separated field for ocsp response timestamp and update baseline

2025-10-02 14:48:21 +00:00 · 2015-07-06 16:12:52 -07:00 · 2015-07-06 16:12:52 -07:00 · d18a96bc8d
commit d18a96bc8d
parent 8844d344af
4 changed files with 16 additions and 13 deletions
--- a/scripts/base/files/ocsp/main.bro
+++ b/scripts/base/files/ocsp/main.bro
@ -41,7 +41,7 @@ export {
 	## one ocsp response record
 	type Info_resp: record {
 		## time for the response
-	        ts:                 time    &log;
+	        ts:                 time;
 		## file id for this response
 		id:                 string  &log;
 		## connection id
@ -89,6 +89,9 @@ export {
 		## request
 		req:                Info_req      &log  &optional;
 		## response timestamp
 		resp_ts:            time          &log  &optional;
 		## response
 		resp:               Info_resp     &log  &optional;
 	};
@ -214,14 +217,14 @@ event ocsp_response(f: fa_file, resp_ref: opaque of ocsp_resp, resp: OCSP::Respo
 				{
 				# find a match
 				local req_rec: Info_req = Queue::get(conn$ocsp_requests[cert_id]);
-				Log::write(LOG, [$ts=req_rec$ts, $certId=req_rec$certId, $req=req_rec, $resp=resp_rec, $cid=conn$id, $cuid=conn$uid]);
+				Log::write(LOG, [$ts=req_rec$ts, $certId=req_rec$certId, $req=req_rec, $resp_ts=resp_rec$ts, $resp=resp_rec, $cid=conn$id, $cuid=conn$uid]);
 				if (Queue::len(conn$ocsp_requests[cert_id]) == 0)
 					delete conn$ocsp_requests[cert_id]; #if queue is empty, delete it?
 				}
 			else
 				{
 				# do not find a match; this is weird but log it
-				Log::write(LOG, [$ts=resp_rec$ts, $certId=resp_rec$certId, $resp=resp_rec, $cid=conn$id, $cuid=conn$uid]);
+				Log::write(LOG, [$ts=resp_rec$ts, $certId=resp_rec$certId, $resp_ts=resp_rec$ts, $resp=resp_rec, $cid=conn$id, $cuid=conn$uid]);
 				}
 			}
 		}
@ -235,7 +238,7 @@ event ocsp_response(f: fa_file, resp_ref: opaque of ocsp_resp, resp: OCSP::Respo
 						   $version        = resp$version,
 						   $responderID    = resp$responderID,
 						   $producedAt     = resp$producedAt];
-		Log::write(LOG, [$ts=resp_rec_empty$ts, $resp=resp_rec_empty, $cid=conn$id, $cuid=conn$uid]);
+		Log::write(LOG, [$ts=resp_rec_empty$ts, $resp_ts=resp_rec_empty$ts, $resp=resp_rec_empty, $cid=conn$id, $cuid=conn$uid]);
 		}
 	}
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-only/ocsp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-only/ocsp.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ocsp
-#open	2015-07-03-00-39-57
+#open	2015-07-06-23-03-35
-#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp.ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
+#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp_ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
 #types	time	addr	port	addr	port	string	string	string	string	string	string	count	string	time	string	string	string	count	string	string	string	string	string
 1434666864.046145	192.168.6.109	34334	72.167.18.239	80	CXWv6p3arKYeMETxOg	sha1	B6080D5F6C6B76EB13E438A5F8660BA85233344E	40C2BD278ECC348330A233D7FB6CB3F0B42C80CE	081C862DC8AAC9	FMbJOe2y5n1E7iSVsg	0	-	-	-	-	-	-	-	-	-	-	-
-#close	2015-07-03-00-39-57
+#close	2015-07-06-23-03-35
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-response/ocsp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-response/ocsp.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ocsp
-#open	2015-07-03-00-40-58
+#open	2015-07-06-23-05-10
-#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp.ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
+#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp_ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
 #types	time	addr	port	addr	port	string	string	string	string	string	string	count	string	time	string	string	string	count	string	string	string	string	string
 1434666864.046145	192.168.6.109	34334	72.167.18.239	80	CXWv6p3arKYeMETxOg	sha1	B6080D5F6C6B76EB13E438A5F8660BA85233344E	40C2BD278ECC348330A233D7FB6CB3F0B42C80CE	081C862DC8AAC9	FMbJOe2y5n1E7iSVsg	0	-	1434666864.070748	Fb215u2y5byABaV747	successful	Basic OCSP Response	0	C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2	20150618220334Z	good	20150618220334Z	20150620100334Z
-#close	2015-07-03-00-40-58
+#close	2015-07-06-23-05-10
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-response-only/ocsp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-response-only/ocsp.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ocsp
-#open	2015-07-03-00-38-40
+#open	2015-07-06-23-05-43
-#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp.ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
+#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp_ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
 #types	time	addr	port	addr	port	string	string	string	string	string	string	count	string	time	string	string	string	count	string	string	string	string	string
 1434666864.070748	192.168.6.109	34334	72.167.18.239	80	CXWv6p3arKYeMETxOg	sha1	B6080D5F6C6B76EB13E438A5F8660BA85233344E	40C2BD278ECC348330A233D7FB6CB3F0B42C80CE	081C862DC8AAC9	-	-	-	1434666864.070748	Fb215u2y5byABaV747	successful	Basic OCSP Response	0	C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2	20150618220334Z	good	20150618220334Z	20150620100334Z
-#close	2015-07-03-00-38-40
+#close	2015-07-06-23-05-43