SSL SCT/OCSP: small fixes by robin; mostly update comments.

SetMime now only works on the first call (as it was documented) and
unused code was used from one of the x.509 functions.

src/file_analysis/File.cc

@@ -294,7 +294,7 @@ void File::SetReassemblyBuffer(uint64 max)
 
 bool File::SetMime(const string& mime_type)
 	{
-	if ( mime_type.empty() || bof_buffer.size != 0 )
+	if ( mime_type.empty() || bof_buffer.size != 0 || did_metadata_inference )
 		return false;
 
 	did_metadata_inference = true;

src/file_analysis/File.h

@@ -176,8 +176,10 @@ public:
 	 * Sets the MIME type for a file to a specific value.
 	 *
 	 * Setting the MIME type has to be done before the MIME type is
-	 * inferred from the content. After a MIME type has been set once,
-	 * it cannot be changed anymore.
+	 * inferred from the content, and before any data is passed to the
+	 * analyzer (the beginning of file buffer has to be empty). After
+	 * data has been sent or a MIME type has been set once, it cannot be
+	 * changed.
 	 *
 	 * This function should only be called when it does not make sense
 	 * to perform automated MIME type detections. This is e.g. the case

src/file_analysis/Manager.cc

@@ -118,6 +118,12 @@ string Manager::DataIn(const u_char* data, uint64 len, uint64 offset,
 	if ( ! file )
 		return "";
 
+	// This only has any effect when
+	// * called for the first time for a file
+	// * being called before file->DataIn is called for the first time (before data is
+	//   added to the bof buffer).
+	// Afterwards SetMime just ignores what is passed to it. Thus this only has effect during
+	// the first Manager::DataIn call for each file.
 	if ( ! mime_type.empty() )
 		file->SetMime(mime_type);
 

src/file_analysis/Manager.h

@@ -98,7 +98,8 @@ public:
 	 *        certificates are passed as files; here the type of the file is set by
 	 *        the protocol. If this parameter is give, mime type detection will be
 	 *        disabled.
-	 *        This parameter is only used for the first bit of data for each file.
+	 *        This parameter only has any effect for the first DataIn call of each
+	 *        file. It is ignored for all subsequent calls.
 	 * @return a unique file ID string which, in certain contexts, may be
 	 *         cached and passed back in to a subsequent function call in order
 	 *         to avoid costly file handle lookups (which have to go through

src/file_analysis/analyzer/x509/OCSP.cc

@@ -344,6 +344,9 @@ clean_up:
 
 void file_analysis::OCSP::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid)
 	{
+// In OpenSSL 1.0.2+, we can get the extension by using NID_ct_cert_scts.
+// In OpenSSL <= 1.0.1, this is not yet defined yet, so we have to manually
+// look it up by performing a string comparison on the oid.
 #ifdef NID_ct_cert_scts
 	if ( OBJ_obj2nid(ext_asn) == NID_ct_cert_scts )
 #else

src/file_analysis/analyzer/x509/X509.cc

@@ -240,7 +240,10 @@ void file_analysis::X509::ParseExtensionsSpecific(X509_EXTENSION* ex, bool globa
 	else if ( OBJ_obj2nid(ext_asn) == NID_subject_alt_name )
 		ParseSAN(ex);
 
-#ifdef NID_ct_cert_scts
+// In OpenSSL 1.0.2+, we can get the extension by using NID_ct_precert_scts.
+// In OpenSSL <= 1.0.1, this is not yet defined yet, so we have to manually
+// look it up by performing a string comparison on the oid.
+#ifdef NID_ct_precert_scts
 	else if ( OBJ_obj2nid(ext_asn) == NID_ct_precert_scts )
 #else
 	else if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.2") == 0 )

src/file_analysis/analyzer/x509/functions.bif

@@ -624,6 +624,9 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
 		{
 		x = X509_dup(x);
 		assert(x);
+// In OpenSSL 1.0.2+, we can get the extension by using NID_ct_precert_scts.
+// In OpenSSL <= 1.0.1, this is not yet defined yet, so we have to manually
+// look it up by performing a string comparison on the oid.
 #ifdef NID_ct_precert_scts
 		int pos = X509_get_ext_by_NID(x, NID_ct_precert_scts, -1);
 		if ( pos < 0 )
@@ -778,12 +781,6 @@ StringVal* x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int ha
 
 	int res = 0;
 
-	ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(cert_x509);
-	if ( key == 0 )
-		{
-		printf("No key in X509_get0_pubkey_bitstr\n");
-		}
-
 	if ( type == 0 )
 		res = X509_NAME_digest(subject_name, dgst, md, &len);
 	else if ( type == 1 )