Commit Graph

12 Commits

Author SHA1 Message Date
Andrew Ayer 64e6a74a5e Fix typo in README 2020-04-29 11:51:54 -04:00
Andrew Ayer 185445e158 Retrieve log list from certspotter.org at startup instead of embedding in source
The list of logs changes far too frequently (with annual shards and operators
dropping out of the ecosystem) to continue embedding in the source code.

Breaking change: the -logs option now expects a
JSON file in the v2 log list format, as documented at
<https://www.certificate-transparency.org/known-logs> and
<https://www.gstatic.com/ct/log_list/v2/log_list_schema.json>.

You can now specify an HTTPS URL to -logs in addition to a file path.

Breaking change: the -underwater option has been removed; if you want
this behavior then specify https://loglist.certspotter.org/underwater.json
as your log list.
2020-04-29 11:51:50 -04:00
Andrew Ayer 764f3285cd Update README 2019-12-03 11:12:53 -05:00
Ian Foster 6991be261c changed bygonessl behavior 2018-07-19 16:12:17 -07:00
Ian Foster 1b4943c198 rename issued_before to valid_at 2018-07-13 11:11:58 -07:00
Ian Foster e5fd2e9efc Initial BygoneSSL support 2018-07-04 19:03:57 -07:00
Andrew Ayer 0a16866f44 Update README 2018-04-19 11:52:50 -07:00
Alex Gaynor 1f8751aba5 Update the date for Chromium mandatory CT 2017-04-23 14:19:09 -04:00
Andrew Ayer 31f2316aa2 Rework -all_time logic
If -all_time is specified, scan the entirety of all logs, even
existing logs.  This matches user expectation better.  Previously,
-all_time had no impact on existing logs.

The first time Cert Spotter is run, do not scan any logs, unless
-all_time is specified.  This avoids a several hour wait the first
time Cert Spotter is run.  If the user is interested in knowing
about existing certificates, they can use the certspotter.com API
or crt.sh.  This is the same as existing behavior.

When a new log is added, scan it in its entirety even if -all_time is
not specified, so users are alerted to interesting certificates in the
new log.  Hopefully new logs will be small and this won't take too long!
Previously, new logs were not scanned in their entirety unless -all_time
was specified.

Closes: #5
2016-11-15 15:59:38 -08:00
Andrew Ayer 7d2936eada README: document upcoming mandatory CT 2016-11-12 08:09:42 -08:00
Andrew Ayer f706b09bc8 README: document GlobalSign DV logging 2016-11-12 08:09:27 -08:00
Andrew Ayer 38b9c920eb Add README 2016-07-27 14:17:53 -07:00