2 files changed, 48 insertions, 34 deletions

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index d25a694d98..3bf475a7ef 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -2371,10 +2371,12 @@ ssl_association_add(GTree* associations, dissector_handle_t handle, guint port,
   if(!assoc->handle){
     fprintf(stderr, "association_add() could not find handle for protocol:%s\n",protocol);
   } else {
-    if(tcp)
-      dissector_add("tcp.port", port, handle);
-    else
-      dissector_add("udp.port", port, handle);
+    if(port) { 
+      if(tcp)
+	dissector_add("tcp.port", port, handle);
+      else
+	dissector_add("udp.port", port, handle);
+    }
     g_tree_insert(associations, assoc, assoc);
   }
 }
@@ -2638,8 +2640,12 @@ ssl_parse_key_list(const gchar * keys_list, GHashTable *key_hash, GTree* associa
     } else {
       sscanf(addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]);
     }
-    
-    service->port = atoi(port);
+
+    if(!strcmp("start_tls", port)) {
+      service->port = 0;
+    } else {
+      service->port = atoi(port);
+    }
     ssl_debug_printf("ssl_init addr '%hhu.%hhu.%hhu.%hhu' port '%d' filename '%s' password(only for p12 file) '%s'\n",
 		     ip[0], ip[1], ip[2], ip[3], service->port, filename, cert_passwd);
 
@@ -2676,7 +2682,7 @@ ssl_parse_key_list(const gchar * keys_list, GHashTable *key_hash, GTree* associa
     } 
     g_hash_table_insert(key_hash, service, private_key);
 
-    ssl_association_add(associations, handle, atoi(port), protocol, tcp, TRUE);
+    ssl_association_add(associations, handle, service->port, protocol, tcp, TRUE);
 
   } while (end != NULL);
   free(tmp);
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index e69cf19451..2a33e1c330 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -117,6 +117,7 @@
 #include <epan/report_err.h>
 #include <epan/expert.h>
 #include "inet_v6defs.h"
+#include "packet-x509if.h"
 #include "packet-ssl.h"
 #include "packet-ssl-utils.h"
 #include <wiretap/file_util.h>
@@ -408,7 +409,7 @@ static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
 
 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
                                       proto_tree *tree,
-                                      guint32 offset);
+                                      guint32 offset, packet_info *pinfo);
 
 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
                                       proto_tree *tree,
@@ -503,14 +504,14 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
     SslDecryptSession* ssl_session;
     guint* conv_version;
     Ssl_private_key_t * private_key;
-
+    guint32 port;
 
     ti = NULL;
     ssl_tree   = NULL;
     offset = 0;
     first_record_in_frame = TRUE;
     ssl_session = NULL;
-
+    port = 0;
 
 
     ssl_debug_printf("\ndissect_ssl enter frame #%u (%s)\n", pinfo->fd->num, (pinfo->fd->flags.visited)?"already visited":"first time");
@@ -555,11 +556,11 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
         /* we need to know witch side of conversation is speaking*/
         if (ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)) {
             dummy.addr = pinfo->src;
-            dummy.port = pinfo->srcport;
+            dummy.port = port = pinfo->srcport;
         }
         else {
             dummy.addr = pinfo->dst;
-            dummy.port = pinfo->destport;
+            dummy.port = port = pinfo->destport;
         }
         ssl_debug_printf("dissect_ssl server %s:%u\n",
             address_to_str(&dummy.addr),dummy.port);
@@ -572,24 +573,32 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
         
         ssl_session->private_key = 0;
         private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
+
         if (!private_key) {
-            ssl_debug_printf("dissect_ssl can't find private key for this server! Try it again with universal address 0.0.0.0\n");
+            ssl_debug_printf("dissect_ssl can't find private key for this server! Try it again with universal port 0\n");
+ 
+            dummy.port = 0;
+            private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
+	}
+
+        if (!private_key) {
+            ssl_debug_printf("dissect_ssl can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0\n");
  
             dummy.addr.type = AT_IPv4;
             dummy.addr.len = 4;
             dummy.addr.data = ip_addr_any;
             
-            private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
+	    dummy.port = port;
 
-            if (!private_key) {
-            	ssl_debug_printf("dissect_ssl can't find any private key!\n");
-            }	
-            else {
-              ssl_session->private_key = private_key->sexp_pkey;	
-            }
-        }  else	{
-        	ssl_session->private_key = private_key->sexp_pkey;
-        }  
+            private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
+	}
+         
+	if (!private_key) {
+	  ssl_debug_printf("dissect_ssl can't find any private key!\n");
+	}	
+	else {
+	  ssl_session->private_key = private_key->sexp_pkey;	
+	}
         
     }
     conv_version= & ssl_session->version;
@@ -1836,7 +1845,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                 break;
 
             case SSL_HND_CERT_REQUEST:
-                dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset);
+                dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset, pinfo);
                 break;
 
             case SSL_HND_SVR_HELLO_DONE:
@@ -2337,7 +2346,7 @@ dissect_ssl3_hnd_cert(tvbuff_t *tvb,
 
 static void
 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
-                          proto_tree *tree, guint32 offset)
+                          proto_tree *tree, guint32 offset, packet_info *pinfo)
 {
     /*
      *    enum {
@@ -2356,10 +2365,13 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
     proto_tree *ti;
     proto_tree *subtree;
     guint8      cert_types_count;
-    gint         dnames_length;
+    gint        dnames_length;
+    asn1_ctx_t  asn1_ctx;
     cert_types_count = 0;
     dnames_length = 0;
 
+    asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
     if (tree)
     {
         cert_types_count = tvb_get_guint8(tvb, offset);
@@ -2422,13 +2434,9 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
                 offset += 2;
 
                 tvb_ensure_bytes_exist(tvb, offset, name_length);
-                proto_tree_add_bytes_format(subtree,
-                                            hf_ssl_handshake_dname,
-                                            tvb, offset, name_length,
-                                            tvb_get_ptr(tvb, offset, name_length),
-                                            "Distinguished Name (%u byte%s)",
-                                            name_length,
-                                            plurality(name_length, "", "s"));
+
+		(void) dissect_x509if_DistinguishedName(FALSE, tvb, offset, &asn1_ctx, subtree, hf_ssl_handshake_dname);
+
                 offset += name_length;
             }
         }
@@ -4164,7 +4172,7 @@ proto_register_ssl(void)
         },
         { &hf_ssl_handshake_dname,
           { "Distinguished Name", "ssl.handshake.dname",
-            FT_BYTES, BASE_NONE, NULL, 0x0,
+            FT_NONE, BASE_NONE, NULL, 0x0,
             "Distinguished name of a CA that server trusts", HFILL }
         },
         { &hf_ssl2_handshake_challenge,