Remove requestorName parameter of ocsp_request event

This field isn't publicly available via the OpenSSL 1.1 API, not used in the base scripts, and has no example in the test suit, so removing it is simpler than trying to support manually parsing it out of the raw data.
2025-10-05 08:08:19 +00:00 · 2018-06-29 16:15:34 -05:00 · 2018-06-29 16:15:34 -05:00 · bb55f82809
commit bb55f82809
parent 2e0edd7416
8 changed files with 13 additions and 27 deletions
--- a/2
+++ b/2
@ -344,6 +344,8 @@ Removed Functionality
  available (though Broker should be able to handle IPv6
  automatically).

+- The "ocsp_request" event no longer has "requestorName" parameter.
+
 Deprecated Functionality
 ------------------------

--- a/src/file_analysis/analyzer/x509/OCSP.cc
+++ b/src/file_analysis/analyzer/x509/OCSP.cc
@ -422,13 +422,10 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req, const char* fid)
 	vl->append(GetFile()->GetVal()->Ref());

 	uint64 version = 0;
-	GENERAL_NAME* general_name = nullptr;

 #if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
 	if ( req->tbsRequest->version )
 		version = (uint64)ASN1_INTEGER_get(req->tbsRequest->version);
-
-	general_name = req->tbsRequest->requestorName;
 #else
 	version = parse_request_version(req);
 	// TODO: try to parse out general name ?
@ -438,16 +435,6 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req, const char* fid)

 	BIO *bio = BIO_new(BIO_s_mem());

-	if ( general_name )
-		{
-		GENERAL_NAME_print(bio, general_name);
-		int len = BIO_read(bio, buf, sizeof(buf));
-		vl->append(new StringVal(len, buf));
-		BIO_reset(bio);
-		}
-	else
-		vl->append(new StringVal(0, ""));
-
 	mgr.QueueEvent(ocsp_request, vl);

 	int req_count = OCSP_request_onereq_count(req);
--- a/src/file_analysis/analyzer/x509/ocsp_events.bif
+++ b/src/file_analysis/analyzer/x509/ocsp_events.bif
@ -7,13 +7,10 @@
 ##
 ## req: version: the version of the OCSP request. Typically 0 (Version 1).
 ##
-## requestorName: name of the OCSP requestor. This attribute is optional; if
-##                it is not set, an empty string is returned here.
-##
 ## .. bro:see:: ocsp_request_certificate ocsp_response_status
 ##              ocsp_response_bytes ocsp_response_certificate ocsp_extension
 ##              x509_ocsp_ext_signed_certificate_timestamp
-event ocsp_request%(f: fa_file, version: count, requestorName: string%);
+event ocsp_request%(f: fa_file, version: count%);

 ## Event that is raised when encountering an OCSP request for a certificate,
 ## e.g. in an HTTP connection. See :rfc:`6960` for more details.
--- a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test
+++ b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test
@ -17,9 +17,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool)
 	print "extension: ", ext, global_resp;
 	}

-event ocsp_request(f: fa_file, version: count, requestorName: string)
+event ocsp_request(f: fa_file, version: count)
 	{
-	print "request", version, requestorName;
+	print "request", version, "";
 	}

 event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)
--- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test
+++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test
@ -16,9 +16,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool)
 	print "extension: ", ext, global_resp;
 	}

-event ocsp_request(f: fa_file, version: count, requestorName: string)
+event ocsp_request(f: fa_file, version: count)
 	{
-	print "request", version, requestorName;
+	print "request", version, "";
 	}

 event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)
--- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test
+++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test
@ -17,9 +17,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool)
 	print "extension: ", ext, global_resp;
 	}

-event ocsp_request(f: fa_file, version: count, requestorName: string)
+event ocsp_request(f: fa_file, version: count)
 	{
-	print "request", version, requestorName;
+	print "request", version, "";
 	}

 event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)
--- a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test
+++ b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test
@ -17,9 +17,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool)
 	print "extension: ", ext, global_resp;
 	}

-event ocsp_request(f: fa_file, version: count, requestorName: string)
+event ocsp_request(f: fa_file, version: count)
 	{
-	print "request", version, requestorName;
+	print "request", version, "";
 	}

 event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)
--- a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test
+++ b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test
@ -17,9 +17,9 @@ event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool)
 	print "extension: ", ext, global_resp;
 	}

-event ocsp_request(f: fa_file, version: count, requestorName: string)
+event ocsp_request(f: fa_file, version: count)
 	{
-	print "request", version, requestorName;
+	print "request", version, "";
 	}

 event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)