Revision history [back]

Can I assume the elements in tls.handshake.certificate are in order?

Hi guys, I'm using tshark to parse pcap into json, my command is as following: tshark -r xxx.pcap -T json --no-duplicate-keys tls > xxx.json

Then I need to get certs from tls's Certificate record. I find out that the certs are stored as list of strings with the key "tls.handshake.certificate", like this: