9c61d83ca2
Remove an errant log statement
2023-02-07 10:13:52 -05:00
2dc99f8d23
Fix notification suppression
2023-02-07 09:23:01 -05:00
83e17e608d
Fix syntax bugs in man page
2023-02-06 11:22:48 -05:00
3257b29036
Document health check in man page
2023-02-06 11:22:13 -05:00
a8af849c9f
Remove fields from JSON file that I am not ready to stabilize
2023-02-06 10:10:58 -05:00
fc7cc17f45
Document that text file format may change
2023-02-06 10:07:56 -05:00
76911c788f
Tidy module files
2023-02-06 09:44:46 -05:00
52949d8ea3
Apply gofmt
2023-02-06 09:18:53 -05:00
2a24abaa31
Make health check interval configurable
2023-02-06 09:18:37 -05:00
6c798699f8
Apply gofmt
2023-02-05 21:08:13 -05:00
e27e355b75
Implement monitor health check
2023-02-05 21:08:01 -05:00
fe4ef6b05d
Add TimestampTime() to ct.SignedTreeHead
2023-02-05 21:07:30 -05:00
9b29ca93b8
Prepare CHANGELOG for v0.15.0
2023-02-05 13:04:17 -05:00
d4cf32f9b3
Update README, and reformat as Markdown
2023-02-05 13:04:17 -05:00
61e3d80f57
Rename COPYING to LICENSE
...
As suggested by the MPL and in line with modern conventions.
2023-02-05 13:04:17 -05:00
04ea5c949f
Update man pages
2023-02-05 13:04:17 -05:00
3c23ab4e34
Add man pages
...
Closes : #11
2023-02-05 13:04:13 -05:00
9ec3c74400
Rename LeafSHA256 to avoid confusion with Merkle leafs
2023-02-05 08:41:17 -05:00
7a8a770d99
Apply gofmt
2023-02-05 08:30:53 -05:00
c68cf401a3
Add $TBS_SHA256 and tbs_sha256 to script environment and JSON
2023-02-05 08:30:45 -05:00
bc36175a53
Ensure that precertificates match the Merkle leaf input
2023-02-05 08:18:28 -05:00
03c21ed118
Add PubkeySHA256 to discoveredCert
2023-02-05 08:08:07 -05:00
05bf3d0c62
Fix typo in script environment variable
2023-02-05 07:56:42 -05:00
3ccc8d67f4
Improve handling of contexts when retrying requests
...
Previously, if the context was canceled while sleeping, we'd return the
last HTTP error. Now, we return the context error instead.
2023-02-03 17:25:12 -05:00
e044aae1df
Set proper intervals for monitoring
2023-02-03 17:12:48 -05:00
1b4eb20c8b
Upgrade dependencies
2023-02-03 15:49:16 -05:00
2f2ad094db
Set User-Agent header when fetching log list
2023-02-03 15:24:55 -05:00
2366c06ca6
Support ETag/Last-Modified when fetching loglist
2023-02-03 15:21:24 -05:00
6bb03865fb
Modernize loglist fetching, add context support
2023-02-03 14:55:09 -05:00
29ed939006
Remove old code
2023-02-03 14:47:47 -05:00
897c861451
Remove redundant information in an error message
2023-02-03 14:38:02 -05:00
35555b769a
Remove script directory support (for now)
...
The implementation was no good because it broke $PATH lookups.
I still like this feature but will defer it to a future version.
2023-02-03 14:35:26 -05:00
ef2a7698d7
Update a TODO comment
2023-02-03 14:32:44 -05:00
a5a9008de2
Add .v1 to file suffix of JSON files
...
If we add fields in the future this will make it clear that old
files don't have the new fields
2023-02-03 14:32:35 -05:00
6848316a5b
Make the .notified file a hidden file
...
Since it's an implementation detail that users shouldn't need
to know about.
2023-02-03 14:29:58 -05:00
5e7fa8c079
Remove some TODOs that I'v decided not to do
2023-02-03 14:29:24 -05:00
209cdb181b
Convert to a daemon and make many other improvements
...
Specifically, certspotter no longer terminates unless it receives SIGTERM
or SIGINT or there is a serious error.
Although using cron made sense in the early days of Certificate
Transparency, certspotter now needs to run continuously to reliably keep
up with the high growth rate of contemporary CT logs, and to gracefully
handle the many transient errors that can arise when monitoring CT.
Closes : #63
Closes : #37
Closes : #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES)
Closes : #21 (with $WATCH_ITEM)
Closes : #25
2023-02-03 14:12:03 -05:00
e3835dea53
Add some comments about the nature of various errors
2023-02-03 13:59:40 -05:00
a2a2e40e15
Add merkletree package
2023-02-03 13:58:22 -05:00
5236ac5ae8
Add Base64URLString to SHA256Hash
2023-02-03 13:58:01 -05:00
57e9458ce5
Replace plain text NEWS file with Markdown-formatted CHANGELOG.md
2023-02-03 13:09:46 -05:00
656fb065be
logclient: improve some error messages
2023-01-29 13:22:17 -05:00
5365450965
logclient: don't send User-Agent
2023-01-29 13:22:17 -05:00
936a1ca8ed
Remove ctparsewatch
2023-01-22 13:54:43 -05:00
b3d1b793c1
Remove unused helper functions
2023-01-21 17:20:39 -05:00
95c823e86a
logclient: optionally verify STH signatures
2023-01-21 16:53:43 -05:00
654f8d4670
logclient: add GetEntriesRaw
2023-01-21 16:50:50 -05:00
1cabee55e4
Remove an unused function
2023-01-20 16:50:49 -05:00
e682e1e9f8
Add some comments about script variables
2023-01-20 16:14:49 -05:00
76d30c2033
Remove BygoneSSL documentation from the README
...
This feature will likely be removed in the future.
This feature can help you identify certificates that are
issued before you take ownership of a domain, helping you identify
certificates that are definitely not yours.
However, in practice this doesn't have very much utility:
1. Such certificates are probably already in CT when you start monitoring,
requiring you to download ALL certificates (by omitting -start_at_end)
to find them, which is not very practical.
2. It doesn't detect certificates that are issued based on reused domain
validations that were completed before you took ownership of the domain.
2023-01-16 18:07:28 -05:00
Andrew Ayer