ports/130680: net/wireshark cannot decrypt ssl after upgraded to use libgcrypt-1.4.3

Dale Lindskog dale.lindskog at gmail.com
Sun Jan 18 08:40:02 UTC 2009 

>Number:         130680
>Category:       ports
>Synopsis:       net/wireshark cannot decrypt ssl after upgraded to use libgcrypt-1.4.3
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 18 08:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Dale Lindskog
>Release:        7.0-RELEASE
>Organization:
>Environment:
FreeBSD testbox.no.domain 7.0-RELEASE-p8 FreeBSD 7.0-RELEASE-p8 #0: Wed Jan  7 22:02:19 MST 2009     dale at testbox.no.domain:/usr/obj/usr/src/sys/DALE_KERNEL2  amd64
>Description:
After upgrading tshark-lite to use libgcrypt-1.4.3, ssl decryption (with private key) is broken.  Using portdowngrade(1), I reverted back to libgcrypt-1.4.1_1, and got ssl decryption working again.

Here's the versions of the relevant ports where ssl decryption DOES NOT work:

$ pkg_info | egrep 'libgcrypt|gnutls|tshark'
gnutls-2.6.3        GNU Transport Layer Security library
libgcrypt-1.4.3     General purpose crypto library based on code used in GnuPG
tshark-lite-1.0.5   A powerful network analyzer/capture tool (lite package)

And here's the versions of the relevant ports where ssl decryption DOES work:

$ pkg_info | egrep 'libgcrypt|gnutls|tshark'
gnutls-2.4.2_1      GNU Transport Layer Security library
libgcrypt-1.4.1_1   General purpose crypto library based on code used in GnuPG
tshark-lite-1.0.5   A powerful network analyzer/capture tool (lite package)

Also, the specific problem with ssl decryption that I had is basically identical to the one described in the following URL:

http://wireshark.osmirror.nl/lists/wireshark-dev/200707/msg00244.html
>How-To-Repeat:
As far as I know, it should be repeatable provided one installs tshark-lite (or tshark, or wireshark) from a currently up-to-date ports tree.  I ran tests on two amd64 machines (one 7.0-RELEASE, one 7.1-RELEASE), and provided tshark-lite was build to use libgcrypt-1.4.2, ssl decryption broke.
>Fix:
Use portdowngrade(1) to downgrade libgcrypt to 1.4.1_1, gnutls to 2.4.2_1, and tshark-lite to 1.0.5 (before wireshark port was bumped to use libgcrypt-1.4.3).

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list