Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10862] New: certificate serial number incorrectly interpreted as negative numb

Wireshark-bugs: [Wireshark-bugs] [Bug 10862] New: certificate serial number incorrectly interpre

Date: Fri, 16 Jan 2015 22:08:47 +0000

Bug ID	10862
Summary	certificate serial number incorrectly interpreted as negative number
Product	Wireshark
Version	1.10.11
Hardware	x86
OS	Fedora
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13396 [details]
packets

Build Information:
Version 1.10.11 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.24, with Cairo 1.13.1, with Pango 1.36.1, with
GLib 2.38.2, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
without libnl, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without
Python,
with GnuTLS 3.1.28, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Aug  4 2013 06:59:20), with AirPcap.

Running on Linux 3.17.7-200.fc20.x86_64, with locale en_US.UTF-8, with libpcap
version 1.5.3, with libz 1.2.8, GnuTLS 3.1.28, Gcrypt 1.5.3, without AirPcap.
Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz

Built using gcc 4.8.3 20140911 (Red Hat 4.8.3-7).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
STR: capture packets on TCP port 443 while connecting to
https://vpn.telefoncek.si/
Examine the certificate the server sends (filter on ssl.handshake.certificate).
See Secure Sockets Layer -> TLSv1.2... -> Handshake Protocol: Certificate ->
Certificates -> Certificate -> signedCertificate -> serialNumber

This value is displayed as -424358168. However, the byte representation is 05
01 fa e6 b4 ce e8. Consequently, when interpreted as a DER INTEGER (with the
leading INTEGER tag of 02 and length of 07), this is a positive value (the
leading bit is 0) and should be shown as 1409552007614184 (see attached packet
capture).

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10862] certificate serial number incorrectly interpreted as negative number
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10862] certificate serial number incorrectly interpreted as negative number
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10862] certificate serial number incorrectly interpreted as negative number
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10862] certificate serial number incorrectly interpreted as negative number
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10862] certificate serial number incorrectly interpreted as negative number
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10862] certificate serial number incorrectly interpreted as negative number
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10862] certificate serial number incorrectly interpreted as negative number
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10861] New: OS X Bluetooth PacketLogger format not recognized anymore
Next by Date: [Wireshark-bugs] [Bug 10857] Buildbot crash output: fuzz-2015-01-15-20584.pcap
Previous by thread: [Wireshark-bugs] [Bug 10861] Little-endian OS X Bluetooth PacketLogger files aren't handled
Next by thread: [Wireshark-bugs] [Bug 10862] certificate serial number incorrectly interpreted as negative number
Index(es):
- Date
- Thread