647b036ed1
Remove unreachable return statements
2025-05-07 09:55:45 -04:00
61508d8bf1
Fix printf mistake
2025-05-07 09:49:18 -04:00
560ab984e3
Update README
2025-05-07 09:32:55 -04:00
300adf6608
Update copyright year in man pages
2025-05-07 09:27:27 -04:00
344df03c6c
Avoid generating download batches with an invalid range
...
Previously, if we rounded down the tree size to avoid downloading a
partial tile, but the log position was already within the partial tile
(which can happen with a brand new log and -start_at_end), we'd generate
a download batch where end < begin, which caused all sorts of problems.
2025-05-06 15:13:31 -04:00
5769c83cf3
Revert "Avoid calling get-entries when range is invalid (end < begin)"
...
This reverts commit 71b296141e
2025-05-06 15:10:58 -04:00
71b296141e
Avoid calling get-entries when range is invalid (end < begin)
...
end < begin can arise if we've rounded down end to avoid downloading a
partial tile, but the log position is already within the partial tile
(which can happen with a brand new log and -start_at_end).
2025-05-06 14:58:23 -04:00
a6af6c54ba
Avoid inclusive end bound until last possible moment
...
Inclusive end bounds are the devil.
2025-05-06 14:52:36 -04:00
8119925c16
Store issuers cache under os.UserCacheDir
2025-05-06 14:25:41 -04:00
6151cb26da
Cache issuer certificates retrieved from static-ct-api logs
2025-05-06 14:19:25 -04:00
958e7a9efb
Avoid relying on STH timestamp during monitoring
...
Instead use the time at which the STH was observed (which for
FilesystemState is assumed to be the mtime of the STH file). This is
easier to reason about: we don't have to worry about logs lying about
the time; we don't have to take into account the delay between STH fetch
and healthcheck; we won't raise spurious health checks about logs with
MMDs longer than the healthcheck interval.
2025-05-06 10:41:33 -04:00
00fd77f6ed
Rename certspotter-specific loglist fields, again
2025-05-05 10:29:20 -04:00
56b190f7c0
Rename DownloadWorkers, revert to old defaults
2025-05-05 10:15:09 -04:00
bc199bca4b
Rename DownloadJobSize to GetEntriesSize
2025-05-05 10:04:50 -04:00
c967253f80
monitor: fsync state files before renaming them
...
Without fsync, there's a risk of zero-length files being persisted if
there's a power failure.
Don't bother fsyncing the parent directory because it's OK if the data rolls
back to the previous version; we only need to avoid data corruption.
Closes : #101
2025-05-04 20:44:36 -04:00
b856d7f163
static-ct-api support, parallel downloading
2025-05-04 20:41:33 -04:00
84bd080553
Add a TODO
2025-05-04 20:32:38 -04:00
97a0e7b2a2
Add LogID.Base64URLString
2025-05-02 08:15:00 -04:00
8c26a075c0
Remove unused SCT verification code
2025-05-01 19:48:11 -04:00
196b3e3bef
Remove submitct
...
It may return in the future
2025-05-01 19:46:42 -04:00
0dbe647121
use a more specific type
2025-05-01 19:23:33 -04:00
0cd0c7d602
Remove unused MaxGetEntriesSize from RFC6962Log
2025-05-01 13:13:33 -04:00
e909faaaf8
Add helpful comments
2025-05-01 13:11:35 -04:00
f291855f97
Add sequencer package
2025-05-01 12:23:39 -04:00
3765b4240b
Add a useful comment
2025-05-01 11:21:13 -04:00
13837fde04
Add ctclient, ctcrypto, cttypes, tlstypes packages
2025-05-01 10:37:42 -04:00
3a609ea037
Remove unnecessary Printf
2025-01-11 11:35:31 -05:00
8472e14d4c
Add log list support for static-ct-api logs
2024-11-25 08:09:57 -05:00
0ba0a1fef0
merkletree: replace IsComplete with more useful ContainsFirstN
2024-10-16 08:23:22 -04:00
ed9ee59e8e
Emphasize that start_at_end applies to new logs
2024-06-14 15:16:26 -04:00
1b9a21baa8
Remove unnecessary pointer receivers from FragmentedCollapsedTree
2024-06-13 14:37:02 -04:00
e570923ef2
Add merkletree.FragmentedCollapsedTree
2024-06-13 09:24:17 -04:00
fca2b8f8f1
Add offset to merkletree.CollapsedTree so that it can represent arbitrary subtrees
2024-06-13 09:23:12 -04:00
b711c8762e
Refine the CollapsedTree API
2024-06-12 11:21:58 -04:00
759631f7e6
merkletree.Append: fix appending to empty trees
2024-06-09 11:13:16 -04:00
cc98a06bcb
merkletree: add method for getting collapsed tree nodes
2024-05-25 11:19:55 -04:00
7f17992c9c
merkletree: factor out common initialization code
2024-05-25 10:52:54 -04:00
06ce937097
Improve some comments
2024-05-24 09:08:17 -04:00
cd4d796a7c
Respect $EMAIL when sending emails
...
Envelope sender and RFC5322.From address are set to $EMAIL if it's non-empty.
Requested in #87
2024-05-21 15:11:22 -04:00
b5f9a48dc3
man page: document that -no_save causes duplicate notifications
...
Suggested by @certrik in #26
2024-05-21 15:02:30 -04:00
93ca622a37
Add NotifyError to StateProvider
2024-04-04 08:09:00 -04:00
7bb5602d09
Refine interface for malformed log entries
2024-04-04 07:55:44 -04:00
73327f0c2c
Refine interface for healthcheck failures
2024-04-04 07:53:35 -04:00
5e0737353c
Abstract state storage and notification logic behind an interface
2024-04-04 07:47:25 -04:00
740bf5ac55
Apply gofmt
2024-04-03 16:51:02 -04:00
658e320638
Remove unnecessary seeding of math/rand
...
No longer necessary with Go 1.20.
2023-11-13 16:44:10 -05:00
1da3a9e305
Release v0.18.0
2023-11-13 16:41:30 -05:00
e2b5a8c8ea
Fix bug when fetching entries
...
This bug caused certspotter to always request 1000 entries even if
went beyond the size of the log. This would have prevented
certspotter from downloading entries near the end of the log, if the log was
strict with get-entries bounds.
In practice, none of the active CT logs are strict with get-entries bounds,
and even if a log were strict, certspotter would have been able to successfully
download the entries later once the log grew.
2023-11-13 16:33:17 -05:00
b957791a5f
Add a helper function
2023-10-29 08:17:58 -04:00
07bf0cfe2f
Include `Message-ID` and `Date` in outbound emails
...
Closes : #82
2023-10-29 08:17:58 -04:00
Andrew Ayer