SSL/TLS CertificateRequest message: Address review feedback

Minor stylistic changes; see https://github.com/zeek/zeek/pull/2855 for
details

scripts/policy/protocols/ssl/certificate-request-info.zeek

@@ -16,8 +16,8 @@ event ssl_certificate_request(c: connection, is_client: bool, certificate_types:
 		return;
 
 	local out: vector of string = vector();
-	for ( i in certificate_authorities )
+	for ( _, ca in certificate_authorities )
-		out[i] = parse_distinguished_name(certificate_authorities[i]);
+		out += parse_distinguished_name(ca);
 
 	c$ssl$requested_client_certificate_authorities = out;
 	}

src/analyzer/protocol/ssl/functions.bif

@@ -76,7 +76,6 @@ function set_keys%(c: connection, keys: string%): bool
 ## .. zeek:see:: ssl_certificate_request
 function parse_distinguished_name%(dn: string%): string
 	%{
-	std::string out = "";
 	const unsigned char* in = dn->Bytes();
 
 	X509_NAME* dn_x509 = d2i_X509_NAME(nullptr, &in, dn->Len());
@@ -92,8 +91,8 @@ function parse_distinguished_name%(dn: string%): string
 
 	X509_NAME_print_ex(bio, dn_x509, 0, XN_FLAG_RFC2253);
 	int len = BIO_gets(bio, buf, sizeof(buf));
-	out.assign(buf, len);
+	auto out = zeek::make_intrusive<zeek::StringVal>(len, buf);
 	BIO_free(bio);
 	X509_NAME_free(dn_x509);
-	return zeek::make_intrusive<zeek::StringVal>(out);
+	return out;
 	%}

src/analyzer/protocol/ssl/tls-handshake-analyzer.pac

@@ -631,7 +631,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_certificate_request )
 			return true;
 
-		auto ctlist = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<zeek::VectorType>("index_vec"));
+		auto ctlist = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
 		auto ctypes = ${req.certificate_types};
 
 		if ( ctypes )
@@ -656,11 +656,14 @@ refine connection Handshake_Conn += {
 			}
 
 
-		auto calist = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<zeek::VectorType>("string_vec"));
+		auto calist = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
 		auto certificate_authorities = ${req.certificate_authorities.certificate_authorities};
 		if ( certificate_authorities )
 			for ( unsigned int i = 0; i < certificate_authorities->size(); ++i )
-				calist->Assign(i, zeek::make_intrusive<zeek::StringVal>((*certificate_authorities)[i]->certificate_authority().length(), (const char*) (*certificate_authorities)[i]->certificate_authority().data()));
+				{
+				auto ca = (*certificate_authorities)[i]->certificate_authority();
+				calist->Assign(i, zeek::make_intrusive<zeek::StringVal>(ca.length(), (const char*) ca.data()));
+				}
 
 		zeek::BifEvent::enqueue_ssl_certificate_request(zeek_analyzer(), zeek_analyzer()->Conn(), ${rec.is_orig} ^ flipped_, ctlist, slist, calist);
 

testing/btest/scripts/base/protocols/ssl/certificate_request.zeek

@@ -13,10 +13,10 @@ event ssl_certificate_request(c: connection, is_client: bool, certificate_types:
 	{
 	print certificate_types;
 	print supported_signature_algorithms;
-	for ( i in certificate_authorities )
+	for ( _, ca in certificate_authorities )
 		{
-		print certificate_authorities[i];
+		print ca;
-		print parse_distinguished_name(certificate_authorities[i]);
+		print parse_distinguished_name(ca);
 		}
 	print "========";
 	}