X509 caching API change: callback gets entry directly

Suggestion from Jon: now the callback is passed the table-entry
directly. This allows us to skip one lookup.

scripts/base/files/x509/main.zeek

@@ -68,7 +68,7 @@ export {
 	##
 	## It is possible to change this behavior/skip sending the events by
 	## installing a higher priority hook instead.
-	global x509_certificate_cache_replay: hook(f: fa_file, sha256: string);
+	global x509_certificate_cache_replay: hook(f: fa_file, e: X509::Info, sha256: string);
 
 	## Event for accessing logged records.
 	global log_x509: event(rec: Info);
@@ -120,7 +120,7 @@ event zeek_init() &priority=5
 	x509_set_certificate_cache_hit_callback(x509_certificate_cache_replay);
 	}
 
-hook x509_certificate_cache_replay(f: fa_file, sha256: string)
+hook x509_certificate_cache_replay(f: fa_file, e: X509::Info, sha256: string)
 	{
 	# we encountered a cached cert. The X509 analyzer will skip it. Let's raise all the events that it typically
 	# raises by ourselfes.
@@ -130,7 +130,6 @@ hook x509_certificate_cache_replay(f: fa_file, sha256: string)
 	if ( f$info?$x509 )
 		return;
 
-	local e = certificate_cache[sha256];
 	event x509_certificate(f, e$handle, e$certificate);
 	for ( i in e$extensions_cache )
 		{

scripts/base/init-bare.zeek

@@ -512,12 +512,12 @@ type fa_file: record {
 	bof_buffer: string &optional;
 } &redef;
 
-## A hook taking a fa_file and a string. Used by the X509 analyzer as callback.
+## A hook taking a fa_file, an any, and a string. Used by the X509 analyzer as callback.
 ##
 ## .. todo:: We need this type definition only for declaring builtin functions
 ##    via ``bifcl``. We should extend ``bifcl`` to understand composite types
 ##    directly and then remove this alias.
-type string_file_hook: hook(f: fa_file, str: string);
+type string_any_file_hook: hook(f: fa_file, e: any, str: string);
 
 ## Metadata that's been inferred about a particular file.
 type fa_metadata: record {