[packages/ssldump.git] / ssldump-openssl.patch

diff -Nur ssldump-0.9b3.org/base/pcap-snoop.c ssldump-0.9b3/base/pcap-snoop.c
--- ssldump-0.9b3.org/base/pcap-snoop.c	2002-09-09 21:02:58.000000000 +0000
+++ ssldump-0.9b3/base/pcap-snoop.c	2006-05-07 15:28:09.598568500 +0000
@@ -206,7 +206,7 @@
 
     signal(SIGINT,sig_handler);
     
-    while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){
+    while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){
       switch(c){
         case 'v':
           print_version();
@@ -260,7 +260,7 @@
 	  break;
         case 'h':
           usage();
-          printf("Do 'man ssldump' for documentation\n");
+          printf("Do 'man 1 ssldump' for documentation\n");
           exit(1);
 
 	case '?':
diff -Nur ssldump-0.9b3.org/ssl/ssl_analyze.c ssldump-0.9b3/ssl/ssl_analyze.c
--- ssldump-0.9b3.org/ssl/ssl_analyze.c	2002-01-21 18:46:13.000000000 +0000
+++ ssldump-0.9b3/ssl/ssl_analyze.c	2006-05-07 15:28:09.594568250 +0000
@@ -133,7 +133,7 @@
           SSL_PRINT_DECODE
      },
      {
-          0,
+          'y',
           "nroff",
           SSL_PRINT_NROFF
      },
diff -Nur ssldump-0.9b3.org/ssl/ssldecode.c ssldump-0.9b3/ssl/ssldecode.c
--- ssldump-0.9b3.org/ssl/ssldecode.c	2002-08-17 01:33:17.000000000 +0000
+++ ssldump-0.9b3/ssl/ssldecode.c	2006-05-07 15:28:09.598568500 +0000
@@ -51,6 +51,7 @@
 #include <openssl/ssl.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
+#include <openssl/md5.h>
 #include <openssl/x509v3.h>
 #endif
 #include "ssldecode.h"
@@ -131,7 +132,8 @@
     ssl_decode_ctx *d=0;
     int r,_status;
     
-    SSLeay_add_all_algorithms();
+    SSL_library_init();
+    OpenSSL_add_all_algorithms();
     if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx))))
       ABORT(R_NO_MEMORY);
     if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method())))
diff -Nur ssldump-0.9b3.org/ssldump.1 ssldump-0.9b3/ssldump.1
--- ssldump-0.9b3.org/ssldump.1	2002-08-12 23:46:53.000000000 +0000
+++ ssldump-0.9b3/ssldump.1	2006-05-07 15:28:09.598568500 +0000
@@ -61,12 +61,9 @@
 .na
 .B ssldump
 [
-.B \-vtaTnsAxXhHVNdq
+.B \-vTshVq
+.B \-aAdeHnNqTxXvy
 ] [
-.B \-r
-.I dumpfile
-]
-[
 .B \-i
 .I interface
 ]
@@ -81,6 +78,16 @@
 .I password
 ]
 [
+.B \-r
+.I dumpfile
+]
+.br
+.ti +8
+[ 
+.B \-S 
+.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|] 
+]
+[
 .I expression
 ]
 .br
@@ -125,6 +132,7 @@
 You must have read access to
 .IR /dev/bpf* .
 .SH OPTIONS
+.TP
 .B \-a
 Print bare TCP ACKs (useful for observing Nagle behavior)
 .TP
@@ -135,7 +143,7 @@
 .B \-d
 Display the application data traffic. This usually means
 decrypting it, but when -d is used ssldump will also decode
-application data traffic _before_ the SSL session initiates.
+application data traffic \fIbefore\fP the SSL session initiates.
 This allows you to see HTTPS CONNECT behavior as well as
 SMTP STARTTLS. As a side effect, since ssldump can't tell
 whether plaintext is traffic before the initiation of an
@@ -148,18 +156,9 @@
 .B \-e
 Print absolute timestamps instead of relative timestamps
 .TP
-.B \-r
-Read data from \fIfile\fP instead of from the network.
-The old -f option still works but is deprecated and will 
-probably be removed with the next version.
 .B \-H
 Print the full SSL packet header.
 .TP
-.B \-k
-Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
-Previous versions of ssldump automatically looked in ./server.pem.
-Now you must specify your keyfile every time.
-.TP
 .B \-n 
 Don't try to resolve host names from IP addresses
 .TP
@@ -176,6 +175,12 @@
 .B \-q
 Don't decode any record fields beyond a single summary line. (quiet mode).
 .TP
+.B \-T
+Print the TCP headers.
+.TP
+.B \-v
+Display version and copyright information.
+.TP
 .B \-x
 Print each record in hex, as well as decoding it.
 .TP
@@ -183,13 +188,48 @@
 When the -d option is used, binary data is automatically printed
 in two columns with a hex dump on the left and the printable characters
 on the right. -X suppresses the display of the printable characters,
-thus making it easier to cut and paste the hext data into some other
+thus making it easier to cut and paste the hex data into some other
 program.
+.TP
 .B \-y
-Decorate the output for processing with troff. Not very
+Decorate the output for processing with nroff/troff. Not very
 useful for the average user.
 .TP
-.IP "\fI expression\fP"
+.BI \-i " interface"
+Use \fIinterface\fP as the network interface on which to sniff SSL/TLS
+traffic.
+.TP
+.BI \-k " keyfile"
+Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
+Previous versions of ssldump automatically looked in ./server.pem.
+Now you must specify your keyfile every time.
+.TP
+.BI \-p " password"
+Use \fIpassword\fP as the SSL keyfile password.
+.TP
+.BI \-r " file"
+Read data from \fIfile\fP instead of from the network.
+The old -f option still works but is deprecated and will 
+probably be removed with the next version.
+.TP
+.BI \-S " [ " crypto " | " d " | " ht " | " H " ]"
+Specify SSL flags to ssldump.  These flags include:
+.RS
+.TP
+.I crypto
+Print cryptographic information.
+.TP
+.I d
+Print fields as decoded.
+.TP
+.I ht
+Print the handshake type.
+.TP
+.I H
+Print handshake type and highlights.
+.RE
+.TP
+\fIexpression\fP
 .RS
 Selects what packets ssldump will examine. Technically speaking,
 ssldump supports the full expression syntax from PCAP and tcpdump.
@@ -200,7 +240,7 @@
 don't result in incomplete TCP streams are listed here. 
 .LP
 The \fIexpression\fP consists of one or more
-.I primitives.
+.IR primitives .
 Primitives usually consist of an
 .I id
 (name or number) preceded by one or more qualifiers.  There are three
@@ -512,5 +552,11 @@
 .LP
 ssldump doesn't implement session caching and therefore can't decrypt
 resumed sessions.
-
-
+.LP
+.SH SEE ALSO
+.LP
+.BR tcpdump (1)
+.LP
+.SH AUTHOR
+.LP
+ssldump was written by Eric Rescorla <ekr@rtfm.com>.
Commit	Line	Data
781c0b1d	1	diff -Nur ssldump-0.9b3.org/base/pcap-snoop.c ssldump-0.9b3/base/pcap-snoop.c
	2	--- ssldump-0.9b3.org/base/pcap-snoop.c 2002-09-09 21:02:58.000000000 +0000
	3	+++ ssldump-0.9b3/base/pcap-snoop.c 2006-05-07 15:28:09.598568500 +0000
	4	@@ -206,7 +206,7 @@
	5
	6	signal(SIGINT,sig_handler);
	7
	8	- while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){
	9	+ while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){
	10	switch(c){
	11	case 'v':
	12	print_version();
	13	@@ -260,7 +260,7 @@
	14	break;
	15	case 'h':
	16	usage();
	17	- printf("Do 'man ssldump' for documentation\n");
	18	+ printf("Do 'man 1 ssldump' for documentation\n");
	19	exit(1);
	20
	21	case '?':
	22	diff -Nur ssldump-0.9b3.org/ssl/ssl_analyze.c ssldump-0.9b3/ssl/ssl_analyze.c
	23	--- ssldump-0.9b3.org/ssl/ssl_analyze.c 2002-01-21 18:46:13.000000000 +0000
	24	+++ ssldump-0.9b3/ssl/ssl_analyze.c 2006-05-07 15:28:09.594568250 +0000
	25	@@ -133,7 +133,7 @@
	26	SSL_PRINT_DECODE
	27	},
	28	{
	29	- 0,
	30	+ 'y',
	31	"nroff",
	32	SSL_PRINT_NROFF
	33	},
	34	diff -Nur ssldump-0.9b3.org/ssl/ssldecode.c ssldump-0.9b3/ssl/ssldecode.c
	35	--- ssldump-0.9b3.org/ssl/ssldecode.c 2002-08-17 01:33:17.000000000 +0000
	36	+++ ssldump-0.9b3/ssl/ssldecode.c 2006-05-07 15:28:09.598568500 +0000
	37	@@ -51,6 +51,7 @@
	38	#include <openssl/ssl.h>
	39	#include <openssl/hmac.h>
	40	#include <openssl/evp.h>
	41	+#include <openssl/md5.h>
	42	#include <openssl/x509v3.h>
	43	#endif
	44	#include "ssldecode.h"
	45	@@ -131,7 +132,8 @@
	46	ssl_decode_ctx *d=0;
	47	int r,_status;
	48
	49	- SSLeay_add_all_algorithms();
	50	+ SSL_library_init();
	51	+ OpenSSL_add_all_algorithms();
	52	if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx))))
	53	ABORT(R_NO_MEMORY);
	54	if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method())))
	55	diff -Nur ssldump-0.9b3.org/ssldump.1 ssldump-0.9b3/ssldump.1
	56	--- ssldump-0.9b3.org/ssldump.1 2002-08-12 23:46:53.000000000 +0000
	57	+++ ssldump-0.9b3/ssldump.1 2006-05-07 15:28:09.598568500 +0000
	58	@@ -61,12 +61,9 @@
	59	.na
	60	.B ssldump
	61	[
	62	-.B \-vtaTnsAxXhHVNdq
	63	+.B \-vTshVq
	64	+.B \-aAdeHnNqTxXvy
65	] [
66	-.B \-r
67	-.I dumpfile
68	-]
69	-[
70	.B \-i
71	.I interface
72	]
73	@@ -81,6 +78,16 @@
74	.I password
75	]
76	[
77	+.B \-r
78	+.I dumpfile
79	+]
80	+.br
81	+.ti +8
82	+[
83	+.B \-S
84	+.RI [\\| crypto \\|\|\\| d \\|\|\\| ht \\|\|\\| H \\|\|\\| nroff \\|]
85	+]
86	+[
87	.I expression
88	]
89	.br
90	@@ -125,6 +132,7 @@
91	You must have read access to
92	.IR /dev/bpf* .
93	.SH OPTIONS
94	+.TP
95	.B \-a
96	Print bare TCP ACKs (useful for observing Nagle behavior)
97	.TP
98	@@ -135,7 +143,7 @@
99	.B \-d
100	Display the application data traffic. This usually means
101	decrypting it, but when -d is used ssldump will also decode
102	-application data traffic _before_ the SSL session initiates.
103	+application data traffic \fIbefore\fP the SSL session initiates.
104	This allows you to see HTTPS CONNECT behavior as well as
105	SMTP STARTTLS. As a side effect, since ssldump can't tell
106	whether plaintext is traffic before the initiation of an
107	@@ -148,18 +156,9 @@
108	.B \-e
109	Print absolute timestamps instead of relative timestamps
110	.TP
111	-.B \-r
112	-Read data from \fIfile\fP instead of from the network.
113	-The old -f option still works but is deprecated and will
114	-probably be removed with the next version.
115	.B \-H
116	Print the full SSL packet header.
117	.TP
118	-.B \-k
119	-Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
120	-Previous versions of ssldump automatically looked in ./server.pem.
121	-Now you must specify your keyfile every time.
122	-.TP
123	.B \-n
124	Don't try to resolve host names from IP addresses
125	.TP
126	@@ -176,6 +175,12 @@
127	.B \-q
128	Don't decode any record fields beyond a single summary line. (quiet mode).
129	.TP
130	+.B \-T
131	+Print the TCP headers.
132	+.TP
133	+.B \-v
134	+Display version and copyright information.
135	+.TP
136	.B \-x
137	Print each record in hex, as well as decoding it.
138	.TP
139	@@ -183,13 +188,48 @@
140	When the -d option is used, binary data is automatically printed
141	in two columns with a hex dump on the left and the printable characters
142	on the right. -X suppresses the display of the printable characters,
143	-thus making it easier to cut and paste the hext data into some other
144	+thus making it easier to cut and paste the hex data into some other
145	program.
146	+.TP
147	.B \-y
148	-Decorate the output for processing with troff. Not very
149	+Decorate the output for processing with nroff/troff. Not very
150	useful for the average user.
151	.TP
152	-.IP "\fI expression\fP"
153	+.BI \-i " interface"
154	+Use \fIinterface\fP as the network interface on which to sniff SSL/TLS
155	+traffic.
156	+.TP
157	+.BI \-k " keyfile"
158	+Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
159	+Previous versions of ssldump automatically looked in ./server.pem.
160	+Now you must specify your keyfile every time.
161	+.TP
162	+.BI \-p " password"
163	+Use \fIpassword\fP as the SSL keyfile password.
164	+.TP
165	+.BI \-r " file"
166	+Read data from \fIfile\fP instead of from the network.
167	+The old -f option still works but is deprecated and will
168	+probably be removed with the next version.
169	+.TP
170	+.BI \-S " [ " crypto " \| " d " \| " ht " \| " H " ]"
171	+Specify SSL flags to ssldump. These flags include:
172	+.RS
173	+.TP
174	+.I crypto
175	+Print cryptographic information.
176	+.TP
177	+.I d
178	+Print fields as decoded.
179	+.TP
180	+.I ht
181	+Print the handshake type.
182	+.TP
183	+.I H
184	+Print handshake type and highlights.
185	+.RE
186	+.TP
187	+\fIexpression\fP
188	.RS
189	Selects what packets ssldump will examine. Technically speaking,
190	ssldump supports the full expression syntax from PCAP and tcpdump.
191	@@ -200,7 +240,7 @@
192	don't result in incomplete TCP streams are listed here.
193	.LP
194	The \fIexpression\fP consists of one or more
195	-.I primitives.
196	+.IR primitives .
197	Primitives usually consist of an
198	.I id
199	(name or number) preceded by one or more qualifiers. There are three
200	@@ -512,5 +552,11 @@
201	.LP
202	ssldump doesn't implement session caching and therefore can't decrypt
203	resumed sessions.
204	-
205	-
206	+.LP
207	+.SH SEE ALSO
208	+.LP
209	+.BR tcpdump (1)
210	+.LP
211	+.SH AUTHOR
212	+.LP
213	+ssldump was written by Eric Rescorla <ekr@rtfm.com>.