diff options
Diffstat (limited to 'testing/ssldump/0010-openssl.patch')
-rw-r--r-- | testing/ssldump/0010-openssl.patch | 216 |
1 files changed, 0 insertions, 216 deletions
diff --git a/testing/ssldump/0010-openssl.patch b/testing/ssldump/0010-openssl.patch deleted file mode 100644 index c9461d4587c..00000000000 --- a/testing/ssldump/0010-openssl.patch +++ /dev/null @@ -1,216 +0,0 @@ -Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3, which -reinstates the the -y (nroff) flag, declares MD5_CTX via <openssl/md5.h>, avoids -"ERROR: Couldn't create network handler" by calling SSL_library_init() function -and OpenSSL_add_all_algorithms() rather SSLeay_add_all_algorithms() and revises -the ssldump man page for correctness and completeness. - ---- ssldump-0.9b3/ssl/ssl_analyze.c 2002-01-21 19:46:13.000000000 +0100 -+++ ssldump-0.9b3/ssl/ssl_analyze.c.openssl 2010-01-22 23:59:09.000000000 +0100 -@@ -133,7 +133,7 @@ - SSL_PRINT_DECODE - }, - { -- 0, -+ 'y', - "nroff", - SSL_PRINT_NROFF - }, ---- ssldump-0.9b3/ssl/ssldecode.c 2002-08-17 03:33:17.000000000 +0200 -+++ ssldump-0.9b3/ssl/ssldecode.c.openssl 2010-01-22 23:59:46.000000000 +0100 -@@ -51,6 +51,7 @@ - #include <openssl/ssl.h> - #include <openssl/hmac.h> - #include <openssl/evp.h> -+#include <openssl/md5.h> - #include <openssl/x509v3.h> - #endif - #include "ssldecode.h" -@@ -131,7 +132,8 @@ - ssl_decode_ctx *d=0; - int r,_status; - -- SSLeay_add_all_algorithms(); -+ SSL_library_init(); -+ OpenSSL_add_all_algorithms(); - if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx)))) - ABORT(R_NO_MEMORY); - if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method()))) ---- ssldump-0.9b3/ssldump.1 2002-08-13 01:46:53.000000000 +0200 -+++ ssldump-0.9b3/ssldump.1.openssl 2010-01-23 00:26:26.000000000 +0100 -@@ -61,12 +61,9 @@ - .na - .B ssldump - [ --.B \-vtaTnsAxXhHVNdq -+.B \-vTshVq -+.B \-aAdeHnNqTxXvy - ] [ --.B \-r --.I dumpfile --] --[ - .B \-i - .I interface - ] -@@ -81,6 +78,16 @@ - .I password - ] - [ -+.B \-r -+.I dumpfile -+] -+.br -+.ti +8 -+[ -+.B \-S -+.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|] -+] -+[ - .I expression - ] - .br -@@ -125,6 +132,7 @@ - You must have read access to - .IR /dev/bpf* . - .SH OPTIONS -+.TP - .B \-a - Print bare TCP ACKs (useful for observing Nagle behavior) - .TP -@@ -135,7 +143,7 @@ - .B \-d - Display the application data traffic. This usually means - decrypting it, but when -d is used ssldump will also decode --application data traffic _before_ the SSL session initiates. -+application data traffic \fIbefore\fP the SSL session initiates. - This allows you to see HTTPS CONNECT behavior as well as - SMTP STARTTLS. As a side effect, since ssldump can't tell - whether plaintext is traffic before the initiation of an -@@ -148,18 +156,9 @@ - .B \-e - Print absolute timestamps instead of relative timestamps - .TP --.B \-r --Read data from \fIfile\fP instead of from the network. --The old -f option still works but is deprecated and will --probably be removed with the next version. - .B \-H - Print the full SSL packet header. - .TP --.B \-k --Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format) --Previous versions of ssldump automatically looked in ./server.pem. --Now you must specify your keyfile every time. --.TP - .B \-n - Don't try to resolve host names from IP addresses - .TP -@@ -176,6 +175,12 @@ - .B \-q - Don't decode any record fields beyond a single summary line. (quiet mode). - .TP -+.B \-T -+Print the TCP headers. -+.TP -+.B \-v -+Display version and copyright information. -+.TP - .B \-x - Print each record in hex, as well as decoding it. - .TP -@@ -183,13 +188,48 @@ - When the -d option is used, binary data is automatically printed - in two columns with a hex dump on the left and the printable characters - on the right. -X suppresses the display of the printable characters, --thus making it easier to cut and paste the hext data into some other -+thus making it easier to cut and paste the hex data into some other - program. -+.TP - .B \-y --Decorate the output for processing with troff. Not very -+Decorate the output for processing with nroff/troff. Not very - useful for the average user. - .TP --.IP "\fI expression\fP" -+.BI \-i " interface" -+Use \fIinterface\fP as the network interface on which to sniff SSL/TLS -+traffic. -+.TP -+.BI \-k " keyfile" -+Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format) -+Previous versions of ssldump automatically looked in ./server.pem. -+Now you must specify your keyfile every time. -+.TP -+.BI \-p " password" -+Use \fIpassword\fP as the SSL keyfile password. -+.TP -+.BI \-r " file" -+Read data from \fIfile\fP instead of from the network. -+The old -f option still works but is deprecated and will -+probably be removed with the next version. -+.TP -+.BI \-S " [ " crypto " | " d " | " ht " | " H " ]" -+Specify SSL flags to ssldump. These flags include: -+.RS -+.TP -+.I crypto -+Print cryptographic information. -+.TP -+.I d -+Print fields as decoded. -+.TP -+.I ht -+Print the handshake type. -+.TP -+.I H -+Print handshake type and highlights. -+.RE -+.TP -+\fIexpression\fP - .RS - Selects what packets ssldump will examine. Technically speaking, - ssldump supports the full expression syntax from PCAP and tcpdump. -@@ -200,7 +240,7 @@ - don't result in incomplete TCP streams are listed here. - .LP - The \fIexpression\fP consists of one or more --.I primitives. -+.IR primitives . - Primitives usually consist of an - .I id - (name or number) preceded by one or more qualifiers. There are three -@@ -512,5 +552,11 @@ - .LP - ssldump doesn't implement session caching and therefore can't decrypt - resumed sessions. -- -- -+.LP -+.SH SEE ALSO -+.LP -+.BR tcpdump (1) -+.LP -+.SH AUTHOR -+.LP -+ssldump was written by Eric Rescorla <ekr@rtfm.com>. ---- ssldump-0.9b3/base/pcap-snoop.c 2002-09-09 23:02:58.000000000 +0200 -+++ ssldump-0.9b3/base/pcap-snoop.c.openssl 2010-04-06 16:50:22.000000000 +0200 -@@ -206,7 +206,7 @@ - - signal(SIGINT,sig_handler); - -- while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){ -+ while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){ - switch(c){ - case 'v': - print_version(); -@@ -227,6 +227,9 @@ - case 'a': - NET_print_flags |= NET_PRINT_ACKS; - break; -+ case 'A': -+ SSL_print_flags |= SSL_PRINT_ALL_FIELDS; -+ break; - case 'T': - NET_print_flags |= NET_PRINT_TCP_HDR; - break; |