1 diff -Nur ssldump-0.9b3.org/base/pcap-snoop.c ssldump-0.9b3/base/pcap-snoop.c
2 --- ssldump-0.9b3.org/base/pcap-snoop.c 2002-09-09 21:02:58.000000000 +0000
3 +++ ssldump-0.9b3/base/pcap-snoop.c 2006-05-07 15:28:09.598568500 +0000
6 signal(SIGINT,sig_handler);
8 - while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){
9 + while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){
17 - printf("Do 'man ssldump' for documentation\n");
18 + printf("Do 'man 1 ssldump' for documentation\n");
22 diff -Nur ssldump-0.9b3.org/ssl/ssl_analyze.c ssldump-0.9b3/ssl/ssl_analyze.c
23 --- ssldump-0.9b3.org/ssl/ssl_analyze.c 2002-01-21 18:46:13.000000000 +0000
24 +++ ssldump-0.9b3/ssl/ssl_analyze.c 2006-05-07 15:28:09.594568250 +0000
34 diff -Nur ssldump-0.9b3.org/ssl/ssldecode.c ssldump-0.9b3/ssl/ssldecode.c
35 --- ssldump-0.9b3.org/ssl/ssldecode.c 2002-08-17 01:33:17.000000000 +0000
36 +++ ssldump-0.9b3/ssl/ssldecode.c 2006-05-07 15:28:09.598568500 +0000
38 #include <openssl/ssl.h>
39 #include <openssl/hmac.h>
40 #include <openssl/evp.h>
41 +#include <openssl/md5.h>
42 #include <openssl/x509v3.h>
44 #include "ssldecode.h"
49 - SSLeay_add_all_algorithms();
51 + OpenSSL_add_all_algorithms();
52 if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx))))
54 if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method())))
55 diff -Nur ssldump-0.9b3.org/ssldump.1 ssldump-0.9b3/ssldump.1
56 --- ssldump-0.9b3.org/ssldump.1 2002-08-12 23:46:53.000000000 +0000
57 +++ ssldump-0.9b3/ssldump.1 2006-05-07 15:28:09.598568500 +0000
84 +.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|]
91 You must have read access to
96 Print bare TCP ACKs (useful for observing Nagle behavior)
100 Display the application data traffic. This usually means
101 decrypting it, but when -d is used ssldump will also decode
102 -application data traffic _before_ the SSL session initiates.
103 +application data traffic \fIbefore\fP the SSL session initiates.
104 This allows you to see HTTPS CONNECT behavior as well as
105 SMTP STARTTLS. As a side effect, since ssldump can't tell
106 whether plaintext is traffic before the initiation of an
109 Print absolute timestamps instead of relative timestamps
112 -Read data from \fIfile\fP instead of from the network.
113 -The old -f option still works but is deprecated and will
114 -probably be removed with the next version.
116 Print the full SSL packet header.
119 -Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
120 -Previous versions of ssldump automatically looked in ./server.pem.
121 -Now you must specify your keyfile every time.
124 Don't try to resolve host names from IP addresses
128 Don't decode any record fields beyond a single summary line. (quiet mode).
131 +Print the TCP headers.
134 +Display version and copyright information.
137 Print each record in hex, as well as decoding it.
139 @@ -183,13 +188,48 @@
140 When the -d option is used, binary data is automatically printed
141 in two columns with a hex dump on the left and the printable characters
142 on the right. -X suppresses the display of the printable characters,
143 -thus making it easier to cut and paste the hext data into some other
144 +thus making it easier to cut and paste the hex data into some other
148 -Decorate the output for processing with troff. Not very
149 +Decorate the output for processing with nroff/troff. Not very
150 useful for the average user.
152 -.IP "\fI expression\fP"
153 +.BI \-i " interface"
154 +Use \fIinterface\fP as the network interface on which to sniff SSL/TLS
158 +Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
159 +Previous versions of ssldump automatically looked in ./server.pem.
160 +Now you must specify your keyfile every time.
163 +Use \fIpassword\fP as the SSL keyfile password.
166 +Read data from \fIfile\fP instead of from the network.
167 +The old -f option still works but is deprecated and will
168 +probably be removed with the next version.
170 +.BI \-S " [ " crypto " | " d " | " ht " | " H " ]"
171 +Specify SSL flags to ssldump. These flags include:
175 +Print cryptographic information.
178 +Print fields as decoded.
181 +Print the handshake type.
184 +Print handshake type and highlights.
189 Selects what packets ssldump will examine. Technically speaking,
190 ssldump supports the full expression syntax from PCAP and tcpdump.
192 don't result in incomplete TCP streams are listed here.
194 The \fIexpression\fP consists of one or more
197 Primitives usually consist of an
199 (name or number) preceded by one or more qualifiers. There are three
202 ssldump doesn't implement session caching and therefore can't decrypt
213 +ssldump was written by Eric Rescorla <ekr@rtfm.com>.