Date: Sun, 18 Jan 2009 08:31:14 GMT From: Dale Lindskog <dale.lindskog@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/130680: net/wireshark cannot decrypt ssl after upgraded to use libgcrypt-1.4.3 Message-ID: <200901180831.n0I8VEON009340@www.freebsd.org> Resent-Message-ID: <200901180840.n0I8e1xA078300@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 130680 >Category: ports >Synopsis: net/wireshark cannot decrypt ssl after upgraded to use libgcrypt-1.4.3 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jan 18 08:40:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Dale Lindskog >Release: 7.0-RELEASE >Organization: >Environment: FreeBSD testbox.no.domain 7.0-RELEASE-p8 FreeBSD 7.0-RELEASE-p8 #0: Wed Jan 7 22:02:19 MST 2009 dale@testbox.no.domain:/usr/obj/usr/src/sys/DALE_KERNEL2 amd64 >Description: After upgrading tshark-lite to use libgcrypt-1.4.3, ssl decryption (with private key) is broken. Using portdowngrade(1), I reverted back to libgcrypt-1.4.1_1, and got ssl decryption working again. Here's the versions of the relevant ports where ssl decryption DOES NOT work: $ pkg_info | egrep 'libgcrypt|gnutls|tshark' gnutls-2.6.3 GNU Transport Layer Security library libgcrypt-1.4.3 General purpose crypto library based on code used in GnuPG tshark-lite-1.0.5 A powerful network analyzer/capture tool (lite package) And here's the versions of the relevant ports where ssl decryption DOES work: $ pkg_info | egrep 'libgcrypt|gnutls|tshark' gnutls-2.4.2_1 GNU Transport Layer Security library libgcrypt-1.4.1_1 General purpose crypto library based on code used in GnuPG tshark-lite-1.0.5 A powerful network analyzer/capture tool (lite package) Also, the specific problem with ssl decryption that I had is basically identical to the one described in the following URL: http://wireshark.osmirror.nl/lists/wireshark-dev/200707/msg00244.html >How-To-Repeat: As far as I know, it should be repeatable provided one installs tshark-lite (or tshark, or wireshark) from a currently up-to-date ports tree. I ran tests on two amd64 machines (one 7.0-RELEASE, one 7.1-RELEASE), and provided tshark-lite was build to use libgcrypt-1.4.2, ssl decryption broke. >Fix: Use portdowngrade(1) to downgrade libgcrypt to 1.4.1_1, gnutls to 2.4.2_1, and tshark-lite to 1.0.5 (before wireshark port was bumped to use libgcrypt-1.4.3). >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901180831.n0I8VEON009340>