Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Disable check of pre-cert poision value 

Too many pre-certs in the logs with the wrong value :-(
This commit is contained in:
Andrew Ayer 2016-05-09 15:46:14 -07:00
parent 9342adcd93
commit e99ee481a4
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
precerts.go
View File

@ -77,9 +77,12 @@ func ValidatePrecert (precertBytes []byte, tbsBytes []byte) error {
if !precertExt.Critical { if !precertExt.Critical {
return errors.New("pre-cert poison extension is not critical") return errors.New("pre-cert poison extension is not critical")
} }
/* CAs can't even get this right, and Google's logs don't check. Fortunately,
it's not that important.
if !bytes.Equal(precertExt.Value, []byte{0x05, 0x00}) { if !bytes.Equal(precertExt.Value, []byte{0x05, 0x00}) {
return errors.New("pre-cert poison extension contains incorrect value") return errors.New("pre-cert poison extension contains incorrect value")
} }
*/
precertHasPoison = true precertHasPoison = true
continue continue
} }