On Feb 28, 2014, at 6:37 AM, Seth Hall <[email protected]> wrote: > > On Feb 28, 2014, at 6:04 AM, Bernhard Amann <[email protected]> > wrote: > >> -event x509_extension(f: fa_file, ext: X509::Extension) >> +event x509_extension(f: fa_file, cert: X509::Certificate, ext: >> X509::Extension) > > Would it make more sense to leave the cert out? Seems like state we should > collect in script land instead of passing it through from the core each time.
The “cert” only is a record in the events. So - the only thing that is passed around is a ref-counted pointer. The actual certificate string is not passed to script land anymore (when I am finished you will be able to get it if you really want to, but it will not be exposed by default). An opaque type is passed around - this makes certificate verification possible without having to re-parse them with OpenSSL. I thought that that is ok. Or are you meaning something else? Bernhard _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
