Tandem/certspotter
2
0
Fork 0
mirror of https://github.com/SSLMate/certspotter.git synced 2025-07-03 10:47:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
240 Commits 1 Branch 24 Tags
Commit Graph

240 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Ayer
43fe09e1f2 Add code for parsing JSON log lists 2020-04-29 11:38:04 -04:00
Andrew Ayer
e473b94fd9 Add some helper functions for parsing certificate signature info 2020-04-28 15:57:35 -04:00
Andrew Ayer
e74cb79bd4 Update NEWS 2019-12-03 11:19:07 -05:00
Andrew Ayer
764f3285cd Update README 2019-12-03 11:12:53 -05:00
Andrew Ayer
30d171343a Add -start_at_end option to begin monitoring logs at the end 
When Cert Spotter starts monitoring a log that it has never monitored before,
it can either start monitoring it from the beginning, or seek to the end and
start monitoring there.

Monitoring from the beginning guarantees detection of all certificates, but
requires downloading hundreds of millions of certificates, which takes days.

With the new -start_at_end option, you can save significant time by
starting at the end.  You will miss certificates that were added to a
log before Cert Spotter starts monitoring it, but you can always use the
Cert Spotter API <https://sslmate.com/certspotter/api> or crt.sh to find them.

Previously, the -start_at_end behavior was implied the first time you
ever ran Cert Spotter.  This is no longer the case.
 2019-12-03 11:12:40 -05:00
Andrew Ayer
6f3359ecf5 Add a bunch of new logs 2019-12-02 16:58:05 -05:00
Andrew Ayer
d124483998 Remove 2018 log shards 2019-12-02 15:30:55 -05:00
Andrew Ayer
86785d89d7 Process logs in parallel 2019-12-02 15:19:35 -05:00
Andrew Ayer
c2099d6d49 Manually prefix all log messages with log URL 
(Instead of using log.SetPrefix)

This will let us process logs in parallel.
 2019-12-02 15:03:34 -05:00
Andrew Ayer
0aa86dd1cb Return an error for trailing CT signature garbage rather than logging an error 2019-12-02 14:58:48 -05:00
Andrew Ayer
02b6c5ee51 Add functions for canonicalizing an RDNSequence 2019-09-12 11:36:08 -07:00
Andrew Ayer
a6c74b6009 Add MarshalRDNSequence 2019-09-12 11:36:04 -07:00
Andrew Ayer
93fccdab3e decodeASN1String: add support for VisibleString 2019-09-11 21:03:44 -07:00
Andrew Ayer
b11fd6bbf8 Add new logs: Yeti 2018-2022, Nimbus 2022-2023 2018-10-15 09:32:42 -07:00
d7415
20b1df83cc
Remove EOL Symantec CT Log Servers 
The Symantec CT Log servers were EOLd at the end of September https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/XOUG3HUbPjs
 2018-10-13 17:19:16 +01:00
Ian Foster
6991be261c changed bygonessl behavior 2018-07-19 16:12:17 -07:00
Ian Foster
1b4943c198 rename issued_before to valid_at 2018-07-13 11:11:58 -07:00
Ian Foster
cfe7adf06c added support for CT over http for testing 2018-07-07 14:11:29 -07:00
Ian Foster
e5fd2e9efc Initial BygoneSSL support 2018-07-04 19:03:57 -07:00
Andrew Ayer
ca1acc7d77 Release 0.9 0.9 2018-04-19 12:07:19 -07:00
Andrew Ayer
0a16866f44 Update README 2018-04-19 11:52:50 -07:00
Andrew Ayer
418ef7fd97 Remove WoSign and StartCom 
They were disqualified by Chromium for failure to incorporate SCTs:

	https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/W1Ty2gO0JNA/ZbQxlgRZAQAJ

	https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/UcCqlxuz_1c/Mf_939xYAQAJ

and as of this commit more than 24 hours have passed since the last STH.

Closes: #28
 2018-04-19 11:11:31 -07:00
Andrew Ayer
56dec6a1a5 Start monitoring Nimbus logs 2018-03-25 12:30:26 -07:00
Andrew Ayer
7c6da49708 Stop monitoring Argon 2017 
It's no longer 2017 and this log was never accepted by Chrome anyways.
 2018-03-25 12:28:44 -07:00
Andrew Ayer
bc255f43d5 Add functions to verify SCTs 2017-12-17 09:51:46 -08:00
Andrew Ayer
bf676f06be Add JSON tags to SignedCertificateTimestamp 2017-12-16 10:13:25 -08:00
Andrew Ayer
ab16995f56 Release 0.8 0.8 2017-12-08 13:02:59 -08:00
Andrew Ayer
dd7e3a126d Add DigiCert 2 log 2017-12-08 13:02:59 -08:00
Andrew Ayer
4268566999 Add Symantec Sirius log 2017-12-08 13:00:24 -08:00
Andrew Ayer
e96ccbab62 Release 0.7 0.7 2017-11-13 15:10:30 -08:00
Andrew Ayer
e546f123f5 Add Google Argon logs 2017-11-11 15:24:03 -08:00
Andrew Ayer
822a03f365 Track log certificate expiry range 2017-11-11 15:23:56 -08:00
Andrew Ayer
41ca1aaab8 Avoid unaligned atomic access on 32 bit platforms 
Closes #23
 2017-11-06 13:33:02 -08:00
Andrew Ayer
a26bf3e300 Release 0.6 0.6 2017-10-19 12:51:28 -07:00
Andrew Ayer
7283e51420 Disable TLS certificate validation when communicating with log 
See the source code comments for an explanation for why this is both
necessary and not insecure.
 2017-10-19 12:51:28 -07:00
Andrew Ayer
1a6ed13fd6 Add Comodo Mammoth and Comodo Sabre 
Trusted as of Chrome 60.
 2017-10-19 12:51:28 -07:00
Andrew Ayer
709aa01308 Add Comodo Dodo to the openLogs list 2017-10-17 17:24:59 -07:00
Andrew Ayer
8b2664b474 Release 0.5 0.5 2017-05-18 10:04:18 -07:00
Andrew Ayer
62cbba12a3 Remove PuChuangSiDa log 
They've flown the coop and will likely be removed from Chrome.
 2017-05-13 09:52:19 -07:00
Andrew Ayer
3df9fb4e73 Add Venafi Gen2 log 
It's not qualified by Chrome yet, but it is accumulating so many entries
already that I think it's good to get a head start on monitoring it.
 2017-04-29 13:02:58 -07:00
Andrew Ayer
1814cb87e5 Return additional info about pre-cert from ValidatePrecert 2017-04-27 10:48:48 -07:00
Andrew Ayer
06c253a0ea Continue processing a log even if an STH failed to verify 
It may still be possible to audit other STHs, and to scan new entries
up to the latest verified STH.  This allows Cert Spotter to continue
to make forward progress even if a log is persistently skewed (as the
DigiCert has been lately).

Also, rework some code to be simpler and less redundant.
 2017-04-27 10:48:48 -07:00
Alex Gaynor
1f8751aba5 Update the date for Chromium mandatory CT 2017-04-23 14:19:09 -04:00
Andrew Ayer
5d9fa9dfd9 Release 0.4 0.4 2017-04-03 15:30:53 -07:00
Andrew Ayer
e1dd1f25bf Remove Venafi log, which forked and will be removed from Chrome 
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/KMAcNT3asTQ
 2017-03-20 11:36:57 -07:00
Andrew Ayer
583aebe9ab Add PuChuangSiDa 1 log 
It is scheduled for inclusion in Chrome:

https://bugs.chromium.org/p/chromium/issues/detail?id=667663
 2017-03-20 11:35:12 -07:00
Andrew Ayer
fa81965dee Remove log ID comments from logs.go 2017-03-20 11:33:11 -07:00
Andrew Ayer
b051332b1d Release 0.3 0.3 2017-02-20 13:13:09 -08:00
Andrew Ayer
8b9c08b984 submitct: apply gofmt 2017-02-05 10:09:42 -08:00
Andrew Ayer
732a660767 submitct: reorganize code 2017-02-05 10:09:19 -08:00