From Peter Wu

Add RFC6066 CertificateUrl TLS extension

This is not supported by OpenSSL or NSS, the extension itself seems
unsafe, but some implementations seem to support it[1].

Untested, no capture available.

 [1]: http://www.ietf.org/mail-archive/web/tls/current/msg02535.html

svn path=/trunk/; revision=53417

1 files changed, 6 insertions, 0 deletions

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 020f0105dc..19e9d85de7 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -484,6 +484,7 @@ const value_string ssl_31_handshake_type[] = {
     { SSL_HND_CERT_VERIFY,       "Certificate Verify" },
     { SSL_HND_CLIENT_KEY_EXCHG,  "Client Key Exchange" },
     { SSL_HND_FINISHED,          "Finished" },
+    { SSL_HND_CERT_URL,          "Client Certificate URL" },
     { SSL_HND_CERT_STATUS,       "Certificate Status" },
     { SSL_HND_ENCRYPTED_EXTS,    "Encrypted Extensions" },
     { 0x00, NULL }
@@ -1075,6 +1076,11 @@ const value_string tls_certificate_type[] = {
     { 0, NULL }
 };
 
+const value_string tls_cert_chain_type[] = {
+    { SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT,    "Individual Certificates" },
+    { SSL_HND_CERT_URL_TYPE_PKIPATH,            "PKI Path" },
+};
+
 const value_string tls_cert_status_type[] = {
     { SSL_HND_CERT_STATUS_TYPE_OCSP,            "OCSP" },
     { SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI,      "OCSP Multi" },