From Robert Bullen via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8092 :

Add SSL segment data and SSL reassmebled data fields and improve readability of the hex/ASCII data blocks written to the SSL debug log

svn path=/trunk/; revision=46572

epan/dissectors/packet-ssl-utils.c

@@ -3917,13 +3917,19 @@ ssl_print_data(const gchar* name, const guchar* data, size_t len)
         return;
     fprintf(ssl_debug_file,"%s[%d]:\n",name, (int) len);
     for (i=0; i<len; i+=16) {
+        fprintf(ssl_debug_file,"| ");
         for (j=i, k=0; k<16 && j<len; ++j, ++k)
             fprintf(ssl_debug_file,"%.2x ",data[j]);
         for (; k<16; ++k)
             fprintf(ssl_debug_file,"   ");
-        fprintf(ssl_debug_file,"|");
-        for (j=i, k=0; k<16 && j<len; ++j, ++k)
-            fprintf(ssl_debug_file,"%c",isprint(data[j]) ? data[j] : '.');
+        fputc('|', ssl_debug_file);
+        for (j=i, k=0; k<16 && j<len; ++j, ++k) {
+            guchar c = data[j];
+            if (!isprint(c) || (c=='\t')) c = '.';
+            fputc(c, ssl_debug_file);
+        }
+        for (; k<16; ++k)
+            fputc(' ', ssl_debug_file);
         fprintf(ssl_debug_file,"|\n");
     }
 }

epan/dissectors/packet-ssl.c

@@ -249,6 +249,7 @@ static gint hf_pct_handshake_sig              = -1;
 static gint hf_pct_msg_error_type             = -1;
 static int hf_ssl_reassembled_in              = -1;
 static int hf_ssl_reassembled_length          = -1;
+static int hf_ssl_reassembled_data            = -1;
 static int hf_ssl_segments                    = -1;
 static int hf_ssl_segment                     = -1;
 static int hf_ssl_segment_overlap             = -1;
@@ -257,6 +258,7 @@ static int hf_ssl_segment_multiple_tails      = -1;
 static int hf_ssl_segment_too_long_fragment   = -1;
 static int hf_ssl_segment_error               = -1;
 static int hf_ssl_segment_count               = -1;
+static int hf_ssl_segment_data                = -1;
 
 static gint hf_ssl_heartbeat_extension_mode          = -1;
 static gint hf_ssl_heartbeat_message                 = -1;
@@ -313,11 +315,35 @@ static const fragment_items ssl_segment_items = {
     &hf_ssl_segment_count,
     &hf_ssl_reassembled_in,
     &hf_ssl_reassembled_length,
-    /* Reassembled data field */
-    NULL,
+    &hf_ssl_reassembled_data,
     "Segments"
 };
 
+/* These two "SSL segment data" items are factored out to obey DRY. */
+#define SSL_SEGMENT_DATA_TEXT "SSL segment data"
+
+static void
+ssl_proto_tree_add_segment_data(
+    proto_tree *  tree,
+    tvbuff_t *    tvb,
+    gint          offset,
+    gint          length,
+    const gchar * prefix)
+{
+    proto_tree_add_bytes_format(
+        tree,
+        hf_ssl_segment_data,
+        tvb,
+        offset,
+        length,
+        NULL,
+        "%s" SSL_SEGMENT_DATA_TEXT " (%u %s)",
+        prefix != NULL ? prefix : "",
+        length,
+        plurality(length, "byte", "bytes"));
+}
+
+
 /* ssl_session_hash is used by "Export SSL Session Keys" */
 GHashTable *ssl_session_hash   = NULL;
 
@@ -968,19 +994,17 @@ again:
      * the pdu).
      */
     if ((msp = se_tree_lookup32(flow->multisegment_pdus, seq))) {
-        const char* str;
+        const char* prefix;
 
         if (msp->first_frame == PINFO_FD_NUM(pinfo)) {
-            str = "";
+            prefix = "";
             col_set_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
         } else {
-            str = "Retransmitted ";
+            prefix = "Retransmitted ";
         }
 
         nbytes = tvb_reported_length_remaining(tvb, offset);
-        proto_tree_add_text(tree, tvb, offset, nbytes,
-                            "%sSSL segment data (%u byte%s)",
-                            str, nbytes, plurality(nbytes, "", "s"));
+        ssl_proto_tree_add_segment_data(tree, tvb, offset, nbytes, prefix);
         return;
     }
 
@@ -1138,9 +1162,7 @@ again:
                  * just raw TCP segment data.
                  */
                 nbytes = tvb_reported_length_remaining(tvb, offset);
-                proto_tree_add_text(tree, tvb, offset, -1,
-                                    "SSL segment data (%u byte%s)", nbytes,
-                                    plurality(nbytes, "", "s"));
+                ssl_proto_tree_add_segment_data(tree, tvb, offset, nbytes, NULL);
 
                 /*
                  * The subdissector thought it was completely
@@ -1302,9 +1324,7 @@ again:
          * was, and report it as a continuation of that, instead?
          */
         nbytes = tvb_reported_length_remaining(tvb, deseg_offset);
-        proto_tree_add_text(tree, tvb, deseg_offset, -1,
-                            "SSL segment data (%u byte%s)", nbytes,
-                            plurality(nbytes, "", "s"));
+        ssl_proto_tree_add_segment_data(tree, tvb, deseg_offset, nbytes, NULL);
     }
     pinfo->can_desegment = 0;
     pinfo->desegment_offset = 0;
@@ -5631,12 +5651,12 @@ proto_register_ssl(void)
             NULL, HFILL }},
 
         { &hf_ssl_segment,
-          { "SSL Segment", "ssl.segment",
+          { "SSL segment", "ssl.segment",
             FT_FRAMENUM, BASE_NONE, NULL, 0x0,
             NULL, HFILL }},
 
         { &hf_ssl_segments,
-          { "Reassembled SSL Segments", "ssl.segments",
+          { "Reassembled SSL segments", "ssl.segments",
             FT_NONE, BASE_NONE, NULL, 0x0,
             "SSL Segments", HFILL }},
 
@@ -5649,6 +5669,16 @@ proto_register_ssl(void)
           { "Reassembled PDU length", "ssl.reassembled.length",
             FT_UINT32, BASE_DEC, NULL, 0x0,
             "The total length of the reassembled payload", HFILL }},
+
+        { &hf_ssl_reassembled_data,
+          { "Reassembled PDU data", "ssl.reassembled.data",
+            FT_BYTES, BASE_NONE, NULL, 0x00,
+            "The payload of multiple reassembled SSL segments", HFILL }},
+
+        { &hf_ssl_segment_data,
+          { SSL_SEGMENT_DATA_TEXT, "ssl.segment.data",
+            FT_BYTES, BASE_NONE, NULL, 0x00,
+            "The payload of a single SSL segment", HFILL }},
     };
 
     /* Setup protocol subtree array */