diff --git a/NEWS b/NEWS index a4f233a116..bbfb567e91 100644 --- a/NEWS +++ b/NEWS @@ -344,6 +344,8 @@ Removed Functionality available (though Broker should be able to handle IPv6 automatically). +- The "ocsp_request" event no longer has "requestorName" parameter. + Deprecated Functionality ------------------------ diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index e22440aab8..ccb6762739 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -422,13 +422,10 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req, const char* fid) vl->append(GetFile()->GetVal()->Ref()); uint64 version = 0; - GENERAL_NAME* general_name = nullptr; #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) if ( req->tbsRequest->version ) version = (uint64)ASN1_INTEGER_get(req->tbsRequest->version); - - general_name = req->tbsRequest->requestorName; #else version = parse_request_version(req); // TODO: try to parse out general name ? @@ -438,16 +435,6 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req, const char* fid) BIO *bio = BIO_new(BIO_s_mem()); - if ( general_name ) - { - GENERAL_NAME_print(bio, general_name); - int len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); - BIO_reset(bio); - } - else - vl->append(new StringVal(0, "")); - mgr.QueueEvent(ocsp_request, vl); int req_count = OCSP_request_onereq_count(req); diff --git a/src/file_analysis/analyzer/x509/ocsp_events.bif b/src/file_analysis/analyzer/x509/ocsp_events.bif index 4e0ed6e9dc..f49208d238 100644 --- a/src/file_analysis/analyzer/x509/ocsp_events.bif +++ b/src/file_analysis/analyzer/x509/ocsp_events.bif @@ -7,13 +7,10 @@ ## ## req: version: the version of the OCSP request. Typically 0 (Version 1). ## -## requestorName: name of the OCSP requestor. This attribute is optional; if -## it is not set, an empty string is returned here. -## ## .. bro:see:: ocsp_request_certificate ocsp_response_status ## ocsp_response_bytes ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp -event ocsp_request%(f: fa_file, version: count, requestorName: string%); +event ocsp_request%(f: fa_file, version: count%); ## Event that is raised when encountering an OCSP request for a certificate, ## e.g. in an HTTP connection. See :rfc:`6960` for more details. diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test index ff48772b6a..c8c8acc589 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test @@ -17,9 +17,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool) print "extension: ", ext, global_resp; } -event ocsp_request(f: fa_file, version: count, requestorName: string) +event ocsp_request(f: fa_file, version: count) { - print "request", version, requestorName; + print "request", version, ""; } event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string) diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test index 0176716553..05483717b0 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test @@ -16,9 +16,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool) print "extension: ", ext, global_resp; } -event ocsp_request(f: fa_file, version: count, requestorName: string) +event ocsp_request(f: fa_file, version: count) { - print "request", version, requestorName; + print "request", version, ""; } event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string) diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test index 3adfab9aa2..b95203dfd8 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test @@ -17,9 +17,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool) print "extension: ", ext, global_resp; } -event ocsp_request(f: fa_file, version: count, requestorName: string) +event ocsp_request(f: fa_file, version: count) { - print "request", version, requestorName; + print "request", version, ""; } event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string) diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test index f99a71802c..43dbf82583 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test @@ -17,9 +17,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool) print "extension: ", ext, global_resp; } -event ocsp_request(f: fa_file, version: count, requestorName: string) +event ocsp_request(f: fa_file, version: count) { - print "request", version, requestorName; + print "request", version, ""; } event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string) diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test index ae39640f3f..e4378135ad 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test @@ -17,9 +17,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool) print "extension: ", ext, global_resp; } -event ocsp_request(f: fa_file, version: count, requestorName: string) +event ocsp_request(f: fa_file, version: count) { - print "request", version, requestorName; + print "request", version, ""; } event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)