SSL SCT/OCSP: small fixes by robin; mostly update comments.

SetMime now only works on the first call (as it was documented) and unused code was used from one of the x.509 functions.
2025-10-09 18:18:19 +00:00 · 2017-08-01 16:29:16 -07:00 · 2017-08-01 16:29:16 -07:00 · d5678418da
commit d5678418da
parent db15773c09
7 changed files with 23 additions and 11 deletions
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@ -624,6 +624,9 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
 		{
 		x = X509_dup(x);
 		assert(x);
+// In OpenSSL 1.0.2+, we can get the extension by using NID_ct_precert_scts.
+// In OpenSSL <= 1.0.1, this is not yet defined yet, so we have to manually
+// look it up by performing a string comparison on the oid.
 #ifdef NID_ct_precert_scts
 		int pos = X509_get_ext_by_NID(x, NID_ct_precert_scts, -1);
 		if ( pos < 0 )
@ -778,12 +781,6 @@ StringVal* x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int ha

 	int res = 0;

-	ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(cert_x509);
-	if ( key == 0 )
-		{
-		printf("No key in X509_get0_pubkey_bitstr\n");
-		}
-
 	if ( type == 0 )
 		res = X509_NAME_digest(subject_name, dgst, md, &len);
 	else if ( type == 1 )