Wireshark mailing list archives

Re: Supported GnuTLS/glib/libgcrypt versions?

From: Peter Wu <peter () lekensteyn nl>
Date: Wed, 14 Oct 2015 20:25:57 +0200

On Mon, Oct 12, 2015 at 02:02:18PM -0400, Jeff Morriss wrote:

On 10/11/15 17:32, Peter Wu wrote:

Hi,

Michal reported to me that a recent change in the SSL dissector was not
compatible with older GnuTLS versions[1].

The changes introduced the use of functions gnutls_pubkey_import and
gnutls_pubkey_import_rsa_raw which were introduced with GnuTLS 2.12.0 in
2011-03-24 (2.11.3 development). Michal is using (RHEL6?) GnuTLS 2.8.5
(released in November 2009).

Since the minimum Qt4 version for upcoming Wireshark 2.0 is already
higher than what RHEL6 ships, would you mind if the GnuTLS version is
also bumped?


Since GnuTLS is optional [and I don't do decryption very often ;-)] I don't
really mind.  I can't say that I know how much the rest of the RHEL 6 world
uses decryption though.


Looks like GnuTLS is only needed if you have to supply a RSA private
key. When using the SSL keylog file, having just libgcrypt is
sufficient. Currently the SSL dissector requires both to be present for
decryption, but that is an unnecessary restriction. I'll move code
around so that at least decryption with a SSL keylog file can be
supported.

But you do raise a good point: I should start doing test compiles of the 2.0
rc on RHEL 6.  I hadn't realized my users would have to continue using the
Gtk+ GUI.  Too bad...


I have started testing with cmake + CentOS 6, it is not doing bad. At
least these fixes are needed to fix the build:
https://code.wireshark.org/review/10916
https://code.wireshark.org/review/11041

GnuTLS needs more work, for now it RHEL6 support for decryption with a
RSA private key will be dropped. Maybe I'll find a solution later.
The version check is updated at https://code.wireshark.org/review/11044.

Speaking of bumping library versions, can we also bump the glib and
libgcrypt versions? Current versions are glib 2.14 and libgcrypt
1.1.92. If we could go to glib 2.28 (Feb 2011) and gcrypt 1.5.0 (Jun
2011), it would enable us to use newer functions such as
g_list_free_full.


The glib change is OK for me (for RHEL 6) but it does appear to mean we'd
lose support for all SLES versions; I'd tend to think that would be a bad
thing.


I made a mistake, SLES 12 includes glib2 2.38.2, the wiki is now updated
to reflect that. For now the minimum gcrypt version is 1.4.2
(https://code.wireshark.org/review/11043).
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Supported GnuTLS/glib/libgcrypt versions? Peter Wu (Oct 11)
- Re: Supported GnuTLS/glib/libgcrypt versions? Michal Labedzki (Oct 11)
- Re: Supported GnuTLS/glib/libgcrypt versions? Jeff Morriss (Oct 12)
  - Re: Supported GnuTLS/glib/libgcrypt versions? Gerald Combs (Oct 12)
    - Re: Supported GnuTLS/glib/libgcrypt versions? Jeff Morriss (Oct 12)
  - Re: Supported GnuTLS/glib/libgcrypt versions? Peter Wu (Oct 14)
    - Re: Supported GnuTLS/glib/libgcrypt versions? Jeff Morriss (Oct 15)
    - Re: Supported GnuTLS/glib/libgcrypt versions? Anders Broman (Oct 15)
    - Re: Supported GnuTLS/glib/libgcrypt versions? Peter Wu (Oct 15)
    - Re: Supported GnuTLS/glib/libgcrypt versions? Guy Harris (Oct 15)
    - Re: Supported GnuTLS/glib/libgcrypt versions? Peter Wu (Oct 15)