Jonathan Rudenberg
a67b9683cd
Return errors from InvokeHookScript instead of failing silently
...
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
2016-07-28 15:11:32 -04:00
Andrew Ayer
724517e4c4
Update crt.sh link to use sha256= instead of q=
2016-06-20 15:23:15 -07:00
Andrew Ayer
f9432ae4b9
Reverse order of certspotter.MatchesWildcard arguments
2016-05-10 14:29:04 -07:00
Andrew Ayer
92fbdcb947
Support crazy wildcards (not just in the left-most label)
2016-05-10 10:37:10 -07:00
Andrew Ayer
9342adcd93
Tighten up the cert information output
...
Remove subject and SANs since they are redundant with earlier identifier
listing. Remove serial number because who cares? Put type of entry
on same line as log entry info.
If people want this info they can always examine the saved file or the
crt.sh page.
2016-05-09 15:43:19 -07:00
Andrew Ayer
b79cb31413
Move package to software.sslmate.com/src/certspotter
2016-05-04 12:19:59 -07:00
Andrew Ayer
1e582e2e0c
License under the MPL 2.0
2016-05-04 11:56:13 -07:00
Andrew Ayer
670cddafbc
Rename project to certspotter
2016-05-04 11:49:07 -07:00
Andrew Ayer
60636ba2d7
Move Identifiers from CertInfo to EntryInfo
...
It's more logical, and it avoids some redundant parsing.
2016-05-03 11:58:59 -07:00
Andrew Ayer
5f4e35843a
Display SANs in output
2016-05-02 11:59:55 -07:00
Andrew Ayer
2c9df274e9
Gracefully handle all manner of poorly encoded identifiers
...
Also add preliminary support for IP address identifiers.
2016-04-28 22:00:32 -07:00
Andrew Ayer
a072440db8
Handle certificates with multiple Basic Constraints extensions
2016-04-26 18:06:59 -07:00
Andrew Ayer
2d2aa37202
Parse common names separately from DNS names
2016-04-22 20:58:33 -07:00
Andrew Ayer
e091186d83
Save consistency proof along with evidence of misbehavior
...
Although the consistency proof is neither necessary nor sufficient
to prove misbehavior by a log, this will help with debugging if a
log returns a bogus consistency proof erroneously (which seems to
be happening with the Rocketeer log lately...).
2016-04-06 08:10:06 -07:00
Andrew Ayer
80bfe1321c
Add helpers to get fingerprint/hashes in byte form
2016-03-26 18:04:22 -07:00
Andrew Ayer
af14fca70f
Add HasParseErrors method to EntryInfo
2016-03-23 20:18:12 -07:00
Andrew Ayer
3b59332bf1
Rename a function for clarity
2016-03-17 16:34:53 -07:00
Andrew Ayer
a071e9490a
Replace embedded X509 parser with my own lightweight parser
2016-03-16 16:59:37 -07:00
Andrew Ayer
16bf546258
Embed Google CT library, with my own changes
2016-02-18 10:44:56 -08:00
Andrew Ayer
35eef25f4a
Rename function for clarity
2016-02-18 10:09:33 -08:00
Andrew Ayer
4b304fd192
Audit Merkle tree when retrieving entries
...
Also add an -all_time command line option to retrieve all certificates,
not just the ones since the last scan.
2016-02-17 14:54:40 -08:00
Andrew Ayer
b6dec7822d
Overhaul to be more robust and simpler
...
All certificates are now parsed with a special, extremely
lax parser that extracts only the DNS names. Only if the
DNS names match the domains we're interested in will we attempt
to parse the cert with the real X509 parser. This ensures that
we won't miss a very badly encoded certificate that has been
issued for a monitored domain.
As of the time of commit, the lax parser is able to process every
logged certificate in the known logs.
2016-02-09 10:28:52 -08:00
Andrew Ayer
1dcbe91877
WriteCertRepository: avoid serializing precerts twice
...
With pre-certs, Chain[0] is the pre-cert itself.
2016-02-07 14:47:05 -08:00
Andrew Ayer
a79cc26570
Include filename of saved cert in output/script invocation
2016-02-05 08:20:12 -08:00
Andrew Ayer
e73a5a89a7
Ignore non-fatal errors when parsing root certificates
2016-02-05 07:57:15 -08:00
Andrew Ayer
3f596730a0
New and simplified multi-log operation
2016-02-04 20:16:25 -08:00
Andrew Ayer
a418a3686d
Initial commit
2016-02-04 18:46:19 -08:00