Hi,
Triggered by bug 1503 I made some enhancements to the SSL dissector. I
attached a patch to bug 1503 with the following enhancements:
- changed hf_ssl_handshake_client_version and hf_ssl_handshake_server_version
to hf_ssl_handshake_version. Since both were added with the field
ssl.handshake.version, it was only possible to filter on the first one
registered (which was hf_ssl_handshake_client_version). Now
ssl.handshake.version shows both client and server handshake messages
- changed dissect_ssl2_hnd_client_hello to use hf_ssl_handshake_version
instead of hf_ssl_record_version. SSLv2 client hello's did not display
when the filter ssl.handshake.version == 0x0002 was used, only SSLv2
server hello's were displayed. Now they are both displayed
- Added generated hf_ssl_record_version to SSLv2 handshake. Since SSLv2
does not include a record layer version field (unlike SSLv3), this field
is generated so that all packets with a SSLv2 record layer can be
filtered out.
[this is actually what bug 1503 was all about]
- changed hf_ssl2_record to hf_ssl_record. Both hf_ssl2_record and
hf_ssl_record pointed to the field ssl.record, which resulted in
only SSLv3 packets being shown with the filter ssl.record (because
hf_ssl_record was registered first).
Can someone please review this patch?
Cheers,
Sake
