Hi, It seems to me that the way Wireshark handles some aspects of the SSL communication is wrong or at least inconsistent. Let us take a packet where the server furnishes its certificate. If we select the string "Certificate: 3082..." in the middle window, corresponding bytes will be automatically selected in the lower one. Export in the CER-file by means of the context menu must leave us with a valid certificate. However, its signature turns out to be invalid. What is the reason? To get a right X.509 DER certificate we must add to the selected bytes four preceding ones. By the way, the first two them are also 30 82, which could be the origin of the confusion.
Windows XP SP2 Wireshark 0.99.4 (SVN Rev 19757) I know that my version of Wireshark is far from being new. Yet it should be quite easy for you to test this behavior on whatever version you may have in mind. Looks like it has not changed since Ethereal times. One sample packet is attached to this message. -- Best regards, LON mailto:[EMAIL PROTECTED]
Sample.rar
Description: Binary data
_______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
