlib --disable-extra-gcc-checks --disable-usr-local --
sysconfdir=/etc/wireshark --without-adns --without-c-ares
I am unable to downgrade my gnutls library, I am afraid it will break too much
on my system.
Kind regards,
Bas Nedermeijer
On Monday 10 September 2012 13:45:19 Gerald Combs wrote:
> On 9/10/12 1:32 PM, Sake Blok wrote:
> > Usually that means that you are using a private key that does not match
> > the certificate. But it is the 3rd time I hear problems (on Linux) with
> > decrypting the traffic with a key that is indeed matching the
> > certificate. It might be the version of your SSL libraries that has a
> > bug. Or Wireshark has a bug in the linux version. Could you file a
> > bugreport on https://bugs.wireshark.org?
> For what it's worth the Buildbot tests decryption of rsasnakeoil2.cap
> via test/suite-decryption.sh. We currently run tests on Windows XP,
> Windows 7, Ubuntu 12.04 and Solaris 10.
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
