diff --git a/scripts/base/files/x509/ocsp.bro b/scripts/base/files/x509/ocsp.bro
index f417cd6113..078d7f730f 100644
--- a/scripts/base/files/x509/ocsp.bro
+++ b/scripts/base/files/x509/ocsp.bro
@@ -248,7 +248,7 @@ function enq_request(http: HTTP::Info, req: OCSP::Request, req_id: string, req_t
 		update_http_info(http, req_rec_empty);
 		Log::write(LOG, [$ts=req_rec_empty$ts, $req=req_rec_empty, $cid=http$id, $cuid=http$uid, $method=http$method, $http=http]);
 		}
-	}	
+	}
 
 event ocsp_request(f: fa_file, req_ref: opaque of ocsp_req, req: OCSP::Request) &priority = 5
 	{
@@ -294,7 +294,7 @@ function check_ocsp_request_uri(http: HTTP::Info): OCSP::Request
 	if ( ! http?$original_uri )
 		return parsed_req;;
 	local uri_prefix: string = get_uri_prefix(http$original_uri);
-	http$uri_prefix = uri_prefix;	
+	http$uri_prefix = uri_prefix;
 	local ocsp_req_str: string = http$uri[|uri_prefix|:];
 	parsed_req = ocsp_parse_request(decode_base64(ocsp_req_str));
 	if ( ! parsed_req?$requestList || |parsed_req$requestList| == 0 )
@@ -397,11 +397,11 @@ event ocsp_response(f: fa_file, resp_ref: opaque of ocsp_resp, resp: OCSP::Respo
 
 			if ( ! f$http?$ocsp_responses )
 				f$http$ocsp_responses = table();
-					
+
 			if ( cert_id !in f$http$ocsp_responses )
 				f$http$ocsp_responses[cert_id] = Queue::init();
 
-			Queue::put(f$http$ocsp_responses[cert_id], resp_rec);				
+			Queue::put(f$http$ocsp_responses[cert_id], resp_rec);
 			}
 		}
 	else
@@ -468,7 +468,7 @@ function start_log_ocsp(http: HTTP::Info)
 		log_unmatched_reqs(http);
 		return;
 		}
-	
+
 	for ( cert_id in http$ocsp_responses )
 		{
 		while ( Queue::len(http$ocsp_responses[cert_id]) != 0 )
@@ -502,7 +502,7 @@ function start_log_ocsp(http: HTTP::Info)
 	if ( http?$ocsp_requests && |http$ocsp_requests| != 0 )
 		log_unmatched_reqs(http);
 	}
-	
+
 # log OCSP information
 event HTTP::log_http(rec: HTTP::Info)
 	{
diff --git a/scripts/policy/protocols/ssl/ocsp-stapling.bro b/scripts/policy/protocols/ssl/ocsp-stapling.bro
index 30f69e3b9a..58e378ab65 100644
--- a/scripts/policy/protocols/ssl/ocsp-stapling.bro
+++ b/scripts/policy/protocols/ssl/ocsp-stapling.bro
@@ -19,7 +19,7 @@ export {
 
 		## size of this response
 		size:               count   &log;
-		
+
 		## responseStatus
 		responseStatus:     string  &log;
 
@@ -34,14 +34,14 @@ export {
 
 		## producedAt
 		producedAt:         string  &log;
-		
+
                 ## NOTE: the following are specific to one cert id
 		##       the above are for one message which may contain
 		##       several responses
 
 		## index
 		idx:                count   &log  &optional;
-		
+
 		## cert id
 		cert_id:            OCSP::CertId  &log &optional;
 
diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index e1bddd72e9..0fe65c7d55 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -548,14 +548,14 @@ x509_verify_chainerror:
 ## cert: The X509 certificate opaque handle.
 ##
 ## hash_alg: the hash algorithm to use
-## 
+##
 ## Returns: A string of hash of issuer name.
-## 
+##
 ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
 ##              x509_ext_subject_alternative_name x509_parse
 ##              x509_get_certificate_string x509_verify
 function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: string%): string
-        %{
+	%{
 	assert(cert);
 	assert(hash_alg);
 
@@ -583,7 +583,7 @@ function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: string%): string
 		return NULL;
 		}
 
-	const EVP_MD *dgst; 
+	const EVP_MD *dgst;
 	if (strcmp(h, "sha1") == 0)
 		dgst = EVP_sha1();
 	else if (strcmp(h, "sha224") == 0)
diff --git a/src/file_analysis/analyzer/x509/ocsp_functions.bif b/src/file_analysis/analyzer/x509/ocsp_functions.bif
index a5f31f9411..1901b90569 100644
--- a/src/file_analysis/analyzer/x509/ocsp_functions.bif
+++ b/src/file_analysis/analyzer/x509/ocsp_functions.bif
@@ -11,7 +11,7 @@
 ##
 ## .. bro:see:: ssl_stapled_ocsp  ocsp_parse_request
 function ocsp_parse_response%(ocsp_reply: string%): OCSP::Response
-        %{
+	%{
 	const unsigned char* start = ocsp_reply->Bytes();
 	OCSP_RESPONSE *resp = NULL;
 	file_analysis::OCSP_RESPVal* resp_val = NULL;
@@ -43,7 +43,7 @@ function ocsp_parse_response%(ocsp_reply: string%): OCSP::Response
 ##
 ## .. bro:see:: ssl_stapled_ocsp ocsp_parse_response
 function ocsp_parse_request%(ocsp_req: string%): OCSP::Request
-        %{
+	%{
 	const unsigned char* start = ocsp_req->Bytes();
 	OCSP_REQUEST *req = NULL;
 	file_analysis::OCSP_REQVal* req_val = NULL;
diff --git a/src/main.cc b/src/main.cc
index 3e1a228644..efda617ba4 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -841,9 +841,9 @@ int main(int argc, char** argv)
 	topk_type = new OpaqueType("topk");
 	bloomfilter_type = new OpaqueType("bloomfilter");
 	x509_opaque_type = new OpaqueType("x509");
-        ocsp_req_opaque_type = new OpaqueType("ocsp_req");
+	ocsp_req_opaque_type = new OpaqueType("ocsp_req");
 	ocsp_resp_opaque_type = new OpaqueType("ocsp_resp");
-	
+
 	// The leak-checker tends to produce some false
 	// positives (memory which had already been
 	// allocated before we start the checking is