On Feb 28, 2014, at 8:01 AM, Bernhard Amann <bernh...@icsi.berkeley.edu> wrote:
> > On Feb 28, 2014, at 6:37 AM, Seth Hall <s...@icir.org> wrote: > >> >> On Feb 28, 2014, at 6:04 AM, Bernhard Amann <bernh...@icsi.berkeley.edu> >> wrote: >> >>> -event x509_extension(f: fa_file, ext: X509::Extension) >>> +event x509_extension(f: fa_file, cert: X509::Certificate, ext: >>> X509::Extension) >> >> Would it make more sense to leave the cert out? Seems like state we should >> collect in script land instead of passing it through from the core each time. > > The “cert” only is a record in the events. So - the only thing that is passed > around is a ref-counted > pointer. The actual certificate string is not passed to script land anymore > (when I am finished you > will be able to get it if you really want to, but it will not be exposed by > default). > > An opaque type is passed around - this makes certificate verification > possible without having to re-parse > them with OpenSSL. > > I thought that that is ok. Or are you meaning something else? Followup - Seth convinced me that I am doing it wrong :) The record will disappear from the extension events. Bernhard _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev