From 5db240f29186c11f5fdc51a51c40e7836db6ace4 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Fri, 16 May 2014 11:23:44 -0700
Subject: [PATCH] update baselines & add ocsp leak check

---
 testing/btest/core/leaks/x509_ocsp_verify.bro | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 testing/btest/core/leaks/x509_ocsp_verify.bro

diff --git a/testing/btest/core/leaks/x509_ocsp_verify.bro b/testing/btest/core/leaks/x509_ocsp_verify.bro
new file mode 100644
index 0000000000..1b21e8609a
--- /dev/null
+++ b/testing/btest/core/leaks/x509_ocsp_verify.bro
@@ -0,0 +1,19 @@
+# Needs perftools support.
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 30
+
+@load base/protocols/ssl
+
+event ssl_stapled_ocsp(c: connection, is_orig: bool, response: string)
+	{
+	local chain: vector of opaque of x509 = vector();
+	for ( i in c$ssl$cert_chain )
+		chain[i] = c$ssl$cert_chain[i]$x509$handle;
+
+	print x509_ocsp_verify(chain, response, SSL::root_certs);
+	}