Hi, Triggered by bug 1503 I made some enhancements to the SSL dissector. I attached a patch to bug 1503 with the following enhancements:
- changed hf_ssl_handshake_client_version and hf_ssl_handshake_server_version to hf_ssl_handshake_version. Since both were added with the field ssl.handshake.version, it was only possible to filter on the first one registered (which was hf_ssl_handshake_client_version). Now ssl.handshake.version shows both client and server handshake messages - changed dissect_ssl2_hnd_client_hello to use hf_ssl_handshake_version instead of hf_ssl_record_version. SSLv2 client hello's did not display when the filter ssl.handshake.version == 0x0002 was used, only SSLv2 server hello's were displayed. Now they are both displayed - Added generated hf_ssl_record_version to SSLv2 handshake. Since SSLv2 does not include a record layer version field (unlike SSLv3), this field is generated so that all packets with a SSLv2 record layer can be filtered out. [this is actually what bug 1503 was all about] - changed hf_ssl2_record to hf_ssl_record. Both hf_ssl2_record and hf_ssl_record pointed to the field ssl.record, which resulted in only SSLv3 packets being shown with the filter ssl.record (because hf_ssl_record was registered first). Can someone please review this patch? Cheers, Sake _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
