Convert more redef-able constants to runtime options

2025-10-11 19:18:19 +00:00 · 2018-08-24 16:05:44 -05:00 · 2018-08-24 16:05:44 -05:00 · 01a899255e
commit 01a899255e
parent 4912513517
36 changed files with 72 additions and 72 deletions
--- a/scripts/policy/protocols/ssl/extract-certs-pem.bro
+++ b/scripts/policy/protocols/ssl/extract-certs-pem.bro
@ -19,7 +19,7 @@ export {
 	## Control if host certificates offered by the defined hosts
 	## will be written to the PEM certificates file.
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.
-	const extract_certs_pem = LOCAL_HOSTS &redef;
+	option extract_certs_pem = LOCAL_HOSTS;
 }

 # This is an internally maintained variable to prevent relogging of
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@ -29,7 +29,7 @@ export {
 	
 	## The certificates whose existence should be logged and tracked.
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.
-	const cert_tracking = LOCAL_HOSTS &redef;
+	option cert_tracking = LOCAL_HOSTS;

 	## Toggles between different implementations of this script.
 	## When true, use a Broker data store, else use a regular Bro set
@ -52,11 +52,11 @@ export {

 	## The expiry interval of new entries in :bro:see:`Known::cert_store`.
 	## This also changes the interval at which certs get logged.
-	const cert_store_expiry = 1day &redef;
+	option cert_store_expiry = 1day;

 	## The timeout interval to use for operations against
 	## :bro:see:`Known::cert_store`.
-	const cert_store_timeout = 15sec &redef;
+	option cert_store_timeout = 15sec;

 	## The set of all known certificates to store for preventing duplicate 
 	## logging. It can also be used from other scripts to 
--- a/scripts/policy/protocols/ssl/notary.bro
+++ b/scripts/policy/protocols/ssl/notary.bro
@ -12,7 +12,7 @@ export {
 	};

 	## The notary domain to query.
-	const domain = "notary.icsi.berkeley.edu" &redef;
+	option domain = "notary.icsi.berkeley.edu";
 }

 redef record SSL::Info += {
--- a/scripts/policy/protocols/ssl/weak-keys.bro
+++ b/scripts/policy/protocols/ssl/weak-keys.bro
@ -42,7 +42,7 @@ export {

 	## Warn if a server negotiates an unsafe cipher suite. By default, we only warn when
 	## encountering old export cipher suites, or RC4 (see RFC7465).
-	const unsafe_ciphers_regex = /(_EXPORT_)|(_RC4_)/ &redef;
+	option unsafe_ciphers_regex = /(_EXPORT_)|(_RC4_)/;
 }

 # We check key lengths only for DSA or RSA certificates. For others, we do