Wireshark · Ethereal-dev: [Ethereal-dev] Enhancement request to http dissector

[Yaniv Kaul <ykaul@xxxxxxxxxxxxxx>]

In some cases, what begins as HTTP turns to HTTPS. The easiest example 
is HTTPS via a proxy connection.
Today, Ethereal tries to dissect it as HTTP, then when SSL begins it 
switches to show only 'Continuation' - the data only.
I suggest that it will try to dissect it as SSL.
To do it in a clever way, I'd like to use packet-ssl's functions 
ssl_looks_like_sslv2() / ssl_looks_like_sslv3() in order to determine 
first if it might be indeed SSL.
To do so, I'd like to:
(1) Move the zillion #define's in packet-ssl.c to packet-ssl.h (a good 
practice anyway?)
(2) COPY the above mentioned functions from packet-ssl.c to 
packet-http.c and use it them (and include packet-ssl.h for the 
definitions).

The call for those functions (and if successful to the ssl dissector) 
would be done from packet-http.c, I'm not really sure where exactly I 
should do it (I'd like to as soon as possible once failed to identify it 
as HTTP - perhaps around line 271)

I'd like to get comments about it before I'll do it.