now passing btest

scripts/policy/protocols/ssl/ssl-verbose.bro

@@ -4,7 +4,7 @@
 
 @load base/protocols/ssl
 @load base/files/x509
-@load base/utils/directions-and-hosts
+@load ./extract-certs-pem.bro
 
 module SSL;
 
@@ -36,40 +36,16 @@ export {
 	## Control if host certificates offered by the defined hosts
 	## will be written to the PEM certificates file.
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.
-	const extract_certs_pem = ALL_HOSTS &redef;
+	redef extract_certs_pem = ALL_HOSTS;
 }
 
-# This is an internally maintained variable to prevent relogging of
-# certificates that have already been seen.  It is indexed on an sha1 sum of
-# the certificate.
-global extracted_certs: set[string] = set() &read_expire=1hr &redef;
-
 event ssl_established(c: connection) &priority=5
 	{
 	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 ||
 	     ! c$ssl$cert_chain[0]?$x509 )
 		return;
 
-	if ( ! addr_matches_host(c$id$resp_h, extract_certs_pem) )
-		return;
-
-	local hash = c$ssl$cert_chain[0]$sha1;
-	local cert = c$ssl$cert_chain[0]$x509$handle;
-
-	c$ssl$server_cert_sha1 = hash;
-
-	if ( hash in extracted_certs )
-		# If we already extracted this cert, don't do it again.
-		return;
-
-	add extracted_certs[hash];
-	local filename = Site::is_local_addr(c$id$resp_h) ? "certs-local.pem" : "certs-remote.pem";
-	local outfile = open_for_append(filename);
-	enable_raw_output(outfile);
-
-	print outfile, x509_get_certificate_string(cert, T);
-
-	close(outfile);
+	c$ssl$server_cert_sha1 = c$ssl$cert_chain[0]$sha1;
 	}
 
 event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) &priority=5