Merge branch 'master' into topic/jsiwek/filter-rotation

scripts/base/frameworks/logging/main.bro

@@ -91,7 +91,7 @@ export {
 		## If not given, all entries are recorded.
 		##
 		## rec: An instance of the streams's ``columns`` type with its
-		## fields set to the values to logged.
+		##      fields set to the values to logged.
 		##
 		## Returns: True if the entry is to be recorded.
 		pred: function(rec: any): bool &optional;

scripts/base/init-bare.bro

@@ -1382,8 +1382,9 @@ const enable_syslog = F &redef;
 const peer_description = "bro" &redef;
 
 ## If true, broadcast events/state received from one peer to other peers.
-## NOTE: These options are only temporary. They will disappear when we get a
-## more sophisticated script-level communication framework.
+##
+## .. note:: These options are only temporary. They will disappear when we get
+##    a more sophisticated script-level communication framework.
 const forward_remote_events = F &redef;
 ## See :bro:id:`forward_remote_events`
 const forward_remote_state_changes = F &redef;
@@ -1513,6 +1514,6 @@ const skip_http_data = F &redef;
 ## UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro.
 const parse_udp_tunnels = F &redef;
 
-## Load the logging framework here because it uses fairly deep integration with 
-## BiFs and script-land defined types.
+# Load the logging framework here because it uses fairly deep integration with 
+# BiFs and script-land defined types.
 @load base/frameworks/logging

scripts/base/protocols/conn/main.bro

@@ -74,11 +74,11 @@ export {
 		## This history is not meant to encode how much data that happened to be.
 		history:      string          &log &optional;
 		## Number of packets the originator sent.
-		## Only set if :bro:id:`use_conn_size_analyzer`=T
+		## Only set if :bro:id:`use_conn_size_analyzer` = T
 		orig_pkts:     count      &log &optional;
 		## Number IP level bytes the originator sent (as seen on the wire,
 		## taken from IP total_length header field).
-		## Only set if :bro:id:`use_conn_size_analyzer`=T
+		## Only set if :bro:id:`use_conn_size_analyzer` = T
 		orig_ip_bytes: count      &log &optional;
 		## Number of packets the responder sent. See ``orig_pkts``.
 		resp_pkts:     count      &log &optional;

scripts/base/protocols/ssl/main.bro

@@ -28,6 +28,11 @@ export {
 	## This is where the default root CA bundle is defined.  By loading the
 	## mozilla-ca-list.bro script it will be set to Mozilla's root CA list.
 	const root_certs: table[string] of string = {} &redef;
+
+	## This determines if the c$ssl record is deleted after the record is 
+	## logged. You probably want this to be deleted since it contains 
+	## the full certificate and all of the chain certificates in it.
+	const delete_certs_after_logging = T &redef;
 	
 	global log_ssl: event(rec: Info);
 	
@@ -113,10 +118,21 @@ event ssl_extension(c: connection, code: count, val: string) &priority=5
 		c$ssl$server_name = sub_bytes(val, 6, |val|);
 	}
 	
-event ssl_established(c: connection) &priority=-5
+event ssl_established(c: connection) &priority=5
 	{
 	set_session(c);
-	
-	Log::write(SSL::LOG, c$ssl);
+	}
+	
+event ssl_established(c: connection) &priority=-5
+	{
+	Log::write(SSL::LOG, c$ssl);
+	
+	if ( delete_certs_after_logging )
+		{
+		if ( c$ssl?$cert )
+			delete c$ssl$cert;
+		if ( c$ssl?$cert_chain )
+			delete c$ssl$cert_chain;
+		}
 	}