Andrew Ayer
60636ba2d7
Move Identifiers from CertInfo to EntryInfo
...
It's more logical, and it avoids some redundant parsing.
2016-05-03 11:58:59 -07:00
Andrew Ayer
ca8f60740a
Trim trailing dots from DNS names
2016-05-01 12:49:26 -07:00
Andrew Ayer
847b7129e8
Monitor for all DNS names that _might_ match a monitored domain
...
Wildcards, redacted labels, and unparseable labels.
2016-04-29 09:02:03 -07:00
Andrew Ayer
2c9df274e9
Gracefully handle all manner of poorly encoded identifiers
...
Also add preliminary support for IP address identifiers.
2016-04-28 22:00:32 -07:00
Andrew Ayer
65ed742477
Support wildcards
...
For example, if you're watching subdomain.example.com, a cert for
*.example.com will now match.
2016-04-26 14:49:39 -07:00
Andrew Ayer
4132ed5e9f
Add support for IDNs
...
IDNs can be specified in either Unicode or ASCII (as Punycode).
Certs can specify the DNS name either way, and we'll match it.
2016-04-26 14:38:09 -07:00
Andrew Ayer
2d2aa37202
Parse common names separately from DNS names
2016-04-22 20:58:33 -07:00
Andrew Ayer
616ac0cb83
Adjust gitignore
2016-03-23 20:04:55 -07:00
Andrew Ayer
3b59332bf1
Rename a function for clarity
2016-03-17 16:34:53 -07:00
Andrew Ayer
a071e9490a
Replace embedded X509 parser with my own lightweight parser
2016-03-16 16:59:37 -07:00
Andrew Ayer
5ccf9fdcd3
ctwatch: allow state dir to be set by $CTWATCH_STATE_DIR
2016-03-08 07:09:26 -08:00
Andrew Ayer
b297ba9967
Use bits in the exit code to convey what happened
2016-02-22 14:45:50 -08:00
Andrew Ayer
40123f9ba8
Allow . to be specified on stdin as well
2016-02-22 14:18:56 -08:00
Andrew Ayer
16bf546258
Embed Google CT library, with my own changes
2016-02-18 10:44:56 -08:00
Andrew Ayer
b6dec7822d
Overhaul to be more robust and simpler
...
All certificates are now parsed with a special, extremely
lax parser that extracts only the DNS names. Only if the
DNS names match the domains we're interested in will we attempt
to parse the cert with the real X509 parser. This ensures that
we won't miss a very badly encoded certificate that has been
issued for a monitored domain.
As of the time of commit, the lax parser is able to process every
logged certificate in the known logs.
2016-02-09 10:28:52 -08:00
Andrew Ayer
cfaf126284
To monitor all domains, require "." to be specified
...
Now that we save all certs by default, we want to prevent people
from accidentally monitoring all domains, which could lead to MASSIVE
disk usage.
"." is used because it denotes the root zone in DNS.
2016-02-05 08:13:11 -08:00
Andrew Ayer
3f596730a0
New and simplified multi-log operation
2016-02-04 20:16:25 -08:00
Andrew Ayer
a418a3686d
Initial commit
2016-02-04 18:46:19 -08:00