Commit Graph

280 Commits

Author SHA1 Message Date
Andrew Ayer 02b6c5ee51 Add functions for canonicalizing an RDNSequence 2019-09-12 11:36:08 -07:00
Andrew Ayer a6c74b6009 Add MarshalRDNSequence 2019-09-12 11:36:04 -07:00
Andrew Ayer 93fccdab3e decodeASN1String: add support for VisibleString 2019-09-11 21:03:44 -07:00
Andrew Ayer b11fd6bbf8 Add new logs: Yeti 2018-2022, Nimbus 2022-2023 2018-10-15 09:32:42 -07:00
d7415 20b1df83cc
Remove EOL Symantec CT Log Servers
The Symantec CT Log servers were EOLd at the end of September https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/XOUG3HUbPjs
2018-10-13 17:19:16 +01:00
Ian Foster 6991be261c changed bygonessl behavior 2018-07-19 16:12:17 -07:00
Ian Foster 1b4943c198 rename issued_before to valid_at 2018-07-13 11:11:58 -07:00
Ian Foster cfe7adf06c added support for CT over http for testing 2018-07-07 14:11:29 -07:00
Ian Foster e5fd2e9efc Initial BygoneSSL support 2018-07-04 19:03:57 -07:00
Andrew Ayer ca1acc7d77 Release 0.9 2018-04-19 12:07:19 -07:00
Andrew Ayer 0a16866f44 Update README 2018-04-19 11:52:50 -07:00
Andrew Ayer 418ef7fd97 Remove WoSign and StartCom
They were disqualified by Chromium for failure to incorporate SCTs:

	https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/W1Ty2gO0JNA/ZbQxlgRZAQAJ

	https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/UcCqlxuz_1c/Mf_939xYAQAJ

and as of this commit more than 24 hours have passed since the last STH.

Closes: #28
2018-04-19 11:11:31 -07:00
Andrew Ayer 56dec6a1a5 Start monitoring Nimbus logs 2018-03-25 12:30:26 -07:00
Andrew Ayer 7c6da49708 Stop monitoring Argon 2017
It's no longer 2017 and this log was never accepted by Chrome anyways.
2018-03-25 12:28:44 -07:00
Andrew Ayer bc255f43d5 Add functions to verify SCTs 2017-12-17 09:51:46 -08:00
Andrew Ayer bf676f06be Add JSON tags to SignedCertificateTimestamp 2017-12-16 10:13:25 -08:00
Andrew Ayer ab16995f56 Release 0.8 2017-12-08 13:02:59 -08:00
Andrew Ayer dd7e3a126d Add DigiCert 2 log 2017-12-08 13:02:59 -08:00
Andrew Ayer 4268566999 Add Symantec Sirius log 2017-12-08 13:00:24 -08:00
Andrew Ayer e96ccbab62 Release 0.7 2017-11-13 15:10:30 -08:00
Andrew Ayer e546f123f5 Add Google Argon logs 2017-11-11 15:24:03 -08:00
Andrew Ayer 822a03f365 Track log certificate expiry range 2017-11-11 15:23:56 -08:00
Andrew Ayer 41ca1aaab8 Avoid unaligned atomic access on 32 bit platforms
Closes #23
2017-11-06 13:33:02 -08:00
Andrew Ayer a26bf3e300 Release 0.6 2017-10-19 12:51:28 -07:00
Andrew Ayer 7283e51420 Disable TLS certificate validation when communicating with log
See the source code comments for an explanation for why this is both
necessary and not insecure.
2017-10-19 12:51:28 -07:00
Andrew Ayer 1a6ed13fd6 Add Comodo Mammoth and Comodo Sabre
Trusted as of Chrome 60.
2017-10-19 12:51:28 -07:00
Andrew Ayer 709aa01308 Add Comodo Dodo to the openLogs list 2017-10-17 17:24:59 -07:00
Andrew Ayer 8b2664b474 Release 0.5 2017-05-18 10:04:18 -07:00
Andrew Ayer 62cbba12a3 Remove PuChuangSiDa log
They've flown the coop and will likely be removed from Chrome.
2017-05-13 09:52:19 -07:00
Andrew Ayer 3df9fb4e73 Add Venafi Gen2 log
It's not qualified by Chrome yet, but it is accumulating so many entries
already that I think it's good to get a head start on monitoring it.
2017-04-29 13:02:58 -07:00
Andrew Ayer 1814cb87e5 Return additional info about pre-cert from ValidatePrecert 2017-04-27 10:48:48 -07:00
Andrew Ayer 06c253a0ea Continue processing a log even if an STH failed to verify
It may still be possible to audit other STHs, and to scan new entries
up to the latest verified STH.  This allows Cert Spotter to continue
to make forward progress even if a log is persistently skewed (as the
DigiCert has been lately).

Also, rework some code to be simpler and less redundant.
2017-04-27 10:48:48 -07:00
Alex Gaynor 1f8751aba5 Update the date for Chromium mandatory CT 2017-04-23 14:19:09 -04:00
Andrew Ayer 5d9fa9dfd9 Release 0.4 2017-04-03 15:30:53 -07:00
Andrew Ayer e1dd1f25bf Remove Venafi log, which forked and will be removed from Chrome
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/KMAcNT3asTQ
2017-03-20 11:36:57 -07:00
Andrew Ayer 583aebe9ab Add PuChuangSiDa 1 log
It is scheduled for inclusion in Chrome:

https://bugs.chromium.org/p/chromium/issues/detail?id=667663
2017-03-20 11:35:12 -07:00
Andrew Ayer fa81965dee Remove log ID comments from logs.go 2017-03-20 11:33:11 -07:00
Andrew Ayer b051332b1d Release 0.3 2017-02-20 13:13:09 -08:00
Andrew Ayer 8b9c08b984 submitct: apply gofmt 2017-02-05 10:09:42 -08:00
Andrew Ayer 732a660767 submitct: reorganize code 2017-02-05 10:09:19 -08:00
Andrew Ayer b94d850dbe submitct: use maps for efficiency
This will make submitct work better with lots of certificates as input.
2017-02-05 10:07:30 -08:00
Andrew Ayer 74ffda2dc6 x509: factor out ParseRDNSequence 2017-02-05 10:04:43 -08:00
Andrew Ayer 779230cbc8 submitct: include cert index in log entries 2017-02-04 16:09:56 -08:00
Andrew Ayer e7a9ba6e7d Add submitct program for submitting certs 2017-02-04 16:05:51 -08:00
Andrew Ayer 8846cbcbd9 Add OpenLogs array, for logs with open submission policies 2017-02-04 16:04:00 -08:00
Andrew Ayer b6f99bad2c logclient: add support for add-chain request 2017-02-04 16:03:48 -08:00
Andrew Ayer fecfeb033d logclient: add support for POST requests 2017-02-04 16:03:35 -08:00
Andrew Ayer 13b064878b Update NEWS file 2017-01-10 11:25:02 -08:00
Andrew Ayer e8c4f10e97 Use a lock file to prevent certspotter from running concurrently 2017-01-10 10:50:41 -08:00
Andrew Ayer 2f0833ac9c Apply gofmt 2017-01-08 10:17:00 -08:00