Not enough data. Found 45 bytes

[celesteking]

Getting that error. And I also don't get how this app was supposed to work. Shall it print certificate summary, exchanges, etc like Wireshark does? Because right now I'm only getting terse messages about flow directions and that's it.

# ssldump -d  -r   /tmp/del.bin      
New TCP connection #1: localhost(40422) <-> localhost(9339)
1 1  0.0001 (0.0001)  C>S  Handshake
      ClientHello
        Version 3.3 
        cipher suites
        Unknown value 0xc02b
        Unknown value 0xc02c
        Unknown value 0xc02f
        Unknown value 0xc030
        Unknown value 0xff
        compression methods
                  NULL
1 2  0.0020 (0.0018)  S>C  Handshake
      ServerHello
        Version 3.3 
        session_id[0]=

        cipherSuite         Unknown value 0xc02f
        compressionMethod                   NULL
1 3  0.0020 (0.0000)  S>C  Handshake
      Certificate
1 4  0.0020 (0.0000)  S>C  Handshake
      ServerKeyExchange
1 5  0.0020 (0.0000)  S>C  Handshake
      CertificateRequest
        certificate_types                   rsa_sign
        certificate_types                 unknown value
Not enough data. Found 45 bytes (expecting 32767)
1 6  0.0020 (0.0000)  S>C  Handshake
      ServerHelloDone
1    0.0022 (0.0002)  C>S  TCP FIN
1    0.0023 (0.0000)  S>C  TCP FIN

Where's SNI request, where's the cert sent by the server?
Compare that to wireshark. See attached.
a.zip

[wllm-rbnt]

Hi,

It seems that you're using an old version.
With current github release you should get this result with -A and -N options:

$ ./ssldump -AN -n -r /tmp/tmp/del.bin
New TCP connection #1: 127.0.0.1(40422) <-> 127.0.0.1(9339)
1 1  0.0001 (0.0001)  C>S V3.1(182)  Handshake
      ClientHello
        Version 3.3 
        random[32]=
          95 ef d8 e5 6b cd 3a ca b0 11 ac 0e 58 8b 71 76 
          41 30 13 42 03 71 3f c0 49 6b c4 40 d8 61 96 62 
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        compression methods
                  NULL
        extensions
          server_name
              host_name: rpcsrv.lan.local
        Extension type: 11 not yet implemented in ssldump
        Extension type: 10 not yet implemented in ssldump
        Extension type: 35 not yet implemented in ssldump
          next_protocol_negotiation
          application_layer_protocol_negotiation
          encrypt_then_mac
          extended_master_secret
          signature_algorithms
1 2  0.0020 (0.0018)  S>C V3.3(68)  Handshake
      ServerHello
        Version 3.3 
        random[32]=
          10 92 26 60 02 7b bb a6 a9 de 82 f6 ec 3f 93 fc 
          c1 e7 4c aa fd 57 13 47 44 4f 57 4e 47 52 44 01 
        session_id[0]=

        cipherSuite         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        compressionMethod                   NULL
        extensions
        Extension type: 35 not yet implemented in ssldump,
          renegotiation_info
          application_layer_protocol_negotiation
        Extension type: 11 not yet implemented in ssldump,
1 3  0.0020 (0.0000)  S>C V3.3(816)  Handshake
      Certificate
        Subject
          CN=rpcsrv.lan.local
          OU=grpc1
          O=Foo
        Issuer
          CN=ENC CA
        Serial         bf 17 56 d0 34 5b cf 82 
        Extensions
          Extension: X509v3 Basic Constraints
          Extension: X509v3 Subject Alternative Name
          Extension: X509v3 Extended Key Usage
1 4  0.0020 (0.0000)  S>C V3.3(333)  Handshake
      ServerKeyExchange
        params
Not enough data. Found 327 bytes (expecting 32767)
1 5    0.0020   (0.0000)    S>C   V3.3(56)    Handshake
        CertificateRequest
          certificate_types                       rsa_sign
          certificate_types           1 6    0.0020   (0.0000)    S>C   V3.3(4)    Handshake
        ServerHelloDone
  1      0.0022   (0.0002)    C>S    TCP FIN
  1      0.0023   (0.0000)    S>C    TCP FIN
Cleaning 0 remaining connection(s) from connection pool

Using -AN options with the version you have will probably result in a segfault (fixed by this commit).