Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure that precertificates match the Merkle leaf input

This commit is contained in:
Andrew Ayer 2023-02-05 08:18:28 -05:00
parent 03c21ed118
commit bc36175a53
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monitor/process.go
View File

@ -74,6 +74,10 @@ func processPrecertLogEntry(ctx context.Context, config *Config, entry *logEntry
return processMalformedLogEntry(ctx, config, entry, fmt.Errorf("error parsing extra_data for precert entry: %w", err))
}
if _, err := certspotter.ValidatePrecert(chain[0], precert.TBSCertificate); err != nil {
return processMalformedLogEntry(ctx, config, entry, fmt.Errorf("precertificate in extra_data does not match TBSCertificate in leaf_input: %w", err))
}
return processCertificate(ctx, config, entry, certInfo, chain)
}