OCSP: re-enable logging, fix tests, fix x509 issue

Re-enable logging, now in policy because it probably is interesting to
no-one. We also only log ocsp replies.

Fix all tests.

Fix an issue where ocsp replies were added to the x.509 certificate
list.

testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test

@@ -2,3 +2,42 @@
 
 # @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT
 # @TEST-EXEC: btest-diff ocsp.log
+# @TEST-EXEC: btest-diff .stdout
+
+@load files/x509/log-ocsp
+
+event bro_init()
+	{
+	Files::register_for_mime_type(Files::ANALYZER_OCSP_REQUEST, "application/ocsp-request");
+	Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
+	}
+
+event ocsp_extension(f: fa_file, ext: X509::Extension, global_resp: bool)
+	{
+	print "extension: ", ext, global_resp;
+	}
+
+event ocsp_request(f: fa_file, version: count, requestorName: string)
+	{
+	print "request", version, requestorName;
+	}
+
+event ocsp_request_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string)
+	{
+	print "request cert", hashAlgorithm, issuerNameHash, issuerKeyHash, serialNumber;
+	}
+
+event ocsp_response_status(f: fa_file, status: string)
+	{
+	print "ocsp_response_status", status;
+	}
+
+event ocsp_response_bytes(f: fa_file, resp_ref: opaque of ocsp_resp, status: string, version: count, responderId: string, producedAt: time, signatureAlgorithm: string, certs: x509_opaque_vector)
+	{
+	print "ocsp_response_bytes", status, version, responderId, producedAt, signatureAlgorithm;
+	}
+
+event ocsp_response_certificate(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string, certStatus: string, revoketime: time, revokereason: string, thisUpdate: time, nextUpdate: time)
+	{
+	print "ocsp_response_certificate", hashAlgorithm, issuerNameHash, issuerKeyHash, serialNumber, certStatus, revoketime, revokereason, thisUpdate, nextUpdate;
+	}