OCSP: rewrite events and data structures.

Instead of having a big event, that tries to parse all the data into a
huge datastructure, we do the more common thing and use a series of
smaller events to parse requests and responses.

The new events are:

ocsp_request -> raised for an ocsp request, giving version and requestor

ocsp_request_certificate -> raised n times per request, once per cert

ocsp_response_status -> raised for each ocsp response, giving status

ocsp_response_bytes -> raised for each ocsp response with information

ocsp_response_certificate -> raised for each cert in an ocsp response

src/file_analysis/analyzer/x509/OCSP.h

@@ -15,7 +15,6 @@
 
 namespace file_analysis {
 
-class OCSP_REQVal;
 class OCSP_RESPVal;
 
 class OCSP : public file_analysis::Analyzer {
@@ -24,8 +23,6 @@ public:
 	virtual bool Undelivered(uint64 offset, uint64 len);
 	virtual bool EndOfFile();
 
-	static RecordVal *ParseResponse(OCSP_RESPVal *, const char* fid = 0);
-	static RecordVal *ParseRequest(OCSP_REQVal *, const char* fid = 0);
 
 	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
 
@@ -33,22 +30,13 @@ protected:
 	OCSP(RecordVal* args, File* file, const string& ocsp_type);
 
 private:
+	void ParseResponse(OCSP_RESPVal *, const char* fid = 0);
+	void ParseRequest(OCSP_REQUEST *, const char* fid = 0);
+
 	std::string ocsp_data;
 	std::string ocsp_type;
 };
 
-class OCSP_REQVal: public OpaqueVal {
-public:
-	explicit OCSP_REQVal(OCSP_REQUEST *);
-	~OCSP_REQVal();
-        OCSP_REQUEST *GetReq() const;
-protected:
-	OCSP_REQVal();
-private:
-	OCSP_REQUEST *ocsp_req;
-	DECLARE_SERIAL(OCSP_REQVal);
-};
-
 class OCSP_RESPVal: public OpaqueVal {
 public:
 	explicit OCSP_RESPVal(OCSP_RESPONSE *);