IMAP: Add heuristic check for TLS

If the IMAP TCP stream doesn't include the STARTTLS command/response
the IMAP dissector will try to dissect TLS ciphertext as IMAP protocol
plaintext.

Add heuristic check for SSLv3/TLS and if the heuristic matches register
dissect_ssl() as the dissector for that IMAP session.

Change-Id: If84eca22315193a306e93e66c608de6634e6cd85
Reviewed-on: https://code.wireshark.org/review/13570
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>

1 files changed, 12 insertions, 0 deletions

diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 272dcb3f8b..f010f22c16 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -465,6 +465,18 @@ extern guint32
 ssl_starttls_ack(dissector_handle_t ssl_handle, packet_info *pinfo,
                  dissector_handle_t app_handle);
 
+/** Marks this packet as belonging to an SSL conversation started with STARTTLS.
+ * @param ssl_handle The dissector handle for SSL or DTLS.
+ * @param pinfo Packet Info.
+ * @param app_handle Dissector handle for the protocol inside the decrypted
+ * Application Data record.
+ * @return 0 for the first STARTTLS acknowledgement (success) or if ssl_handle
+ * is NULL. >0 if STARTTLS was started before.
+ */
+extern guint32
+ssl_starttls_post_ack(dissector_handle_t ssl_handle, packet_info *pinfo,
+                 dissector_handle_t app_handle);
+
 /** set the data and len for the stringInfo buffer. buf should be big enough to
  * contain the provided data
  @param buf the buffer to update