From bb09de782829293863b593c2d30bba98f1f198af Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Fri, 30 May 2014 15:31:33 -0700
Subject: [PATCH 1/2] Make buffer for certificate subjects bigger. Flush buffer
 between reads (in case we still get something with a longer subject).

Addresses BIT-1195
---
 src/file_analysis/analyzer/x509/X509.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index 23cccc6030..7aa8d0b7e4 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -88,7 +88,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val)
 	{
 	::X509* ssl_cert = cert_val->GetCertificate();
 
-	char buf[256]; // we need a buffer for some of the openssl functions
+	char buf[1024]; // we need a buffer for some of the openssl functions
 	memset(buf, 0, sizeof(buf));
 
 	RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate);
@@ -98,10 +98,12 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val)
 	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
 	int len = BIO_read(bio, &(*buf), sizeof(buf));
 	pX509Cert->Assign(1, new StringVal(len, buf));
+	BIO_reset(bio);
 
 	X509_NAME_print_ex(bio, X509_get_subject_name(ssl_cert), 0, XN_FLAG_RFC2253);
 	len = BIO_gets(bio, &(*buf), sizeof(buf));
 	pX509Cert->Assign(2, new StringVal(len, buf));
+	BIO_reset(bio);
 	X509_NAME_print_ex(bio, X509_get_issuer_name(ssl_cert), 0, XN_FLAG_RFC2253);
 	len = BIO_gets(bio, &(*buf), sizeof(buf));
 	pX509Cert->Assign(3, new StringVal(len, buf));

From fa2de9cc08a17462211bac6da6638ace721a631d Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Fri, 30 May 2014 15:37:52 -0700
Subject: [PATCH 2/2] update test baseline

---
 .../scripts.policy.protocols.ssl.validate-ocsp/ssl.log      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-ocsp/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-ocsp/ssl.log
index 4aa18abb22..33b589d9ac 100644
--- a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-ocsp/ssl.log
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-ocsp/ssl.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-05-16-18-20-51
+#open	2014-05-30-22-37-19
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	ocsp_status
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
-1398367809.790512	CXWv6p3arKYeMETxOg	192.168.4.149	56253	131.253.61.82	443	TLSv10	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	secp384r1	-	-	-	T	Fr1vuhmDOykX05Vj1,FlFGqI1PyTt7Vuo8E9,FSASzpV1NMIvbQ1W9	(empty)	CN=login.live.com,OU=MSA,O=Microsoft Corporation,street=1 Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=Private Organization,1.3.6.1.4.1.311.60.2.1.2=#130A57617368696E67746F6E,1.3.6.1.4.1.311.60.2.1.3=	#13025553CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US	-	-	good
-#close	2014-05-16-18-20-51
+1398367809.790512	CXWv6p3arKYeMETxOg	192.168.4.149	56253	131.253.61.82	443	TLSv10	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	secp384r1	-	-	-	T	Fr1vuhmDOykX05Vj1,FlFGqI1PyTt7Vuo8E9,FSASzpV1NMIvbQ1W9	(empty)	CN=login.live.com,OU=MSA,O=Microsoft Corporation,street=1 Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=Private Organization,1.3.6.1.4.1.311.60.2.1.2=#130A57617368696E67746F6E,1.3.6.1.4.1.311.60.2.1.3=#13025553	CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US	-	-	good
+#close	2014-05-30-22-37-19