From Paolo Abeni:
authesserre samuel <sauthess@gmail.com> kindly pointed out an issue with session renegotiation in the current ssl decryption code. Encrypted handshake message are decrypted, but the dissector try to interpret the encrypted code. Renegotiation messages are therefore ignored. The attached pcap trace and key can be used to trigger the issue. The attached patch fix the problem storing the decrypted version of encrypted handshake message and dissecting it when available. The patch also fix bad issue with des cipher (alike the issue fixed in my previous post) svn path=/trunk/; revision=18081
diff --git a/gtk/ssl-dlg.c b/gtk/ssl-dlg.c
index 8f3034534b..44787804ce 100644
--- a/gtk/ssl-dlg.c
+++ b/gtk/ssl-dlg.c
@@ -141,10 +141,10 @@ ssl_queue_packet_data(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_
follow_info_t* follow_info = tapdata;
SslDecryptedRecord* rec;
int proto_ssl = (int) ssl;
- StringInfo* data = p_get_proto_data(pinfo->fd, proto_ssl);
+ SslPacketInfo* pi = p_get_proto_data(pinfo->fd, proto_ssl);
/* skip packet without decrypted data payload*/
- if (!data)
+ if (!pi || !pi->app_data.data)
return 0;
/* compute packet direction */
@@ -162,10 +162,10 @@ ssl_queue_packet_data(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_
rec->is_server = 1;
/* update stream counter */
- follow_info->bytes_written[rec->is_server] += data->data_len;
+ follow_info->bytes_written[rec->is_server] += pi->app_data.data_len;
/* extract decrypted data and queue it locally */
- rec->data = data;
+ rec->data = &pi->app_data;
follow_info->ssl_decrypted_data = g_list_append(