Commit Graph

317 Commits

Author SHA1 Message Date
Andrew Ayer 83e17e608d Fix syntax bugs in man page 2023-02-06 11:22:48 -05:00
Andrew Ayer 3257b29036 Document health check in man page 2023-02-06 11:22:13 -05:00
Andrew Ayer a8af849c9f Remove fields from JSON file that I am not ready to stabilize 2023-02-06 10:10:58 -05:00
Andrew Ayer fc7cc17f45 Document that text file format may change 2023-02-06 10:07:56 -05:00
Andrew Ayer 76911c788f Tidy module files 2023-02-06 09:44:46 -05:00
Andrew Ayer 52949d8ea3 Apply gofmt 2023-02-06 09:18:53 -05:00
Andrew Ayer 2a24abaa31 Make health check interval configurable 2023-02-06 09:18:37 -05:00
Andrew Ayer 6c798699f8 Apply gofmt 2023-02-05 21:08:13 -05:00
Andrew Ayer e27e355b75 Implement monitor health check 2023-02-05 21:08:01 -05:00
Andrew Ayer fe4ef6b05d Add TimestampTime() to ct.SignedTreeHead 2023-02-05 21:07:30 -05:00
Andrew Ayer 9b29ca93b8 Prepare CHANGELOG for v0.15.0 2023-02-05 13:04:17 -05:00
Andrew Ayer d4cf32f9b3 Update README, and reformat as Markdown 2023-02-05 13:04:17 -05:00
Andrew Ayer 61e3d80f57 Rename COPYING to LICENSE
As suggested by the MPL and in line with modern conventions.
2023-02-05 13:04:17 -05:00
Andrew Ayer 04ea5c949f Update man pages 2023-02-05 13:04:17 -05:00
Faidon Liambotis 3c23ab4e34 Add man pages
Closes: #11
2023-02-05 13:04:13 -05:00
Andrew Ayer 9ec3c74400 Rename LeafSHA256 to avoid confusion with Merkle leafs 2023-02-05 08:41:17 -05:00
Andrew Ayer 7a8a770d99 Apply gofmt 2023-02-05 08:30:53 -05:00
Andrew Ayer c68cf401a3 Add $TBS_SHA256 and tbs_sha256 to script environment and JSON 2023-02-05 08:30:45 -05:00
Andrew Ayer bc36175a53 Ensure that precertificates match the Merkle leaf input 2023-02-05 08:18:28 -05:00
Andrew Ayer 03c21ed118 Add PubkeySHA256 to discoveredCert 2023-02-05 08:08:07 -05:00
Andrew Ayer 05bf3d0c62 Fix typo in script environment variable 2023-02-05 07:56:42 -05:00
Andrew Ayer 3ccc8d67f4 Improve handling of contexts when retrying requests
Previously, if the context was canceled while sleeping, we'd return the
last HTTP error.  Now, we return the context error instead.
2023-02-03 17:25:12 -05:00
Andrew Ayer e044aae1df Set proper intervals for monitoring 2023-02-03 17:12:48 -05:00
Andrew Ayer 1b4eb20c8b Upgrade dependencies 2023-02-03 15:49:16 -05:00
Andrew Ayer 2f2ad094db Set User-Agent header when fetching log list 2023-02-03 15:24:55 -05:00
Andrew Ayer 2366c06ca6 Support ETag/Last-Modified when fetching loglist 2023-02-03 15:21:24 -05:00
Andrew Ayer 6bb03865fb Modernize loglist fetching, add context support 2023-02-03 14:55:09 -05:00
Andrew Ayer 29ed939006 Remove old code 2023-02-03 14:47:47 -05:00
Andrew Ayer 897c861451 Remove redundant information in an error message 2023-02-03 14:38:02 -05:00
Andrew Ayer 35555b769a Remove script directory support (for now)
The implementation was no good because it broke $PATH lookups.

I still like this feature but will defer it to a future version.
2023-02-03 14:35:26 -05:00
Andrew Ayer ef2a7698d7 Update a TODO comment 2023-02-03 14:32:44 -05:00
Andrew Ayer a5a9008de2 Add .v1 to file suffix of JSON files
If we add fields in the future this will make it clear that old
files don't have the new fields
2023-02-03 14:32:35 -05:00
Andrew Ayer 6848316a5b Make the .notified file a hidden file
Since it's an implementation detail that users shouldn't need
to know about.
2023-02-03 14:29:58 -05:00
Andrew Ayer 5e7fa8c079 Remove some TODOs that I'v decided not to do 2023-02-03 14:29:24 -05:00
Andrew Ayer 209cdb181b Convert to a daemon and make many other improvements
Specifically, certspotter no longer terminates unless it receives SIGTERM
or SIGINT or there is a serious error.

Although using cron made sense in the early days of Certificate
Transparency, certspotter now needs to run continuously to reliably keep
up with the high growth rate of contemporary CT logs, and to gracefully
handle the many transient errors that can arise when monitoring CT.

Closes: #63
Closes: #37
Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES)
Closes: #21 (with $WATCH_ITEM)
Closes: #25
2023-02-03 14:12:03 -05:00
Andrew Ayer e3835dea53 Add some comments about the nature of various errors 2023-02-03 13:59:40 -05:00
Andrew Ayer a2a2e40e15 Add merkletree package 2023-02-03 13:58:22 -05:00
Andrew Ayer 5236ac5ae8 Add Base64URLString to SHA256Hash 2023-02-03 13:58:01 -05:00
Andrew Ayer 57e9458ce5 Replace plain text NEWS file with Markdown-formatted CHANGELOG.md 2023-02-03 13:09:46 -05:00
Andrew Ayer 656fb065be logclient: improve some error messages 2023-01-29 13:22:17 -05:00
Andrew Ayer 5365450965 logclient: don't send User-Agent 2023-01-29 13:22:17 -05:00
Andrew Ayer 936a1ca8ed Remove ctparsewatch 2023-01-22 13:54:43 -05:00
Andrew Ayer b3d1b793c1 Remove unused helper functions 2023-01-21 17:20:39 -05:00
Andrew Ayer 95c823e86a logclient: optionally verify STH signatures 2023-01-21 16:53:43 -05:00
Andrew Ayer 654f8d4670 logclient: add GetEntriesRaw 2023-01-21 16:50:50 -05:00
Andrew Ayer 1cabee55e4 Remove an unused function 2023-01-20 16:50:49 -05:00
Andrew Ayer e682e1e9f8 Add some comments about script variables 2023-01-20 16:14:49 -05:00
Andrew Ayer 76d30c2033 Remove BygoneSSL documentation from the README
This feature will likely be removed in the future.

This feature can help you identify certificates that are
issued before you take ownership of a domain, helping you identify
certificates that are definitely not yours.

However, in practice this doesn't have very much utility:

1. Such certificates are probably already in CT when you start monitoring,
requiring you to download ALL certificates (by omitting -start_at_end)
to find them, which is not very practical.

2. It doesn't detect certificates that are issued based on reused domain
validations that were completed before you took ownership of the domain.
2023-01-16 18:07:28 -05:00
Andrew Ayer 34f5c857b6 Deprecate $FINGERPRINT and $PUBKEY_HASH -script variables
Replaced by $CERT_SHA256 and $PUBKEY_SHA256
2023-01-16 18:07:28 -05:00
Andrew Ayer fff3b01b26 Remove an obsolete TODO 2023-01-16 18:07:28 -05:00