Merge remote-tracking branch 'origin/master' into topic/bbannier/spicy-issue-1600

2025-10-02 14:48:21 +00:00 · 2023-11-28 14:29:20 +01:00 · 2023-11-28 14:29:20 +01:00 · 30b32ee753
commit 30b32ee753
parent b38b5b21b7 2284ad4b85
6 changed files with 23 additions and 4 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+6.2.0-dev.189 | 2023-11-27 21:35:26 +0100
+
+  * OCSP: Open-code unknown revoke reason strings (Arne Welzel, Corelight)
+
+    OpenSSL 3.2.0 knows about more reasons. Add some backwards compatibility.
+
+    Reference: https://github.com/openssl/openssl/commit/1c8a7f5091e2c5aebc043be86bcbedc6947e1c6f
+
 6.2.0-dev.187 | 2023-11-23 17:19:51 +0000

  * Spicy: allow providing file id in zeek::file_begin (Johanna Amann, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-6.2.0-dev.187
+6.2.0-dev.189
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 35b5d2daf1578d00eae08012b83d3b59f71d00e4
+Subproject commit 58bcac3d97bacd2bcb55feb5488893094ed4f6d1
--- a/src/file_analysis/analyzer/x509/OCSP.cc
+++ b/src/file_analysis/analyzer/x509/OCSP.cc
@ -506,6 +506,17 @@ void OCSP::ParseResponse(OCSP_RESPONSE* resp) {

            if ( reason != OCSP_REVOKED_STATUS_NOSTATUS ) {
                const char* revoke_reason = OCSP_crl_reason_str(reason);
+
+#if OPENSSL_VERSION_NUMBER < 0x30200000L
+                // OpenSSL 3.2.0 and later return the right strings for
+                // OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN (9) and
+                // OCSP_REVOKED_STATUS_AACOMPROMISE (10).
+                //
+                // For versions older than that, fix it up by hand.
+                if ( (reason == 9 || reason == 10) && zeek::util::streq(revoke_reason, "(UNKNOWN)") ) {
+                    revoke_reason = reason == 9 ? "privilegeWithdrawn" : "aACompromise";
+                }
+#endif
                rvl.emplace_back(make_intrusive<StringVal>(strlen(revoke_reason), revoke_reason));
            }
            else
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-revoked/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-revoked/.stdout
@ -12,7 +12,7 @@ ocsp_response_bytes, successful, 0, F6215E926EB3EC41FE08FC25F09FB1B9A0344A10, XX
 request, 0, 
 request cert, sha1, 74241467069FF5E0983F5E3E1A6BA0652A541575, 0159ABE7DD3A0B59A66463D6CF200757D591E76A, 0150C0C06D53F9D39205D84EFB5F2BA4
 ocsp_response_status, successful
-ocsp_response_certificate, sha1, 74241467069FF5E0983F5E3E1A6BA0652A541575, 0159ABE7DD3A0B59A66463D6CF200757D591E76A, 0150C0C06D53F9D39205D84EFB5F2BA4, revoked, XXXXXXXXXX.XXXXXX, (UNKNOWN), XXXXXXXXXX.XXXXXX, XXXXXXXXXX.XXXXXX
+ocsp_response_certificate, sha1, 74241467069FF5E0983F5E3E1A6BA0652A541575, 0159ABE7DD3A0B59A66463D6CF200757D591E76A, 0150C0C06D53F9D39205D84EFB5F2BA4, revoked, XXXXXXXXXX.XXXXXX, privilegeWithdrawn, XXXXXXXXXX.XXXXXX, XXXXXXXXXX.XXXXXX
 ocsp_response_bytes, successful, 0, F6215E926EB3EC41FE08FC25F09FB1B9A0344A10, XXXXXXXXXX.XXXXXX, sha1WithRSAEncryption
 request, 0, 
 request cert, sha1, 74241467069FF5E0983F5E3E1A6BA0652A541575, 0159ABE7DD3A0B59A66463D6CF200757D591E76A, 017447CB30072EE15B9C1B057B731C5A
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-revoked/ocsp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-revoked/ocsp.log
@ -9,6 +9,6 @@
 #types	time	string	string	string	string	string	string	time	string	time	time
 XXXXXXXXXX.XXXXXX	Fv1Mrl4zObGy9drLdg	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	010BF45E184C4169AB61B41168DF802E	revoked	XXXXXXXXXX.XXXXXX	superseded	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX
 XXXXXXXXXX.XXXXXX	F7TCyr1Y6YSyUVOW5	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	013D34BFD6348EBA231D6925768ACD87	revoked	XXXXXXXXXX.XXXXXX	unspecified	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX
-XXXXXXXXXX.XXXXXX	FmK7Wj1W7PV2RclIig	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	0150C0C06D53F9D39205D84EFB5F2BA4	revoked	XXXXXXXXXX.XXXXXX	(UNKNOWN)	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX
+XXXXXXXXXX.XXXXXX	FmK7Wj1W7PV2RclIig	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	0150C0C06D53F9D39205D84EFB5F2BA4	revoked	XXXXXXXXXX.XXXXXX	privilegeWithdrawn	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX
 XXXXXXXXXX.XXXXXX	FfpvoO3DJXnAcoNnp4	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	017447CB30072EE15B9C1B057B731C5A	revoked	XXXXXXXXXX.XXXXXX	keyCompromise	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX
 #close XXXX-XX-XX-XX-XX-XX