f920ef0ec3
Add a TODO
2017-01-05 14:32:28 -08:00
55d12ee013
Support empty trees
2017-01-05 14:32:22 -08:00
4868243259
Add ID function to LogInfo to return log ID
2016-11-26 17:48:15 -08:00
ff6d1f21fd
Add a TODO comment
2016-11-26 17:47:57 -08:00
0bd48084f0
Add MakeMerkleTreeBuilder
2016-11-25 20:13:17 -08:00
adce61e035
Add GetAuditProof to LogClient
2016-11-25 20:09:59 -08:00
b63a024876
Replace MerkleTreeBuilder.Finish with non-mutating CalculateRoot
2016-11-25 17:43:07 -08:00
ef18092eb9
Add new logs: Icarus, Skydiver, StartCom, WoSign
2016-11-15 15:59:39 -08:00
9bf82346d8
Avoid use of json.Decoder
...
Per https://ahmetalpbalkan.com/blog/golang-json-decoder-pitfalls/
2016-11-15 15:59:39 -08:00
36210a9544
VerifyConsistencyProof: properly return tree builder when two trees are the same
2016-11-15 15:59:39 -08:00
31f2316aa2
Rework -all_time logic
...
If -all_time is specified, scan the entirety of all logs, even
existing logs. This matches user expectation better. Previously,
-all_time had no impact on existing logs.
The first time Cert Spotter is run, do not scan any logs, unless
-all_time is specified. This avoids a several hour wait the first
time Cert Spotter is run. If the user is interested in knowing
about existing certificates, they can use the certspotter.com API
or crt.sh. This is the same as existing behavior.
When a new log is added, scan it in its entirety even if -all_time is
not specified, so users are alerted to interesting certificates in the
new log. Hopefully new logs will be small and this won't take too long!
Previously, new logs were not scanned in their entirety unless -all_time
was specified.
Closes : #5
2016-11-15 15:59:38 -08:00
7d2936eada
README: document upcoming mandatory CT
2016-11-12 08:09:42 -08:00
f706b09bc8
README: document GlobalSign DV logging
2016-11-12 08:09:27 -08:00
2a80e85783
Increase log client request timeout to 60 seconds
...
This should be configurable, but I need to experiment first.
2016-08-30 10:40:13 -07:00
35c646ae62
Add NEWS file for 0.2 release
2016-08-25 17:13:31 -07:00
4104152de6
Use io.ReadFull instead of raw Read
...
An io.Reader does not guarantee that it can read all bytes possible
to fill the input buffer. Thus, we should use io.ReadFull here instead.
Cherry-picked from ddfd4a2b2d89e20f0a7c63c88420aaa419d4d95c
of https://github.com/google/certificate-transparency
2016-08-25 16:48:58 -07:00
c36452f67a
Improve log client error messages
2016-08-25 16:04:29 -07:00
1af6309367
Define tagUTCTime and tagGeneralizedTime
...
They're only exported in Go1.6 and I'd like to support Go1.5 as well.
Closes : #15
2016-08-20 19:43:44 -07:00
b1dc229785
Fix typo
2016-07-28 15:52:32 -07:00
1f97fb3a13
Suppress duplicate identifiers
2016-07-28 14:00:15 -07:00
6cae4942e4
Identifiers: abstract out appendIPAddress
2016-07-28 13:53:24 -07:00
c217200b96
Return errors from InvokeHookScript instead of failing silently
...
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
2016-07-28 12:26:58 -07:00
acc6781f29
Run gofmt
...
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
2016-07-28 14:55:46 -04:00
38b9c920eb
Add README
2016-07-27 14:17:53 -07:00
1dc7e1cda9
Refine command line flag descriptions
2016-07-27 14:14:09 -07:00
902755d4e8
Don't enforce public key compliance
...
You have to trust the public key anyways, so compliance checks are
superfluous.
2016-07-26 17:00:01 -07:00
f75c47d9ca
Always store files in ~/.certspotter, even if running as root
2016-07-26 16:57:26 -07:00
c185657181
Remove Izenpe log, add CNNIC
2016-07-19 10:46:15 -07:00
cf8a5d8703
Remove description field from logs.go
2016-07-19 10:39:01 -07:00
37bc55be2d
Add key hash to logs.go
2016-07-19 10:32:05 -07:00
ebdf2af720
Add some comments
2016-07-19 10:31:23 -07:00
19e05b901a
Remove some dead code from the scanner
2016-06-22 10:32:42 -07:00
74f9ceb6a2
Add attribution of the ct sub-directory
2016-06-22 10:30:16 -07:00
724517e4c4
Update crt.sh link to use sha256= instead of q=
2016-06-20 15:23:15 -07:00
fa1236f434
Use a switch statement instead of an if statement
...
This will make it cleaner to handle other extension types
2016-06-08 15:57:56 -07:00
196bd864cd
Properly handle non-200 responses from logs
2016-06-08 15:18:28 -07:00
1fc964732b
Allow public key to be omitted from log JSON file
...
In which case signatures are not checked.
2016-06-03 08:10:38 -07:00
2c8cb1f402
Return exit code from cmd.Main instead of exiting directly
...
This allows the calling code to do custom cleanup.
2016-06-03 07:21:08 -07:00
6db3f7564c
Add function to reconstruct pre-cert TBS from cert TBS
2016-05-16 11:33:03 -07:00
ae59c317dc
Ignore empty DNS names
2016-05-13 10:31:13 -07:00
2bed88e7c5
Rework watchlist
...
Watchlist is now read from ~/.certspotter/watchlist by default, or from
the file specified by -watchlist (- for stdin).
By default, only exact DNS names are matched. To match both the domain
itself and all sub-domains, prefix with a dot (e.g. .example.com).
Comments are now allowed in watchlist files.
2016-05-12 11:30:59 -07:00
7196ec5217
Use $CERTSPOTTER_STATE_DIR to specify state directory
2016-05-12 10:53:57 -07:00
dac062e17d
Add unit tests for MatchesWildcard
2016-05-10 14:29:10 -07:00
f9432ae4b9
Reverse order of certspotter.MatchesWildcard arguments
2016-05-10 14:29:04 -07:00
92fbdcb947
Support crazy wildcards (not just in the left-most label)
2016-05-10 10:37:10 -07:00
e99ee481a4
Disable check of pre-cert poision value
...
Too many pre-certs in the logs with the wrong value :-(
2016-05-09 15:46:14 -07:00
9342adcd93
Tighten up the cert information output
...
Remove subject and SANs since they are redundant with earlier identifier
listing. Remove serial number because who cares? Put type of entry
on same line as log entry info.
If people want this info they can always examine the saved file or the
crt.sh page.
2016-05-09 15:43:19 -07:00
b79cb31413
Move package to software.sslmate.com/src/certspotter
2016-05-04 12:19:59 -07:00
1e582e2e0c
License under the MPL 2.0
2016-05-04 11:56:13 -07:00
670cddafbc
Rename project to certspotter
2016-05-04 11:49:07 -07:00
Andrew Ayer