| Bug ID |
11543
|
| Summary |
ISAKMP: Type "Hash and URL of X.509 certificate" is not decoded
|
| Product |
Wireshark
|
| Version |
1.12.7
|
| Hardware |
x86
|
| OS |
Red Hat
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 13881 [details]
pcap with undecoded CERT payload
Build Information:
TShark 1.12.7 (5e509d0 from master)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.44.1, with libpcap, with libz 1.2.3, without
POSIX
capabilities, without libnl, without SMI, without c-ares, without ADNS, without
Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos,
without GeoIP.
Running on Linux 2.6.32-220.7.1.el6.x86_64, with locale en_US.UTF-8, with
libpcap version 1.7.2, with libz 1.2.3.
Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-3).
--
Certificate Data is not correctly dissected when Certificate encoding is "Hash
and URL of X.509 certificate".
Please see the attached pcap.
In this case we should see 20-bit hash and URL.
According to RFC5996:
o Hash and URL encodings allow IKE messages to remain short by
replacing long data structures with a 20-octet SHA-1 hash (see
[SHA]) of the replaced value followed by a variable-length URL
that resolves to the DER-encoded data structure itself. This
improves efficiency when the endpoints have certificate data
cached and makes IKE less subject to DoS attacks that become
easier to mount when IKE messages are large enough to require IP
fragmentation [DOSUDPPROT].
You are receiving this mail because:
- You are watching all bug changes.