Commit Graph

10 Commits

Author SHA1 Message Date
Andrew Ayer 3b59332bf1 Rename a function for clarity 2016-03-17 16:34:53 -07:00
Andrew Ayer a071e9490a Replace embedded X509 parser with my own lightweight parser 2016-03-16 16:59:37 -07:00
Andrew Ayer 5ccf9fdcd3 ctwatch: allow state dir to be set by $CTWATCH_STATE_DIR 2016-03-08 07:09:26 -08:00
Andrew Ayer b297ba9967 Use bits in the exit code to convey what happened 2016-02-22 14:45:50 -08:00
Andrew Ayer 40123f9ba8 Allow . to be specified on stdin as well 2016-02-22 14:18:56 -08:00
Andrew Ayer 16bf546258 Embed Google CT library, with my own changes 2016-02-18 10:44:56 -08:00
Andrew Ayer b6dec7822d Overhaul to be more robust and simpler
All certificates are now parsed with a special, extremely
lax parser that extracts only the DNS names.  Only if the
DNS names match the domains we're interested in will we attempt
to parse the cert with the real X509 parser.  This ensures that
we won't miss a very badly encoded certificate that has been
issued for a monitored domain.

As of the time of commit, the lax parser is able to process every
logged certificate in the known logs.
2016-02-09 10:28:52 -08:00
Andrew Ayer cfaf126284 To monitor all domains, require "." to be specified
Now that we save all certs by default, we want to prevent people
from accidentally monitoring all domains, which could lead to MASSIVE
disk usage.

"." is used because it denotes the root zone in DNS.
2016-02-05 08:13:11 -08:00
Andrew Ayer 3f596730a0 New and simplified multi-log operation 2016-02-04 20:16:25 -08:00
Andrew Ayer a418a3686d Initial commit 2016-02-04 18:46:19 -08:00