SSL/GH-2211: Address review feedback, remove USE_FLIPPED

It turns out that we can just do this by using an argument.
2025-10-02 06:38:20 +00:00 · 2022-07-05 13:23:18 +01:00 · 2022-07-05 13:23:18 +01:00 · 2315d0344a
commit 2315d0344a
parent e14eddeb97
4 changed files with 5 additions and 14 deletions
--- a/src/analyzer/protocol/ssl/proc-certificate.pac
+++ b/src/analyzer/protocol/ssl/proc-certificate.pac
@ -1,20 +1,12 @@
-function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool
+function proc_certificate(is_orig: bool, is_flipped: bool, certificates : bytestring[]) : bool
 	%{
 	if ( certificates->size() == 0 )
 		return true;

-	// this has to execute in both contexts, ssl and tls-handshake. In one we have flipped_,
-	// in the other we have ssl_analyzer()->GetFlipped(). And in both cases the other case
-	// does not work (and cannot be made to work easily).
-
-#ifndef USE_FLIPPED
-	bool flipped_ = zeek_analyzer()->GetFlipped();
-#endif
-
 	zeek::ODesc common;
 	common.AddRaw("Analyzer::ANALYZER_SSL");
 	common.Add(zeek_analyzer()->Conn()->StartTime());
-	common.AddRaw(is_orig ^ flipped_ ? "T" : "F", 1);
+	common.AddRaw(is_orig ^ is_flipped ? "T" : "F", 1);
 	zeek_analyzer()->Conn()->IDString(&common);

 	static const string user_mime = "application/x-x509-user-cert";
@ -39,7 +31,7 @@ function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool

 		zeek::file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()),
 		                       cert.length(), zeek_analyzer()->GetAnalyzerTag(),
-		                       zeek_analyzer()->Conn(), is_orig ^ flipped_,
+		                       zeek_analyzer()->Conn(), is_orig ^ is_flipped,
 		                       file_id, i == 0 ? user_mime : ca_mime);
 		zeek::file_mgr->EndOfFile(file_id);
 		}
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@ -103,7 +103,7 @@ refine connection SSL_Conn += {
 	function proc_v2_certificate(is_orig: bool, cert : bytestring) : bool
 		%{
 		vector<bytestring>* cert_list = new vector<bytestring>(1,cert);
-		bool ret = proc_certificate(is_orig, cert_list);
+		bool ret = proc_certificate(is_orig, zeek_analyzer()->GetFlipped(), cert_list);
 		delete cert_list;
 		return ret;
 		%}
--- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@ -377,7 +377,7 @@ refine connection Handshake_Conn += {
 		std::transform(certs->begin(), certs->end(),
 		std::back_inserter(*cert_list), extract_certs());

-		bool ret = proc_certificate(is_orig, cert_list);
+		bool ret = proc_certificate(is_orig, flipped_, cert_list);
 		delete cert_list;
 		return ret;
 		%}
--- a/src/analyzer/protocol/ssl/tls-handshake.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake.pac
@ -8,7 +8,6 @@

 #include "zeek/analyzer/protocol/ssl/types.bif.h"
 #include "zeek/analyzer/protocol/ssl/events.bif.h"
-#define USE_FLIPPED
 %}

 analyzer TLSHandshake withcontext {