Mirror/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-23 11:15:13 +03:00
Code Issues Wiki Activity
aports/testing/ssldump/0010-openssl.patch
Jakub Jirutka ebb712aa0a testing/ssldump: new aport
2019-09-02 23:02:51 +02:00

216 lines
5.9 KiB
Diff
Raw Blame History

Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3, which
reinstates the the -y (nroff) flag, declares MD5_CTX via <openssl/md5.h>, avoids
"ERROR: Couldn't create network handler" by calling SSL_library_init() function
and OpenSSL_add_all_algorithms() rather SSLeay_add_all_algorithms() and revises
the ssldump man page for correctness and completeness.
--- ssldump-0.9b3/ssl/ssl_analyze.c 2002-01-21 19:46:13.000000000 +0100
+++ ssldump-0.9b3/ssl/ssl_analyze.c.openssl 2010-01-22 23:59:09.000000000 +0100
@@ -133,7 +133,7 @@
SSL_PRINT_DECODE
},
{
- 0,
+ 'y',
"nroff",
SSL_PRINT_NROFF
},
--- ssldump-0.9b3/ssl/ssldecode.c 2002-08-17 03:33:17.000000000 +0200
+++ ssldump-0.9b3/ssl/ssldecode.c.openssl 2010-01-22 23:59:46.000000000 +0100
@@ -51,6 +51,7 @@
#include <openssl/ssl.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
+#include <openssl/md5.h>
#include <openssl/x509v3.h>
#endif
#include "ssldecode.h"
@@ -131,7 +132,8 @@
ssl_decode_ctx *d=0;
int r,_status;
- SSLeay_add_all_algorithms();
+ SSL_library_init();
+ OpenSSL_add_all_algorithms();
if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx))))
ABORT(R_NO_MEMORY);
if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method())))
--- ssldump-0.9b3/ssldump.1 2002-08-13 01:46:53.000000000 +0200
+++ ssldump-0.9b3/ssldump.1.openssl 2010-01-23 00:26:26.000000000 +0100
@@ -61,12 +61,9 @@
.na
.B ssldump
[
-.B \-vtaTnsAxXhHVNdq
+.B \-vTshVq
+.B \-aAdeHnNqTxXvy
] [
-.B \-r
-.I dumpfile
-]
-[
.B \-i
.I interface
]
@@ -81,6 +78,16 @@
.I password
]
[
+.B \-r
+.I dumpfile
+]
+.br
+.ti +8
+[
+.B \-S
+.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|]
+]
+[
.I expression
]
.br
@@ -125,6 +132,7 @@
You must have read access to
.IR /dev/bpf* .
.SH OPTIONS
+.TP
.B \-a
Print bare TCP ACKs (useful for observing Nagle behavior)
.TP
@@ -135,7 +143,7 @@
.B \-d
Display the application data traffic. This usually means
decrypting it, but when -d is used ssldump will also decode
-application data traffic _before_ the SSL session initiates.
+application data traffic \fIbefore\fP the SSL session initiates.
This allows you to see HTTPS CONNECT behavior as well as
SMTP STARTTLS. As a side effect, since ssldump can't tell
whether plaintext is traffic before the initiation of an
@@ -148,18 +156,9 @@
.B \-e
Print absolute timestamps instead of relative timestamps
.TP
-.B \-r
-Read data from \fIfile\fP instead of from the network.
-The old -f option still works but is deprecated and will
-probably be removed with the next version.
.B \-H
Print the full SSL packet header.
.TP
-.B \-k
-Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
-Previous versions of ssldump automatically looked in ./server.pem.
-Now you must specify your keyfile every time.
-.TP
.B \-n
Don't try to resolve host names from IP addresses
.TP
@@ -176,6 +175,12 @@
.B \-q
Don't decode any record fields beyond a single summary line. (quiet mode).
.TP
+.B \-T
+Print the TCP headers.
+.TP
+.B \-v
+Display version and copyright information.
+.TP
.B \-x
Print each record in hex, as well as decoding it.
.TP
@@ -183,13 +188,48 @@
When the -d option is used, binary data is automatically printed
in two columns with a hex dump on the left and the printable characters
on the right. -X suppresses the display of the printable characters,
-thus making it easier to cut and paste the hext data into some other
+thus making it easier to cut and paste the hex data into some other
program.
+.TP
.B \-y
-Decorate the output for processing with troff. Not very
+Decorate the output for processing with nroff/troff. Not very
useful for the average user.
.TP
-.IP "\fI expression\fP"
+.BI \-i " interface"
+Use \fIinterface\fP as the network interface on which to sniff SSL/TLS
+traffic.
+.TP
+.BI \-k " keyfile"
+Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
+Previous versions of ssldump automatically looked in ./server.pem.
+Now you must specify your keyfile every time.
+.TP
+.BI \-p " password"
+Use \fIpassword\fP as the SSL keyfile password.
+.TP
+.BI \-r " file"
+Read data from \fIfile\fP instead of from the network.
+The old -f option still works but is deprecated and will
+probably be removed with the next version.
+.TP
+.BI \-S " [ " crypto " | " d " | " ht " | " H " ]"
+Specify SSL flags to ssldump. These flags include:
+.RS
+.TP
+.I crypto
+Print cryptographic information.
+.TP
+.I d
+Print fields as decoded.
+.TP
+.I ht
+Print the handshake type.
+.TP
+.I H
+Print handshake type and highlights.
+.RE
+.TP
+\fIexpression\fP
.RS
Selects what packets ssldump will examine. Technically speaking,
ssldump supports the full expression syntax from PCAP and tcpdump.
@@ -200,7 +240,7 @@
don't result in incomplete TCP streams are listed here.
.LP
The \fIexpression\fP consists of one or more
-.I primitives.
+.IR primitives .
Primitives usually consist of an
.I id
(name or number) preceded by one or more qualifiers. There are three
@@ -512,5 +552,11 @@
.LP
ssldump doesn't implement session caching and therefore can't decrypt
resumed sessions.
-
-
+.LP
+.SH SEE ALSO
+.LP
+.BR tcpdump (1)
+.LP
+.SH AUTHOR
+.LP
+ssldump was written by Eric Rescorla <ekr@rtfm.com>.
--- ssldump-0.9b3/base/pcap-snoop.c 2002-09-09 23:02:58.000000000 +0200
+++ ssldump-0.9b3/base/pcap-snoop.c.openssl 2010-04-06 16:50:22.000000000 +0200
@@ -206,7 +206,7 @@
signal(SIGINT,sig_handler);
- while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){
+ while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){
switch(c){
case 'v':
print_version();
@@ -227,6 +227,9 @@
case 'a':
NET_print_flags |= NET_PRINT_ACKS;
break;
+ case 'A':
+ SSL_print_flags |= SSL_PRINT_ALL_FIELDS;
+ break;
case 'T':
NET_print_flags |= NET_PRINT_TCP_HDR;
break;
Reference in a new issue View git blame Copy permalink