Bug #1132 basically states that when decrypting HTTP payload from an SSL
session with multiple SSL records, there are multiple tabs on the bottom
of the screen. These tabs each have the byte count of both SSL records
combined and the HTTP dissection is done twice in the tree with
identical information in each. In packet #19 from rsasnakeoil2.cap on
the Wiki, the first record is the headers including content-type and the
second is the line-based data. IMAP over SSL splits its data into
multiple records too.
The SSL dissector currently stores the last record it comes across as
per packet info (p_add_proto_data() and friends). I introduced singly
linked lists to this process so that each record could be stored and
displayed separately. This works fine, however... the second record is
now interpreted simply as data. This is happening because the second
call to the http dissector didn't see the content-type (from the first
call). This breaks showing things like images or line-based data in the
tree. Does anyone have an idea on a way to solve this?
Thanks,
Steve
