removedporn
407d069c87
Delete identifiers.go
2022-04-21 21:28:14 +08:00
Andrew Ayer
54f34077d3
Release 0.11
2021-08-17 15:03:47 -04:00
Andrew Ayer
4e4250dad2
Don't ask for consistency proofs based on an empty tree
...
RFC 6962 doesn't define how to generate a consistency proof in this case,
and it doesn't matter anyways since the tree is empty. The DigiCert logs
return a 400 error if we ask for such a proof.
2021-08-17 15:00:48 -04:00
Andrew Ayer
1a7622bfa6
loglist: add some helper functions
2021-05-01 17:35:18 -04:00
Andrew Ayer
4b280bdcd2
export loglist.Unmarshal
2021-05-01 16:53:56 -04:00
Andrew Ayer
a147970db8
Use ct.SHA256Hash for log ID rather than []byte
2021-04-30 17:04:16 -04:00
Andrew Ayer
2cccf67601
Avoid leaving a file open for longer than necessary
2020-10-06 19:27:58 -04:00
Andrew Ayer
18b2d6d2a5
Add support for contacting logs via HTTP proxies
...
Just set the appropriate environment variable as documented at
https://golang.org/pkg/net/http/#ProxyFromEnvironment
Closes : #31
Closes : #41
2020-06-30 10:37:34 -04:00
Andrew Ayer
74a7329c00
Validate log list after loading it
2020-05-01 16:05:37 -04:00
Daniel Peukert
6d5e2395a1
Fix missing Printf
2020-05-01 00:25:39 +02:00
Andrew Ayer
b01baf836d
Release 0.10
2020-04-29 14:15:29 -04:00
Andrew Ayer
6dc67b3775
Update NEWS file
2020-04-29 11:54:29 -04:00
Andrew Ayer
64e6a74a5e
Fix typo in README
2020-04-29 11:51:54 -04:00
Andrew Ayer
185445e158
Retrieve log list from certspotter.org at startup instead of embedding in source
...
The list of logs changes far too frequently (with annual shards and operators
dropping out of the ecosystem) to continue embedding in the source code.
Breaking change: the -logs option now expects a
JSON file in the v2 log list format, as documented at
<https://www.certificate-transparency.org/known-logs > and
<https://www.gstatic.com/ct/log_list/v2/log_list_schema.json >.
You can now specify an HTTPS URL to -logs in addition to a file path.
Breaking change: the -underwater option has been removed; if you want
this behavior then specify https://loglist.certspotter.org/underwater.json
as your log list.
2020-04-29 11:51:50 -04:00
Andrew Ayer
43fe09e1f2
Add code for parsing JSON log lists
2020-04-29 11:38:04 -04:00
Andrew Ayer
e473b94fd9
Add some helper functions for parsing certificate signature info
2020-04-28 15:57:35 -04:00
Andrew Ayer
e74cb79bd4
Update NEWS
2019-12-03 11:19:07 -05:00
Andrew Ayer
764f3285cd
Update README
2019-12-03 11:12:53 -05:00
Andrew Ayer
30d171343a
Add -start_at_end option to begin monitoring logs at the end
...
When Cert Spotter starts monitoring a log that it has never monitored before,
it can either start monitoring it from the beginning, or seek to the end and
start monitoring there.
Monitoring from the beginning guarantees detection of all certificates, but
requires downloading hundreds of millions of certificates, which takes days.
With the new -start_at_end option, you can save significant time by
starting at the end. You will miss certificates that were added to a
log before Cert Spotter starts monitoring it, but you can always use the
Cert Spotter API <https://sslmate.com/certspotter/api > or crt.sh to find them.
Previously, the -start_at_end behavior was implied the first time you
ever ran Cert Spotter. This is no longer the case.
2019-12-03 11:12:40 -05:00
Andrew Ayer
6f3359ecf5
Add a bunch of new logs
2019-12-02 16:58:05 -05:00
Andrew Ayer
d124483998
Remove 2018 log shards
2019-12-02 15:30:55 -05:00
Andrew Ayer
86785d89d7
Process logs in parallel
2019-12-02 15:19:35 -05:00
Andrew Ayer
c2099d6d49
Manually prefix all log messages with log URL
...
(Instead of using log.SetPrefix)
This will let us process logs in parallel.
2019-12-02 15:03:34 -05:00
Andrew Ayer
0aa86dd1cb
Return an error for trailing CT signature garbage rather than logging an error
2019-12-02 14:58:48 -05:00
Andrew Ayer
02b6c5ee51
Add functions for canonicalizing an RDNSequence
2019-09-12 11:36:08 -07:00
Andrew Ayer
a6c74b6009
Add MarshalRDNSequence
2019-09-12 11:36:04 -07:00
Andrew Ayer
93fccdab3e
decodeASN1String: add support for VisibleString
2019-09-11 21:03:44 -07:00
Andrew Ayer
b11fd6bbf8
Add new logs: Yeti 2018-2022, Nimbus 2022-2023
2018-10-15 09:32:42 -07:00
d7415
20b1df83cc
Remove EOL Symantec CT Log Servers
...
The Symantec CT Log servers were EOLd at the end of September https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/XOUG3HUbPjs
2018-10-13 17:19:16 +01:00
Ian Foster
6991be261c
changed bygonessl behavior
2018-07-19 16:12:17 -07:00
Ian Foster
1b4943c198
rename issued_before to valid_at
2018-07-13 11:11:58 -07:00
Ian Foster
cfe7adf06c
added support for CT over http for testing
2018-07-07 14:11:29 -07:00
Ian Foster
e5fd2e9efc
Initial BygoneSSL support
2018-07-04 19:03:57 -07:00
Andrew Ayer
ca1acc7d77
Release 0.9
2018-04-19 12:07:19 -07:00
Andrew Ayer
0a16866f44
Update README
2018-04-19 11:52:50 -07:00
Andrew Ayer
418ef7fd97
Remove WoSign and StartCom
...
They were disqualified by Chromium for failure to incorporate SCTs:
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/W1Ty2gO0JNA/ZbQxlgRZAQAJ
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/UcCqlxuz_1c/Mf_939xYAQAJ
and as of this commit more than 24 hours have passed since the last STH.
Closes : #28
2018-04-19 11:11:31 -07:00
Andrew Ayer
56dec6a1a5
Start monitoring Nimbus logs
2018-03-25 12:30:26 -07:00
Andrew Ayer
7c6da49708
Stop monitoring Argon 2017
...
It's no longer 2017 and this log was never accepted by Chrome anyways.
2018-03-25 12:28:44 -07:00
Andrew Ayer
bc255f43d5
Add functions to verify SCTs
2017-12-17 09:51:46 -08:00
Andrew Ayer
bf676f06be
Add JSON tags to SignedCertificateTimestamp
2017-12-16 10:13:25 -08:00
Andrew Ayer
ab16995f56
Release 0.8
2017-12-08 13:02:59 -08:00
Andrew Ayer
dd7e3a126d
Add DigiCert 2 log
2017-12-08 13:02:59 -08:00
Andrew Ayer
4268566999
Add Symantec Sirius log
2017-12-08 13:00:24 -08:00
Andrew Ayer
e96ccbab62
Release 0.7
2017-11-13 15:10:30 -08:00
Andrew Ayer
e546f123f5
Add Google Argon logs
2017-11-11 15:24:03 -08:00
Andrew Ayer
822a03f365
Track log certificate expiry range
2017-11-11 15:23:56 -08:00
Andrew Ayer
41ca1aaab8
Avoid unaligned atomic access on 32 bit platforms
...
Closes #23
2017-11-06 13:33:02 -08:00
Andrew Ayer
a26bf3e300
Release 0.6
2017-10-19 12:51:28 -07:00
Andrew Ayer
7283e51420
Disable TLS certificate validation when communicating with log
...
See the source code comments for an explanation for why this is both
necessary and not insecure.
2017-10-19 12:51:28 -07:00
Andrew Ayer
1a6ed13fd6
Add Comodo Mammoth and Comodo Sabre
...
Trusted as of Chrome 60.
2017-10-19 12:51:28 -07:00