Merge remote-tracking branch 'origin/topic/johanna/ocsp-sct-validate'

Closes #1830. * origin/topic/johanna/ocsp-sct-validate: (82 commits) Tiny script changes for SSL. Update CT Log list SSL: Update OCSP/SCT scripts and documentation. Revert "add parameter 'status_type' to event ssl_stapled_ocsp" Revert "parse multiple OCSP stapling responses" SCT: Fix script error when mime type of file unknown. SCT: another memory leak in SCT parsing. SCT validation: fix small memory leak (public keys were not freed) Change end-of-connection handling for validation OCSP/TLS/SCT: Fix a number of test failures. SCT Validate: make caching a bit less aggressive. SSL: Fix type of ssl validation result TLS-SCT: compile on old versions of OpenSSL (1.0.1...) SCT: Add caching support for validation SCT: Add signed certificate timestamp validation script. SCT: Allow verification of SCTs in Certs. SCT: only compare correct OID/NID for Cert/OCSP. SCT: add validation of proofs for extensions and OCSP. SCT: pass timestamp as uint64 instead of time Add CT log information to Bro ...
2025-10-04 23:58:20 +00:00 · 2017-07-30 08:49:41 -07:00 · 2017-07-30 08:49:41 -07:00 · faa4150154
commit faa4150154
parent 310ef6974f db15773c09
86 changed files with 2672 additions and 445 deletions
--- a/src/file_analysis/Manager.h
+++ b/src/file_analysis/Manager.h
@ -93,6 +93,12 @@ public:
 	 *        or false if is being sent in the opposite direction.
 	 * @param precomputed_file_id may be set to a previous return value in order to
 	 *        bypass costly file handle lookups.
+	 * @param mime_type may be set to the mime type of the file, if already known due
+	 *        to the protocol. This is, e.g., the case in TLS connections where X.509
+	 *        certificates are passed as files; here the type of the file is set by
+	 *        the protocol. If this parameter is given, MIME type detection will be
+	 *        disabled.
+	 *        This parameter is only used for the first bit of data for each file.
 	 * @return a unique file ID string which, in certain contexts, may be
 	 *         cached and passed back in to a subsequent function call in order
 	 *         to avoid costly file handle lookups (which have to go through
@ -101,7 +107,8 @@ public:
 	 */
 	std::string DataIn(const u_char* data, uint64 len, uint64 offset,
 	                   analyzer::Tag tag, Connection* conn, bool is_orig,
-	                   const std::string& precomputed_file_id = "");
+	                   const std::string& precomputed_file_id = "",
+	                   const std::string& mime_type = "");

 	/**
 	 * Pass in sequential file data.
@ -113,6 +120,12 @@ public:
 	 *        or false if is being sent in the opposite direction.
 	 * @param precomputed_file_id may be set to a previous return value in order to
 	 *        bypass costly file handle lookups.
+	 * @param mime_type may be set to the mime type of the file, if already known due
+	 *        to the protocol. This is, e.g., the case in TLS connections where X.509
+	 *        certificates are passed as files; here the type of the file is set by
+	 *        the protocol. If this parameter is give, mime type detection will be
+	 *        disabled.
+	 *        This parameter is only used for the first bit of data for each file.
 	 * @return a unique file ID string which, in certain contexts, may be
 	 *         cached and passed back in to a subsequent function call in order
 	 *         to avoid costly file handle lookups (which have to go through
@ -121,7 +134,8 @@ public:
 	 */
 	std::string DataIn(const u_char* data, uint64 len, analyzer::Tag tag,
 	                   Connection* conn, bool is_orig,
-	                   const std::string& precomputed_file_id = "");
+	                   const std::string& precomputed_file_id = "",
+	                   const std::string& mime_type = "");

 	/**
 	 * Pass in sequential file data from external source (e.g. input framework).