OCSP: Open-code unknown revoke reason strings

OpenSSL 3.2.0 knows about more reasons. Add some backwards compatibility. Reference: 1c8a7f5091
2025-10-02 06:38:20 +00:00 · 2023-11-27 20:44:42 +01:00 · 2023-11-27 20:44:42 +01:00 · 02d00a1984
commit 02d00a1984
parent 5baa2841e8
3 changed files with 13 additions and 2 deletions
--- a/src/file_analysis/analyzer/x509/OCSP.cc
+++ b/src/file_analysis/analyzer/x509/OCSP.cc
@ -506,6 +506,17 @@ void OCSP::ParseResponse(OCSP_RESPONSE* resp) {

            if ( reason != OCSP_REVOKED_STATUS_NOSTATUS ) {
                const char* revoke_reason = OCSP_crl_reason_str(reason);
+
+#if OPENSSL_VERSION_NUMBER < 0x30200000L
+                // OpenSSL 3.2.0 and later return the right strings for
+                // OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN (9) and
+                // OCSP_REVOKED_STATUS_AACOMPROMISE (10).
+                //
+                // For versions older than that, fix it up by hand.
+                if ( (reason == 9 || reason == 10) && zeek::util::streq(revoke_reason, "(UNKNOWN)") ) {
+                    revoke_reason = reason == 9 ? "privilegeWithdrawn" : "aACompromise";
+                }
+#endif
                rvl.emplace_back(make_intrusive<StringVal>(strlen(revoke_reason), revoke_reason));
            }
            else