https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3303
--- Comment #4 from Sake <sake@xxxxxxxxxx> 2009-04-22 07:49:36 PDT ---
Created an attachment (id=2959)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2959)
SVN-28088.cap
Hi Didier,
This is the trace which caused me to write the fix of SVN-28088. Have a look at
frame 7 in which the "Certificate" message which starts in frame 6 is continued
by reading X more bytes. After that there is still data left, but control is
given back at the TCP dissector which created a new SSL subtree for the
"ServerHelloDone" message that is also present in frame 7. Having another
subtree makes one belief that this message is actually an SSL record within an
SSL record, which is not the case. By supplying the whole frame to the SSL
dissector, it loops through the available SSL records in the frame and lists
them under the SSL subtree.
I hope this clarification makes you agree that this is a more accurate way of
showing things :-)
Cheers,
Sake
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
