2019-05-26 06:11:07 +00:00
|
|
|
|
|
|
|
Changelog
|
|
|
|
=========
|
|
|
|
|
|
|
|
v1.0 (2019-05-26)
|
|
|
|
-----------------
|
|
|
|
- Merge pull request #21 from qha/repair-make-targets. [Alexandre
|
|
|
|
Dulaunoy]
|
|
|
|
|
|
|
|
Repair make targets and ssl/ssldecode.c, bump version
|
|
|
|
- Rerun autoconf. [Ulrik Haugen]
|
|
|
|
- Bump version. [Ulrik Haugen]
|
|
|
|
- Repair ssl_key_log_file handling. [Ulrik Haugen]
|
|
|
|
|
|
|
|
Set ssl_key_log_file to null in ssl_decode_ctx_create if no
|
|
|
|
file name was supplied.
|
|
|
|
|
|
|
|
Only seek ssl_key_log_file in ssl_read_key_log_file if it
|
|
|
|
is non null.
|
|
|
|
|
|
|
|
Repair order of fseek parameters.
|
|
|
|
- Take project name and version from configure define. [Ulrik Haugen]
|
|
|
|
|
|
|
|
... in print_version.
|
|
|
|
- Enable compiling without std c99 when OPENSSL is defined. [Ulrik
|
|
|
|
Haugen]
|
|
|
|
- Repair spelling in comments. [Ulrik Haugen]
|
|
|
|
- Remove presumably extraneous files. [Ulrik Haugen]
|
|
|
|
- Remove extraneous files. [Ulrik Haugen]
|
|
|
|
- Add .gitignore. [Ulrik Haugen]
|
|
|
|
- Make install target install doc files. [Ulrik Haugen]
|
|
|
|
- Repair installdir variable names. [Ulrik Haugen]
|
|
|
|
- Repair dist target. [Ulrik Haugen]
|
|
|
|
|
|
|
|
Mark phony targets as such.
|
|
|
|
|
|
|
|
Cease use of unobtainable version-check.pl.
|
|
|
|
|
|
|
|
Take version from configure substituted variable.
|
|
|
|
|
|
|
|
Adjust dist archive location.
|
|
|
|
|
|
|
|
Prune more backup files.
|
|
|
|
- Whitespace. [Ulrik Haugen]
|
|
|
|
- Set package name in configure.in, move version there. [Ulrik Haugen]
|
|
|
|
- Merge pull request #19 from 1div0/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
GREASE
|
|
|
|
- GREASE. [Peter Kovář]
|
|
|
|
- Merge pull request #18 from mathewmarcus/dh_aes_gcm_support.
|
|
|
|
[Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
Dh aes gcm support
|
|
|
|
- Use macro to check if cipher is AEAD. [mathewmarcus]
|
|
|
|
- Update man page with -l sslkeylogfile option. [mathewmarcus]
|
|
|
|
- Updated relevant ciphersuites with GCM enc. [mathewmarcus]
|
|
|
|
- Added fix for AES256 GCM decryption. [mathewmarcus]
|
|
|
|
- Added case insensitive string comparison macro. [mathewmarcus]
|
|
|
|
- Added support for AES GCM decryption. [mathewmarcus]
|
|
|
|
- Use sslkeylogfile to get MS if possible. [mathewmarcus]
|
|
|
|
- Added function to extract MS from sslkeylogfile. [mathewmarcus]
|
|
|
|
- Added GCM specific ciphersuite info. [mathewmarcus]
|
|
|
|
- Added sslkeylogfile pointer to decode ctx. [mathewmarcus]
|
|
|
|
- Fix decoding and printing of DiffieHellman Client params.
|
|
|
|
[mathewmarcus]
|
|
|
|
- Add l option for SSLKEYLOGFILE. [mathewmarcus]
|
|
|
|
- Merge pull request #17 from mathewmarcus/fix_extension_bug. [Alexandre
|
|
|
|
Dulaunoy]
|
|
|
|
|
|
|
|
correctly handle case where server hello does not request extension s…
|
|
|
|
- Improve syntax. [mathewmarcus]
|
|
|
|
- Correctly handle case where server hello does not request extension
|
|
|
|
specified by client. [mathewmarcus]
|
|
|
|
- Merge pull request #16 from mathewmarcus/tls_extensions. [Alexandre
|
|
|
|
Dulaunoy]
|
|
|
|
|
|
|
|
Tls extensions
|
|
|
|
- Code cleanup. [mathewmarcus]
|
|
|
|
- Added support for SNI. [mathewmarcus]
|
|
|
|
- Added support for encrypt-then-mac. [mathewmarcus]
|
|
|
|
- Finished support for extended master secret. [mathewmarcus]
|
|
|
|
- Calculate session hash. [mathewmarcus]
|
|
|
|
- Added struct to store extensions. [mathewmarcus]
|
|
|
|
- Added struct to store extensions. [mathewmarcus]
|
|
|
|
- Revert "moved struct ssl_decoder_ definition into header file because
|
|
|
|
we need it in ssl.enums.c" [Mathew Marcus]
|
|
|
|
|
|
|
|
This reverts commit 193c6001086920c0623593aba373f948aa275f8d.
|
|
|
|
- Moved struct ssl_decoder_ definition into header file because we need
|
|
|
|
it in ssl.enums.c. [mathewmarcus]
|
|
|
|
- Added handler for extended master secret extension. [mathewmarcus]
|
|
|
|
- Rename functions. [mathewmarcus]
|
|
|
|
- Record handshake messages for session hash. [Mathew Marcus]
|
|
|
|
- Include extensions in output. [mathewmarcus]
|
|
|
|
- Merge pull request #15 from Whissi/update-ciphers. [Alexandre
|
|
|
|
Dulaunoy]
|
|
|
|
|
|
|
|
Update ciphers
|
|
|
|
- Adjust cipher suite formation. [Thomas Deutschmann]
|
|
|
|
- Add TLS 1.3 cipher suites. [Thomas Deutschmann]
|
|
|
|
- Add fallback signaling cipher suite. [Thomas Deutschmann]
|
|
|
|
- Add CHACHA20_POLY1305 cipher suite. [Thomas Deutschmann]
|
|
|
|
- Merge pull request #14 from davidkretch/fix-typo. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
Fix a typo in the man page
|
|
|
|
- Fix a typo in the man page. [David Kretch]
|
|
|
|
|
|
|
|
Delete the extra "to" in "To decrypt traffic to to host" under the examples section.
|
|
|
|
- Merge pull request #13 from alperakcan/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
fix ssl record queue data read
|
|
|
|
- - fix mis calculation of read_left if queue already has some data,
|
|
|
|
which might not be bigger than ssl_header_size - update q->ptr only if
|
|
|
|
q->data is changed. [Alper Akcan]
|
|
|
|
- Merge pull request #1 from adulau/master. [Alper Akcan]
|
|
|
|
|
|
|
|
Merge pull request #12 from alperakcan/master
|
|
|
|
- Merge pull request #12 from alperakcan/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
Fix packet length calculation if IP length is 0, due to TSO
|
|
|
|
- Fix packet length calculation if IP length is 0, due to TSO. [Alper
|
|
|
|
Akcan]
|
|
|
|
- Typo fixed. [Alexandre Dulaunoy]
|
|
|
|
- Explanation added in a new README. [Alexandre Dulaunoy]
|
|
|
|
- Merge pull request #9 from PequalsNP-team/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
updated configure for new libpcap location on most linux distro
|
|
|
|
- Updated configure for new libpcap location on most linux distro.
|
|
|
|
[thez3ro]
|
|
|
|
- Merge pull request #7 from knowtoto/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
Fix a null pointer dereference bug
|
|
|
|
- Fix a null pointer dereference bug of tls12_prf be caused by invalid
|
|
|
|
extern declaration for digests variable. [hyunkyu.oh]
|
|
|
|
- Merge pull request #5 from wllm-rbnt/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
More code cleaning
|
|
|
|
- Include string.h (remove warnings about memcpy) [William Robinet]
|
|
|
|
- Fix order of arguments in calls to calloc. [William Robinet]
|
|
|
|
- "Each invocation of va_start() must be matched by a corresponding
|
|
|
|
invocation of va_end()" [William Robinet]
|
|
|
|
- Remove dead code. [William Robinet]
|
|
|
|
- Do not use uninitialized variable. [William Robinet]
|
|
|
|
- Make valgrind/memcheck happy. [William Robinet]
|
|
|
|
- Add missing comma (introduced by
|
|
|
|
2d067c26503ace1466d132e7efd9f0ff7885295a) [William Robinet]
|
|
|
|
- Merge pull request #4 from wllm-rbnt/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
Fix cleanup loop
|
|
|
|
- Avoid auto-vivisection during connection clean-up ... [William
|
|
|
|
Robinet]
|
|
|
|
- Fix inactive connection removal. [William Robinet]
|
|
|
|
- Merge pull request #3 from wllm-rbnt/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
[bugfix] Initialize initial reference timeval
|
|
|
|
- Initialize initial reference timeval Avoids wrong cleaning of first
|
|
|
|
connection(s) [William Robinet]
|
|
|
|
- Merge pull request #2 from wllm-rbnt/master. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
Fixes for 2 memory leaks and in flight structure cleaning
|
|
|
|
- Fix memory leak if SSL session id is not present. [William Robinet]
|
|
|
|
- In flight connection pool cleaning. [William Robinet]
|
|
|
|
- Fix memory leak at connection closing. [William Robinet]
|
|
|
|
- Merge pull request #1 from wllm-rbnt/csloop. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
Fix for infinite loop in Ciphers Suite decoding
|
|
|
|
- Fix for infinite loop in Ciphers Suite decoding. [William Robinet]
|
|
|
|
- Dtable bug fixed: list overrun (from NetBSD tree) [Alexandre Dulaunoy]
|
|
|
|
- Memory leak per TLS session removed. Call cleanup after each
|
|
|
|
finalization. [Alexandre Dulaunoy]
|
|
|
|
- Free also the packet structure. [Alexandre Dulaunoy]
|
|
|
|
- Snaplen increased to the default jumbo frame size. [Alexandre
|
|
|
|
Dulaunoy]
|
|
|
|
|
|
|
|
If the snaplen is lower than the total frame length announced,
|
|
|
|
ssldump won't be able to reassemble the payload. "Length mismatch"
|
|
|
|
error. Tested on Ethernet uplinks supporting jumbo frame.
|
|
|
|
- Continue even if no IP address is assigned on the interface.
|
|
|
|
[Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
ssldump in a production environment can be used on a capture
|
|
|
|
interface where no IP addresses are assigned. Print a warning instead
|
|
|
|
of exiting.
|
|
|
|
- Modern config.guess/sub from Ubuntu ssldump package. [Alexandre
|
|
|
|
Dulaunoy]
|
|
|
|
- Ssldump-0.9-ciphersuites.patch. [Alexandre Dulaunoy]
|
|
|
|
- Ssldump-0.9-ssl-enums.patch. [Alexandre Dulaunoy]
|
|
|
|
- Ssldump-0.9-tlsv12.patch. [Alexandre Dulaunoy]
|
|
|
|
- Ssldump-0.9-pcap-vlan.patch. [Alexandre Dulaunoy]
|
|
|
|
- Ssldump-0.9-link_layer.patch. [Alexandre Dulaunoy]
|
|
|
|
- Ssldump-0.9-table-stops.patch. [Alexandre Dulaunoy]
|
|
|
|
- Sldump-0.9-cvs-20060619.patch. [Alexandre Dulaunoy]
|
|
|
|
- Sldump-0.9-aes.patch. [Alexandre Dulaunoy]
|
|
|
|
- Sldump-0.9-libpcap.patch. [Alexandre Dulaunoy]
|
|
|
|
- Ssldump-0.9-openssl.patch. [Alexandre Dulaunoy]
|
|
|
|
- Ssldump_0.9b3.orig.tar.gz Import. [Alexandre Dulaunoy]
|
|
|
|
|
|
|
|
|
|
|
|
Original changelog file
|
|
|
|
-----------------------
|
|
|
|
|
2017-05-29 12:54:19 +00:00
|
|
|
Mon 29 May 2017 03:49:00 PM +03 Alper <alper.akcan@gmail.com>
|
|
|
|
* Fix packet length calculation if IP length is
|
|
|
|
0 due to TSO.
|
|
|
|
|
2015-01-31 09:13:33 +00:00
|
|
|
Wed Aug 21 10:48:45 2002 EKR <ekr@rtfm.com>
|
|
|
|
* Installed Greg Stark's new Win32 patches.
|
|
|
|
|
|
|
|
* Added updated VLAN support (Jeffrey Hafey)
|
|
|
|
|
|
|
|
Fri Aug 16 16:56:23 2002 EKR <ekr@rtfm.com>
|
|
|
|
* Cleaned up 56-bit ciphersuites in ciphersuites.c
|
|
|
|
|
|
|
|
* Fixed memory errors in packet copying.
|
|
|
|
|
|
|
|
* Fixed bugs in processing of bogus SSLv2 messages.
|
|
|
|
|
|
|
|
* Fixed bugs in TCP packet reassembly code.
|
|
|
|
|
|
|
|
Tue Aug 13 13:03:41 2002 EKR <ekr@rtfm.com>
|
|
|
|
* Fixed EXPORT1024 DES cipher suites
|
|
|
|
|
|
|
|
Mon Aug 12 16:49:51 2002 EKR <ekr@rtfm.com>
|
|
|
|
* Added support for VLAN networks (Jeffrey Hafey)
|
|
|
|
|
|
|
|
* Fixed printing of data with embedded tabs (Pavel Curtis)
|
|
|
|
|
|
|
|
* Added support for non-promiscuous mode (-P flag)
|
|
|
|
(Bruce M Simpson)
|
|
|
|
|
|
|
|
* Fixed potential small overrun in RSA decryption.
|
|
|
|
|
|
|
|
Fri Sep 28 15:54:47 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Fixed install so that we install in /usr/local/sbin
|
|
|
|
with mode 755. Bug report ssldump/22.
|
|
|
|
(Dave Jagoda)
|
|
|
|
|
|
|
|
* Fixed compilation warning about create_null_analyzer
|
|
|
|
Bug report ssldump/23.
|
|
|
|
|
|
|
|
Wed Sep 26 14:49:06 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Fixed SYN & SYN/ACK detection to that it works with ECN.
|
|
|
|
(Henrik Nordstrom)
|
|
|
|
|
|
|
|
* Added /usr/include/pcap to the PCAP search path
|
|
|
|
(Henrik Nordstrom)
|
|
|
|
|
|
|
|
Sat Sep 15 13:41:10 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Fix to ssldecode.c to remove error with empty
|
|
|
|
struct when compiling with VC++ and no OpenSSL
|
|
|
|
(Greg Stark)
|
|
|
|
|
|
|
|
* Change to vcwin32.mak to print out that you're not
|
|
|
|
using OpenSSL (Greg Stark)
|
|
|
|
|
|
|
|
* Automatic version changing courtesy of version-change.pl
|
|
|
|
|
|
|
|
Fri Sep 14 15:22:29 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Fixed bug 4. Delete the MS after decrypting a PMS
|
|
|
|
to force new MS generation in the key generation phase.
|
|
|
|
This makes decryption of renegotiated connections work
|
|
|
|
correctly. This got broken when session resumption
|
|
|
|
was added.
|
|
|
|
|
|
|
|
2001-09-14 Eric Rescorla <ekr@rtfm.com>
|
|
|
|
|
|
|
|
* Imported Greg Stark's Win32 port
|
|
|
|
|
|
|
|
Sun Sep 2 15:53:06 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Fixed the reassembler so it doesn't crash when
|
|
|
|
FIN/RST segments have data.
|
|
|
|
|
|
|
|
* closure/connection freeing now works, thus meaning less
|
|
|
|
memory leakage and less crashing.
|
|
|
|
|
|
|
|
* A bunch of trivial makefile/configure fixes.
|
|
|
|
|
|
|
|
Fri Jul 20 16:40:51 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Removed loading of certificate file. This served
|
|
|
|
no real purpose. Fix for bug 5.
|
|
|
|
|
|
|
|
Fri Jul 20 11:02:09 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Fixed initialization so that the key file is loaded
|
|
|
|
only once.
|
|
|
|
|
|
|
|
Removed default keyfile and password. You now must
|
|
|
|
specify them. You also get an error if you specify
|
|
|
|
a bad password or keyfile.
|
|
|
|
|
|
|
|
Fri Jul 20 10:17:36 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Added support for session resumption.
|
|
|
|
|
|
|
|
Fri Jul 20 10:17:16 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Fixed SEQ_LT problems on Linux and other compilation
|
|
|
|
problems.
|
|
|
|
|
|
|
|
Tue Mar 6 2001 EKR <ekr@rtfm.com>
|
|
|
|
* Removed statically allocated conn array. We can now
|
|
|
|
have an arbitrary number of
|
|
|
|
|
|
|
|
Thu Nov 9 12:14:15 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Cleanups to the man page and cleaned up some cases
|
|
|
|
where printing didn't work quite right.
|
|
|
|
|
|
|
|
Mon Nov 6 10:22:25 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Added the -X flag to force hex-only printing when
|
|
|
|
binary data is displayed as hex dumps.
|
|
|
|
|
|
|
|
Fri Nov 3 09:23:35 2000 EKR <ekr@rtfm.com>
|
|
|
|
* cleaned up the case where multiple handshake messages
|
|
|
|
are in the same SSL record.
|
|
|
|
|
|
|
|
Fri Nov 3 09:14:39 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Modified printing so that when we're printing hex dumps
|
|
|
|
of application data traffic we also print the printable
|
|
|
|
sections of the data itself in a column on the side.
|
|
|
|
|
|
|
|
Thu Nov 2 14:14:21 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Modified cipher suite printing so that the names have
|
|
|
|
SSL_ if we're doing SSLv3 and TLS_ if we're doing TLS.
|
|
|
|
Suggestion by Eric Murray.
|
|
|
|
|
|
|
|
Thu Nov 2 13:07:09 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Fixed an ABW in ssldecode.c that caused crashes
|
|
|
|
on Solaris. Also, fixed a bunch of memory leaks
|
|
|
|
using Purify.
|
|
|
|
|
|
|
|
Thu Nov 2 08:45:42 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Various Portability fixes
|
|
|
|
CC=gcc -> CC=@CC@ in Makefile
|
|
|
|
Removed FLAGS in Makefile (it was a noop)
|
|
|
|
in base/tcpconn.c, changed {} to {0} to appease HPUX's compiler
|
|
|
|
made create_null_analyzer.c static as it should be.
|
|
|
|
Removed the final (bogus) entry in null_vtbl.
|
|
|
|
made sslx__print_serial() static to match its prototype
|
|
|
|
Rearranged library order for better linkage
|
|
|
|
Thanks to Lutze Jainecke for these fixes.
|
|
|
|
|
|
|
|
Thu Nov 2 08:41:10 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Added -r as a synonym for -f. -f will eventually
|
|
|
|
be removed and reused for some other option.
|
|
|
|
This was done for option compatibility with tcpdump
|
|
|
|
and on the theory that someday I might add a -w.
|
|
|
|
|
|
|
|
* Renamed -h to -H and added it to the documentation.
|
|
|
|
-h now triggers usage info.
|
|
|
|
|
|
|
|
Thu Nov 2 08:38:06 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Removed blank lines in the man page. This confuses some
|
|
|
|
man page formatters. (Thanks to Hugh Mandeville for pointing
|
|
|
|
this one out)
|
|
|
|
|
|
|
|
Thu Nov 2 08:37:59 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Wired up -N (it was unwired)
|
|
|
|
|
|
|
|
Thu Nov 2 08:37:47 2000 EKR <ekr@rtfm.com>
|
|
|
|
* Added -D_BSD_SOURCE=1 when you're compiling on Linux.
|
|
|
|
(Allowing it to compile)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|