From Paolo Abeni:

authesserre samuel <sauthess@gmail.com> kindly pointed out an issue with session renegotiation in the current ssl decryption code. 

Encrypted handshake message are decrypted, but the dissector try to interpret the encrypted code. Renegotiation messages are therefore ignored. The attached pcap trace and key can be used to trigger the issue.

The attached patch fix the problem storing the decrypted version of encrypted handshake message and dissecting it when available. The patch also fix bad issue with des cipher (alike the issue fixed in my previous post)


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@18081 f5534014-38df-0310-8fa8-9805f1628bb7

1 files changed, 12 insertions, 4 deletions

diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index f852e5c4c3..4a4f71aeba 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -113,10 +113,18 @@ typedef struct _SslDecoder {
 #define DIG_MD5         0x40
 #define DIG_SHA         0x41
 
-/*typedef struct _SslService {
-    address addr;
-    guint port;
-} SslService;*/
+struct tvbuff;
+
+typedef struct _SslRecordInfo {
+    struct tvbuff* tvb;
+    int id;
+    struct _SslRecordInfo* next;
+} SslRecordInfo;
+
+typedef struct {
+    StringInfo app_data;
+    SslRecordInfo* handshake_data; 
+} SslPacketInfo;
 
 typedef struct _SslDecryptSession {
     unsigned char _master_secret[48];