rpms/ssldump/F-11 README.FEDORA, NONE, 1.1 ssldump-0.9-libpcap.patch, NONE, 1.1 ssldump-0.9-openssl.patch, NONE, 1.1 ssldump.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2

Robert Scheck robert at fedoraproject.org
Thu Jan 28 21:00:51 UTC 2010 

Author: robert

Update of /cvs/pkgs/rpms/ssldump/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29136/F-11

Modified Files:
	.cvsignore sources 
Added Files:
	README.FEDORA ssldump-0.9-libpcap.patch 
	ssldump-0.9-openssl.patch ssldump.spec 
Log Message:
Initial import



--- NEW FILE README.FEDORA ---
You can use ssldump with tcpdump, as they use identical file formats.
This allows you to take a tcpdump, and analyse it for SSL/TLS sessions
and extra application data.

People use `tcpdump -i interface -s 65535 -n -v -w file'. This tells
tcpdump to snap up 65535 bytes (the maximum number in a TCP packet),
not to resolve any addresses, be verbose and log to `file'.

Then, people can use `ssldump -r file' to read the file, and interpret
it as necessary.

ssldump-0.9-libpcap.patch:
 base/pcap-snoop.c |    2 +-
 configure.in      |    6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

--- NEW FILE ssldump-0.9-libpcap.patch ---
Patch by Robert Scheck <robert at fedoraproject.org> for ssldump >= 0.9b3, which
replaces the inclusion of <net/bpf.h> by <pcap-bpf.h> because of changed files.
It adds some 64 bit support in ./configure for lib64 directories around libpcap
and ensures that dynamic linking to libpcap is possible.

--- ssldump-0.9b3/base/pcap-snoop.c		2010-01-23 00:30:24.000000000 +0100
+++ ssldump-0.9b3/base/pcap-snoop.c.libpcap	2010-01-23 00:34:11.000000000 +0100
@@ -49,7 +49,7 @@
 
 #include <pcap.h>
 #include <unistd.h>
-#include <net/bpf.h>
+#include <pcap-bpf.h>
 #ifndef _WIN32
 #include <sys/param.h>
 #endif
--- ssldump-0.9b3/configure.in			2001-11-26 23:38:13.000000000 +0100
+++ ssldump-0.9b3/configure.in.libpcap		2010-01-23 00:33:12.000000000 +0100
@@ -62,7 +62,7 @@
 dnl Look for PCAP
 dnl We absolutely need pcap
 ac_pcap_inc_dir="/usr/include /usr/include/pcap /usr/local/include"
-ac_pcap_lib_dir="/usr/lib /usr/local/lib"
+ac_pcap_lib_dir="/usr/local/lib64 /usr/local/lib /usr/lib64 /usr/lib"
 
 AC_ARG_WITH(pcap,[--with-pcap		  root location for pcap library],
 	if test "$withval" = "no"; then
@@ -102,13 +102,13 @@
 AC_MSG_CHECKING(for PCAP library)
 ac_found_pcap_lib_dir="no"
 for dir in $ac_pcap_lib_dir; do
-	if test -f $dir/libpcap.a; then
+	if test -f $dir/libpcap.a -o -f $dir/libpcap.so; then
 	dnl Ok, we think we've found them, but check that they
 	dnl actually ontain the right functions
 		save_LIBS=$LIBS
 		save_LDFLAGS=$LDFLAGS
 		LIBS="-lpcap $LIBS"
-		if test "$dir" != "/usr/lib"; then
+		if test "$dir" != "/usr/lib" -a "$dir" != "/usr/lib64"; then
 			LDFLAGS="-L$dir $LDFLAGS"
 		fi
 		AC_TRY_LINK_FUNC(pcap_open_live,ac_linked_libpcap="true",

ssldump-0.9-openssl.patch:
 base/pcap-snoop.c |    2 -
 ssl/ssl_analyze.c |    2 -
 ssl/ssldecode.c   |    4 +-
 ssldump.1         |   88 +++++++++++++++++++++++++++++++++++++++++-------------
 4 files changed, 72 insertions(+), 24 deletions(-)

--- NEW FILE ssldump-0.9-openssl.patch ---
Patch by Robert Scheck <robert at fedoraproject.org> for ssldump >= 0.9b3, which
reinstates the the -y (nroff) flag, declares MD5_CTX via <openssl/md5.h>, avoids
"ERROR: Couldn't create network handler" by calling SSL_library_init() function
and OpenSSL_add_all_algorithms() rather SSLeay_add_all_algorithms() and revises
the ssldump man page for correctness and completeness.

--- ssldump-0.9b3/ssl/ssl_analyze.c		2002-01-21 19:46:13.000000000 +0100
+++ ssldump-0.9b3/ssl/ssl_analyze.c.openssl	2010-01-22 23:59:09.000000000 +0100
@@ -133,7 +133,7 @@
           SSL_PRINT_DECODE
      },
      {
-          0,
+          'y',
           "nroff",
           SSL_PRINT_NROFF
      },
--- ssldump-0.9b3/ssl/ssldecode.c		2002-08-17 03:33:17.000000000 +0200
+++ ssldump-0.9b3/ssl/ssldecode.c.openssl	2010-01-22 23:59:46.000000000 +0100
@@ -51,6 +51,7 @@
 #include <openssl/ssl.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
+#include <openssl/md5.h>
 #include <openssl/x509v3.h>
 #endif
 #include "ssldecode.h"
@@ -131,7 +132,8 @@
     ssl_decode_ctx *d=0;
     int r,_status;
     
-    SSLeay_add_all_algorithms();
+    SSL_library_init();
+    OpenSSL_add_all_algorithms();
     if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx))))
       ABORT(R_NO_MEMORY);
     if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method())))
--- ssldump-0.9b3/base/pcap-snoop.c		2002-09-09 23:02:58.000000000 +0200
+++ ssldump-0.9b3/base/pcap-snoop.c.openssl	2010-01-23 00:21:11.000000000 +0100
@@ -206,7 +206,7 @@
 
     signal(SIGINT,sig_handler);
     
-    while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){
+    while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){
       switch(c){
         case 'v':
           print_version();
--- ssldump-0.9b3/ssldump.1			2002-08-13 01:46:53.000000000 +0200
+++ ssldump-0.9b3/ssldump.1.openssl		2010-01-23 00:26:26.000000000 +0100
@@ -61,12 +61,9 @@
 .na
 .B ssldump
 [
-.B \-vtaTnsAxXhHVNdq
+.B \-vTshVq
+.B \-aAdeHnNqTxXvy
 ] [
-.B \-r
-.I dumpfile
-]
-[
 .B \-i
 .I interface
 ]
@@ -81,6 +78,16 @@
 .I password
 ]
 [
+.B \-r
+.I dumpfile
+]
+.br
+.ti +8
+[
+.B \-S
+.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|]
+]
+[
 .I expression
 ]
 .br
@@ -125,6 +132,7 @@
 You must have read access to
 .IR /dev/bpf* .
 .SH OPTIONS
+.TP
 .B \-a
 Print bare TCP ACKs (useful for observing Nagle behavior)
 .TP
@@ -135,7 +143,7 @@
 .B \-d
 Display the application data traffic. This usually means
 decrypting it, but when -d is used ssldump will also decode
-application data traffic _before_ the SSL session initiates.
+application data traffic \fIbefore\fP the SSL session initiates.
 This allows you to see HTTPS CONNECT behavior as well as
 SMTP STARTTLS. As a side effect, since ssldump can't tell
 whether plaintext is traffic before the initiation of an
@@ -148,18 +156,9 @@
 .B \-e
 Print absolute timestamps instead of relative timestamps
 .TP
-.B \-r
-Read data from \fIfile\fP instead of from the network.
-The old -f option still works but is deprecated and will 
-probably be removed with the next version.
 .B \-H
 Print the full SSL packet header.
 .TP
-.B \-k
-Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
-Previous versions of ssldump automatically looked in ./server.pem.
-Now you must specify your keyfile every time.
-.TP
 .B \-n 
 Don't try to resolve host names from IP addresses
 .TP
@@ -176,6 +175,12 @@
 .B \-q
 Don't decode any record fields beyond a single summary line. (quiet mode).
 .TP
+.B \-T
+Print the TCP headers.
+.TP
+.B \-v
+Display version and copyright information.
+.TP
 .B \-x
 Print each record in hex, as well as decoding it.
 .TP
@@ -183,13 +188,48 @@
 When the -d option is used, binary data is automatically printed
 in two columns with a hex dump on the left and the printable characters
 on the right. -X suppresses the display of the printable characters,
-thus making it easier to cut and paste the hext data into some other
+thus making it easier to cut and paste the hex data into some other
 program.
+.TP
 .B \-y
-Decorate the output for processing with troff. Not very
+Decorate the output for processing with nroff/troff. Not very
 useful for the average user.
 .TP
-.IP "\fI expression\fP"
+.BI \-i " interface"
+Use \fIinterface\fP as the network interface on which to sniff SSL/TLS
+traffic.
+.TP
+.BI \-k " keyfile"
+Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
+Previous versions of ssldump automatically looked in ./server.pem.
+Now you must specify your keyfile every time.
+.TP
+.BI \-p " password"
+Use \fIpassword\fP as the SSL keyfile password.
+.TP
+.BI \-r " file"
+Read data from \fIfile\fP instead of from the network.
+The old -f option still works but is deprecated and will
+probably be removed with the next version.
+.TP
+.BI \-S " [ " crypto " | " d " | " ht " | " H " ]"
+Specify SSL flags to ssldump.  These flags include:
+.RS
+.TP
+.I crypto
+Print cryptographic information.
+.TP
+.I d
+Print fields as decoded.
+.TP
+.I ht
+Print the handshake type.
+.TP
+.I H
+Print handshake type and highlights.
+.RE
+.TP
+\fIexpression\fP
 .RS
 Selects what packets ssldump will examine. Technically speaking,
 ssldump supports the full expression syntax from PCAP and tcpdump.
@@ -200,7 +240,7 @@
 don't result in incomplete TCP streams are listed here. 
 .LP
 The \fIexpression\fP consists of one or more
-.I primitives.
+.IR primitives .
 Primitives usually consist of an
 .I id
 (name or number) preceded by one or more qualifiers.  There are three
@@ -512,5 +552,11 @@
 .LP
 ssldump doesn't implement session caching and therefore can't decrypt
 resumed sessions.
-
-
+.LP
+.SH SEE ALSO
+.LP
+.BR tcpdump (1)
+.LP
+.SH AUTHOR
+.LP
+ssldump was written by Eric Rescorla <ekr at rtfm.com>.


--- NEW FILE ssldump.spec ---
Summary:	An SSLv3/TLS network protocol analyzer
Name:		ssldump
Version:	0.9
Release:	0.1.b3%{?dist}
License:	BSD with advertising
Group:		Applications/Internet
URL:		http://www.rtfm.com/%{name}/
Source0:	http://www.rtfm.com/%{name}/%{name}-%{version}b3.tar.gz
Source1:	README.FEDORA
Patch0:		ssldump-0.9-openssl.patch
Patch1:		ssldump-0.9-libpcap.patch
BuildRequires:	openssl-devel, %{_includedir}/pcap.h, autoconf, automake
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

%description
This program is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret them
as SSLv3/TLS traffic. When ssldump identifies SSLv3/TLS traffic, ssldump
decodes the records and displays them in a textual form to stdout. And if
provided with the appropriate keying material, ssldump will also decrypt
the connections and display the application data traffic. This program is
based on tcpdump, a network monitoring and data acquisition tool.

%prep
%setup -q -n %{name}-%{version}b3
%patch0 -p1 -b .openssl
%patch1 -p1 -b .libpcap
cp -pf %{SOURCE1} .

# Rebuilding of configure file is needed for Patch1
autoconf --force

# Copying config.{guess,sub} is required for x86_64
cp -pf %{_datadir}/automake-*/config.{guess,sub} .

%build
%configure \
  --with-pcap-inc=%{_includedir} --with-pcap-lib=%{_libdir} \
  --with-openssl-inc=%{_includedir} --with-openssl-lib=%{_libdir}
make %{?_smp_mflags}

%install
rm -rf $RPM_BUILD_ROOT
make install BINDIR="$RPM_BUILD_ROOT%{_sbindir}" \
  MANDIR="$RPM_BUILD_ROOT%{_mandir}" INSTALL='install -p'

# Correct permissions
chmod 644 $RPM_BUILD_ROOT%{_mandir}/man1/%{name}.1*

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root,-)
%doc ChangeLog COPYRIGHT CREDITS README README.FEDORA
%{_sbindir}/%{name}
%{_mandir}/man1/%{name}.1*

%changelog
* Sat Jan 23 2010 Robert Scheck <robert at fedoraproject.org> 0.9-0.1.b3
- Upgrade to 0.9b3
- Initial spec file for Fedora and Red Hat Enterprise Linux


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ssldump/F-11/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- .cvsignore	27 Jan 2010 05:27:25 -0000	1.1
+++ .cvsignore	28 Jan 2010 21:00:51 -0000	1.2
@@ -0,0 +1 @@
+ssldump-0.9b3.tar.gz


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ssldump/F-11/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- sources	27 Jan 2010 05:27:25 -0000	1.1
+++ sources	28 Jan 2010 21:00:51 -0000	1.2
@@ -0,0 +1 @@
+ac8c28fe87508d6bfb06344ec496b1dd  ssldump-0.9b3.tar.gz

More information about the scm-commits mailing list