418ef7fd97
Remove WoSign and StartCom
...
They were disqualified by Chromium for failure to incorporate SCTs:
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/W1Ty2gO0JNA/ZbQxlgRZAQAJ
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/UcCqlxuz_1c/Mf_939xYAQAJ
and as of this commit more than 24 hours have passed since the last STH.
Closes : #28
2018-04-19 11:11:31 -07:00
56dec6a1a5
Start monitoring Nimbus logs
2018-03-25 12:30:26 -07:00
7c6da49708
Stop monitoring Argon 2017
...
It's no longer 2017 and this log was never accepted by Chrome anyways.
2018-03-25 12:28:44 -07:00
bc255f43d5
Add functions to verify SCTs
2017-12-17 09:51:46 -08:00
bf676f06be
Add JSON tags to SignedCertificateTimestamp
2017-12-16 10:13:25 -08:00
ab16995f56
Release 0.8
2017-12-08 13:02:59 -08:00
dd7e3a126d
Add DigiCert 2 log
2017-12-08 13:02:59 -08:00
4268566999
Add Symantec Sirius log
2017-12-08 13:00:24 -08:00
e96ccbab62
Release 0.7
2017-11-13 15:10:30 -08:00
e546f123f5
Add Google Argon logs
2017-11-11 15:24:03 -08:00
822a03f365
Track log certificate expiry range
2017-11-11 15:23:56 -08:00
41ca1aaab8
Avoid unaligned atomic access on 32 bit platforms
...
Closes #23
2017-11-06 13:33:02 -08:00
a26bf3e300
Release 0.6
2017-10-19 12:51:28 -07:00
7283e51420
Disable TLS certificate validation when communicating with log
...
See the source code comments for an explanation for why this is both
necessary and not insecure.
2017-10-19 12:51:28 -07:00
1a6ed13fd6
Add Comodo Mammoth and Comodo Sabre
...
Trusted as of Chrome 60.
2017-10-19 12:51:28 -07:00
709aa01308
Add Comodo Dodo to the openLogs list
2017-10-17 17:24:59 -07:00
8b2664b474
Release 0.5
2017-05-18 10:04:18 -07:00
62cbba12a3
Remove PuChuangSiDa log
...
They've flown the coop and will likely be removed from Chrome.
2017-05-13 09:52:19 -07:00
3df9fb4e73
Add Venafi Gen2 log
...
It's not qualified by Chrome yet, but it is accumulating so many entries
already that I think it's good to get a head start on monitoring it.
2017-04-29 13:02:58 -07:00
1814cb87e5
Return additional info about pre-cert from ValidatePrecert
2017-04-27 10:48:48 -07:00
06c253a0ea
Continue processing a log even if an STH failed to verify
...
It may still be possible to audit other STHs, and to scan new entries
up to the latest verified STH. This allows Cert Spotter to continue
to make forward progress even if a log is persistently skewed (as the
DigiCert has been lately).
Also, rework some code to be simpler and less redundant.
2017-04-27 10:48:48 -07:00
1f8751aba5
Update the date for Chromium mandatory CT
2017-04-23 14:19:09 -04:00
5d9fa9dfd9
Release 0.4
2017-04-03 15:30:53 -07:00
e1dd1f25bf
Remove Venafi log, which forked and will be removed from Chrome
...
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/KMAcNT3asTQ
2017-03-20 11:36:57 -07:00
583aebe9ab
Add PuChuangSiDa 1 log
...
It is scheduled for inclusion in Chrome:
https://bugs.chromium.org/p/chromium/issues/detail?id=667663
2017-03-20 11:35:12 -07:00
fa81965dee
Remove log ID comments from logs.go
2017-03-20 11:33:11 -07:00
b051332b1d
Release 0.3
2017-02-20 13:13:09 -08:00
8b9c08b984
submitct: apply gofmt
2017-02-05 10:09:42 -08:00
732a660767
submitct: reorganize code
2017-02-05 10:09:19 -08:00
b94d850dbe
submitct: use maps for efficiency
...
This will make submitct work better with lots of certificates as input.
2017-02-05 10:07:30 -08:00
74ffda2dc6
x509: factor out ParseRDNSequence
2017-02-05 10:04:43 -08:00
779230cbc8
submitct: include cert index in log entries
2017-02-04 16:09:56 -08:00
e7a9ba6e7d
Add submitct program for submitting certs
2017-02-04 16:05:51 -08:00
8846cbcbd9
Add OpenLogs array, for logs with open submission policies
2017-02-04 16:04:00 -08:00
b6f99bad2c
logclient: add support for add-chain request
2017-02-04 16:03:48 -08:00
fecfeb033d
logclient: add support for POST requests
2017-02-04 16:03:35 -08:00
13b064878b
Update NEWS file
2017-01-10 11:25:02 -08:00
e8c4f10e97
Use a lock file to prevent certspotter from running concurrently
2017-01-10 10:50:41 -08:00
2f0833ac9c
Apply gofmt
2017-01-08 10:17:00 -08:00
9f3e9968ec
Rename verified_sth.json to just sth.json
2017-01-08 10:15:41 -08:00
7adbc6cffe
Add .json extension to log state filenames
...
Since they are JSON.
2017-01-08 10:14:44 -08:00
b88de6b320
Rename "position" to "tree" in log state
2017-01-06 14:49:42 -08:00
9c3e697231
CollapsedMerkleTree: rename stack to nodes
2017-01-06 14:43:20 -08:00
671814cd9b
CollapsedMerkleTree: rename numLeaves to size
2017-01-06 14:41:51 -08:00
9ceedea9ef
Rename MerkleTreeBuilder to CollapsedMerkleTree
2017-01-06 14:39:08 -08:00
cf742c121e
Update NEWS file
2017-01-06 13:36:56 -08:00
d8b1877e8d
Improve filenames of unverified STHs
...
Include the tree size in plain decimal, since it's more user-friendly.
Don't include tree size in hash (redundant now that we're storing it
outside of hash) or version (implied by signature).
2017-01-06 12:51:10 -08:00
1719aa5d8e
Set log ID in STHs that we download
...
This will facilitate STH pollination.
2017-01-06 12:50:21 -08:00
0eb6d199a4
Improve the name of a function
2017-01-06 12:24:09 -08:00
c8f0a0f9e8
Only write once file if run was 100% successful
...
Otherwise, if a single log was unreachable, we'd be force to download
all of it on the next run.
2017-01-06 12:23:20 -08:00
Andrew Ayer