ports/130680: net/wireshark cannot decrypt ssl after upgraded to use libgcrypt-1.4.3
Dale Lindskog
dale.lindskog at gmail.com
Sun Jan 18 08:40:02 UTC 2009
>Number: 130680
>Category: ports
>Synopsis: net/wireshark cannot decrypt ssl after upgraded to use libgcrypt-1.4.3
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 18 08:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Dale Lindskog
>Release: 7.0-RELEASE
>Organization:
>Environment:
FreeBSD testbox.no.domain 7.0-RELEASE-p8 FreeBSD 7.0-RELEASE-p8 #0: Wed Jan 7 22:02:19 MST 2009 dale at testbox.no.domain:/usr/obj/usr/src/sys/DALE_KERNEL2 amd64
>Description:
After upgrading tshark-lite to use libgcrypt-1.4.3, ssl decryption (with private key) is broken. Using portdowngrade(1), I reverted back to libgcrypt-1.4.1_1, and got ssl decryption working again.
Here's the versions of the relevant ports where ssl decryption DOES NOT work:
$ pkg_info | egrep 'libgcrypt|gnutls|tshark'
gnutls-2.6.3 GNU Transport Layer Security library
libgcrypt-1.4.3 General purpose crypto library based on code used in GnuPG
tshark-lite-1.0.5 A powerful network analyzer/capture tool (lite package)
And here's the versions of the relevant ports where ssl decryption DOES work:
$ pkg_info | egrep 'libgcrypt|gnutls|tshark'
gnutls-2.4.2_1 GNU Transport Layer Security library
libgcrypt-1.4.1_1 General purpose crypto library based on code used in GnuPG
tshark-lite-1.0.5 A powerful network analyzer/capture tool (lite package)
Also, the specific problem with ssl decryption that I had is basically identical to the one described in the following URL:
http://wireshark.osmirror.nl/lists/wireshark-dev/200707/msg00244.html
>How-To-Repeat:
As far as I know, it should be repeatable provided one installs tshark-lite (or tshark, or wireshark) from a currently up-to-date ports tree. I ran tests on two amd64 machines (one 7.0-RELEASE, one 7.1-RELEASE), and provided tshark-lite was build to use libgcrypt-1.4.2, ssl decryption broke.
>Fix:
Use portdowngrade(1) to downgrade libgcrypt to 1.4.1_1, gnutls to 2.4.2_1, and tshark-lite to 1.0.5 (before wireshark port was bumped to use libgcrypt-1.4.3).
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list