Wireshark-dev: [Wireshark-dev] [PATCH] Fix for bug 1503 : SSL dissector enhancements
From: Sake Blok <[email protected]>
Date: Sun, 1 Apr 2007 22:44:50 +0200

Triggered by bug 1503 I made some enhancements to the SSL dissector. I
attached a patch to bug 1503 with the following enhancements:

- changed hf_ssl_handshake_client_version and hf_ssl_handshake_server_version 
  to hf_ssl_handshake_version. Since both were added with the field 
  ssl.handshake.version, it was only possible to filter on the first one 
  registered (which was hf_ssl_handshake_client_version). Now 
  ssl.handshake.version shows both client and server handshake messages

- changed dissect_ssl2_hnd_client_hello to use hf_ssl_handshake_version 
  instead of hf_ssl_record_version. SSLv2 client hello's did not display 
  when the filter ssl.handshake.version == 0x0002 was used, only SSLv2 
  server hello's were displayed. Now they are both displayed

- Added generated hf_ssl_record_version to SSLv2 handshake. Since SSLv2
  does not include a record layer version field (unlike SSLv3), this field 
  is generated so that all packets with a SSLv2 record layer can be 
  filtered out.
  [this is actually what bug 1503 was all about]

- changed hf_ssl2_record to hf_ssl_record. Both hf_ssl2_record and 
  hf_ssl_record pointed to the field ssl.record, which resulted in 
  only SSLv3 packets being shown with the filter ssl.record (because 
  hf_ssl_record was registered first).

Can someone please review this patch?