URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=929a4f253c3b8e36ab816826b87ffdc641939c38
Submitter: Michael Mann (mmann78@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
929a4f2 by Peter Wu (peter@xxxxxxxxxxxxx):
ldap: simplify Start TLS handling
RFC 2830 describes the Start TLS operation as follows:
1. ExtendedRequest is sent by client with the requestName OID set to
"1.3.6.1.4.1.1466.20037".
2. Server responds with an ExtendedResponse having a resultCode and
optionally a responseName (OID).
The text mentions that the field *must* be set but the definition allows
it to be optional. The previous code then made assumption that once (1)
was seen, then any ExtendedResponse signals an acknowledgement.
That is not entirely correct, a server could reject the request. This
patch corrects that by checking the ExtendedResponse_resultCode for
success, and then uses the new ssl_starttls_ack() helper to kick off
SSL. This simplifies the code a bit.
Tested against ldap-ssl.pcapng (which has no responseName) from
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
The result is the same as before, except that "Protocols in frame"
changed from "...:ldap:ssl:ldap" to "...:ssl:ldap".
Change-Id: Id7e40c5a50a217c4d3d46f08241d704f19d195dd
Reviewed-on: https://code.wireshark.org/review/6982
Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
Actions performed:
from e190253 Fix STARTTLS handling in various dissectors
adds 929a4f2 ldap: simplify Start TLS handling
Summary of changes:
asn1/ldap/ldap.cnf | 49 +++++-----
asn1/ldap/packet-ldap-template.c | 28 +-----
epan/dissectors/packet-ldap.c | 184 ++++++++++++++++----------------------
3 files changed, 96 insertions(+), 165 deletions(-)