Tandem/certspotter
2
0
Fork 0
mirror of https://github.com/SSLMate/certspotter.git synced 2025-07-03 10:47:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
216 Commits 1 Branch 24 Tags
Commit Graph

216 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Ayer
33ebbdfd07 Use os.UserHomeDir to determine home directory 
Go provides this since Go 1.12; no need to reinvent the wheel.
 2022-10-08 18:17:35 -04:00
Andrew Ayer
3d1bdb2b60 Release 0.14.0 v0.14.0 2022-06-13 11:23:35 -04:00
Andrew Ayer
4c21e97208 Release 0.13 v0.13 2022-06-13 08:50:07 -04:00
Andrew Ayer
0d29547d36 Update minimum Go version, install instructions 2022-06-13 08:45:23 -04:00
Andrew Ayer
270cdab44e Release 0.12 v0.12 2022-06-07 08:23:35 -04:00
Andrew Ayer
039339154f Move retry logic into LogClient 
This allows retry logic to be used for all requests, not just get-entries

Also add context arguments
 2022-06-02 10:02:32 -04:00
Andrew Ayer
f7f79f2600 logclient: buffer JSON request body 
This permits us to detect JSON marshalling errors, and makes it easy to
retry the request.

Request bodies are short so this should have negligible performance impact.
 2022-05-31 15:37:47 -04:00
Andrew Ayer
c59eecfdec Switch to Go modules 2022-05-01 13:23:29 -04:00
Andrew Ayer
2335a57569 Drop dependency on github.com/mreiferson/go-httpclient 2022-05-01 13:22:01 -04:00
Andrew Ayer
c0e79476ae Add .gitignore file 2022-02-28 08:11:13 -05:00
Andrew Ayer
31f0b8b830 Update loglist for Chrome's new v3 schema 
See https://groups.google.com/a/chromium.org/d/msgid/ct-policy/f2958124-f679-406d-8bca-a063b7d37c3an%40chromium.org
 2021-11-01 14:19:45 -04:00
Andrew Ayer
8c14597721 Add IsPreCert to CertInfo 2021-10-29 09:28:39 -04:00
Andrew Ayer
c9aaa2782f Add -version flag 2021-10-12 10:28:34 -04:00
Andrew Ayer
54f34077d3 Release 0.11 0.11 2021-08-17 15:03:47 -04:00
Andrew Ayer
4e4250dad2 Don't ask for consistency proofs based on an empty tree 
RFC 6962 doesn't define how to generate a consistency proof in this case,
and it doesn't matter anyways since the tree is empty.  The DigiCert logs
return a 400 error if we ask for such a proof.
 2021-08-17 15:00:48 -04:00
Andrew Ayer
1a7622bfa6 loglist: add some helper functions 2021-05-01 17:35:18 -04:00
Andrew Ayer
4b280bdcd2 export loglist.Unmarshal 2021-05-01 16:53:56 -04:00
Andrew Ayer
a147970db8 Use ct.SHA256Hash for log ID rather than []byte 2021-04-30 17:04:16 -04:00
Andrew Ayer
2cccf67601 Avoid leaving a file open for longer than necessary 2020-10-06 19:27:58 -04:00
Andrew Ayer
18b2d6d2a5 Add support for contacting logs via HTTP proxies 
Just set the appropriate environment variable as documented at
https://golang.org/pkg/net/http/#ProxyFromEnvironment

Closes: #31
Closes: #41
 2020-06-30 10:37:34 -04:00
Andrew Ayer
74a7329c00 Validate log list after loading it 2020-05-01 16:05:37 -04:00
Daniel Peukert
6d5e2395a1
Fix missing Printf 2020-05-01 00:25:39 +02:00
Andrew Ayer
b01baf836d Release 0.10 0.10 2020-04-29 14:15:29 -04:00
Andrew Ayer
6dc67b3775 Update NEWS file 2020-04-29 11:54:29 -04:00
Andrew Ayer
64e6a74a5e Fix typo in README 2020-04-29 11:51:54 -04:00
Andrew Ayer
185445e158 Retrieve log list from certspotter.org at startup instead of embedding in source 
The list of logs changes far too frequently (with annual shards and operators
dropping out of the ecosystem) to continue embedding in the source code.

Breaking change: the -logs option now expects a
JSON file in the v2 log list format, as documented at
<https://www.certificate-transparency.org/known-logs> and
<https://www.gstatic.com/ct/log_list/v2/log_list_schema.json>.

You can now specify an HTTPS URL to -logs in addition to a file path.

Breaking change: the -underwater option has been removed; if you want
this behavior then specify https://loglist.certspotter.org/underwater.json
as your log list.
 2020-04-29 11:51:50 -04:00
Andrew Ayer
43fe09e1f2 Add code for parsing JSON log lists 2020-04-29 11:38:04 -04:00
Andrew Ayer
e473b94fd9 Add some helper functions for parsing certificate signature info 2020-04-28 15:57:35 -04:00
Andrew Ayer
e74cb79bd4 Update NEWS 2019-12-03 11:19:07 -05:00
Andrew Ayer
764f3285cd Update README 2019-12-03 11:12:53 -05:00
Andrew Ayer
30d171343a Add -start_at_end option to begin monitoring logs at the end 
When Cert Spotter starts monitoring a log that it has never monitored before,
it can either start monitoring it from the beginning, or seek to the end and
start monitoring there.

Monitoring from the beginning guarantees detection of all certificates, but
requires downloading hundreds of millions of certificates, which takes days.

With the new -start_at_end option, you can save significant time by
starting at the end.  You will miss certificates that were added to a
log before Cert Spotter starts monitoring it, but you can always use the
Cert Spotter API <https://sslmate.com/certspotter/api> or crt.sh to find them.

Previously, the -start_at_end behavior was implied the first time you
ever ran Cert Spotter.  This is no longer the case.
 2019-12-03 11:12:40 -05:00
Andrew Ayer
6f3359ecf5 Add a bunch of new logs 2019-12-02 16:58:05 -05:00
Andrew Ayer
d124483998 Remove 2018 log shards 2019-12-02 15:30:55 -05:00
Andrew Ayer
86785d89d7 Process logs in parallel 2019-12-02 15:19:35 -05:00
Andrew Ayer
c2099d6d49 Manually prefix all log messages with log URL 
(Instead of using log.SetPrefix)

This will let us process logs in parallel.
 2019-12-02 15:03:34 -05:00
Andrew Ayer
0aa86dd1cb Return an error for trailing CT signature garbage rather than logging an error 2019-12-02 14:58:48 -05:00
Andrew Ayer
02b6c5ee51 Add functions for canonicalizing an RDNSequence 2019-09-12 11:36:08 -07:00
Andrew Ayer
a6c74b6009 Add MarshalRDNSequence 2019-09-12 11:36:04 -07:00
Andrew Ayer
93fccdab3e decodeASN1String: add support for VisibleString 2019-09-11 21:03:44 -07:00
Andrew Ayer
b11fd6bbf8 Add new logs: Yeti 2018-2022, Nimbus 2022-2023 2018-10-15 09:32:42 -07:00
d7415
20b1df83cc
Remove EOL Symantec CT Log Servers 
The Symantec CT Log servers were EOLd at the end of September https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/XOUG3HUbPjs
 2018-10-13 17:19:16 +01:00
Ian Foster
6991be261c changed bygonessl behavior 2018-07-19 16:12:17 -07:00
Ian Foster
1b4943c198 rename issued_before to valid_at 2018-07-13 11:11:58 -07:00
Ian Foster
cfe7adf06c added support for CT over http for testing 2018-07-07 14:11:29 -07:00
Ian Foster
e5fd2e9efc Initial BygoneSSL support 2018-07-04 19:03:57 -07:00
Andrew Ayer
ca1acc7d77 Release 0.9 0.9 2018-04-19 12:07:19 -07:00
Andrew Ayer
0a16866f44 Update README 2018-04-19 11:52:50 -07:00
Andrew Ayer
418ef7fd97 Remove WoSign and StartCom 
They were disqualified by Chromium for failure to incorporate SCTs:

	https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/W1Ty2gO0JNA/ZbQxlgRZAQAJ

	https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/UcCqlxuz_1c/Mf_939xYAQAJ

and as of this commit more than 24 hours have passed since the last STH.

Closes: #28
 2018-04-19 11:11:31 -07:00
Andrew Ayer
56dec6a1a5 Start monitoring Nimbus logs 2018-03-25 12:30:26 -07:00
Andrew Ayer
7c6da49708 Stop monitoring Argon 2017 
It's no longer 2017 and this log was never accepted by Chrome anyways.
 2018-03-25 12:28:44 -07:00