Tandem/certspotter
2
0
Fork 0
mirror of https://github.com/SSLMate/certspotter.git synced 2025-06-27 10:15:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
392 Commits 1 Branch 23 Tags
Commit Graph

16 Commits

Author SHA1 Message Date
Andrew Ayer
26439b4deb Remove unused code 2025-05-30 17:09:02 -04:00
Andrew Ayer
1f97fb3a13 Suppress duplicate identifiers 2016-07-28 14:00:15 -07:00
Andrew Ayer
6cae4942e4 Identifiers: abstract out appendIPAddress 2016-07-28 13:53:24 -07:00
Jonathan Rudenberg
acc6781f29 Run gofmt 
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
 2016-07-28 14:55:46 -04:00
Andrew Ayer
ae59c317dc Ignore empty DNS names 2016-05-13 10:31:13 -07:00
Andrew Ayer
1e582e2e0c License under the MPL 2.0 2016-05-04 11:56:13 -07:00
Andrew Ayer
670cddafbc Rename project to certspotter 2016-05-04 11:49:07 -07:00
Andrew Ayer
ea3db97486 Only replace DNS label with placeholder if it's utterly unparsable 
e.g. contains control characters, Punycode conversion fails

There are quite simply too many certs with bogus DNS labels out in the wild,
and it just doesn't make sense to bother every .com domain holder because
GoDaddy signed a cert with a DNS name like "www.        just4funpartyrentals.com"
It is highly unlikely any validator will ever match that DNS name.
 2016-05-04 11:43:02 -07:00
Andrew Ayer
60636ba2d7 Move Identifiers from CertInfo to EntryInfo 
It's more logical, and it avoids some redundant parsing.
 2016-05-03 11:58:59 -07:00
Andrew Ayer
df5ad71a40 Support for IP addresses encoded as strings in CNs/DNS SANs 2016-05-02 11:38:08 -07:00
Andrew Ayer
82167b8151 Additional handling of pathological DNS names 
1. Trim leading and trailing whitespace of DNS names.

2. Trim http:// and https:// prefixes.

3. If DNS name contains a slash, ALSO process the DNS name up to
   the first slash, since it's probably a URL.
 2016-05-01 17:02:52 -07:00
Andrew Ayer
3ec8a0a3db Ignore IP address SANs with an invalid length 2016-05-01 14:52:19 -07:00
Andrew Ayer
ca8f60740a Trim trailing dots from DNS names 2016-05-01 12:49:26 -07:00
Andrew Ayer
847b7129e8 Monitor for all DNS names that _might_ match a monitored domain 
Wildcards, redacted labels, and unparseable labels.
 2016-04-29 09:02:03 -07:00
Andrew Ayer
ec68dde647 Only allow * and ? as entire DNS name labels 2016-04-29 08:45:54 -07:00
Andrew Ayer
2c9df274e9 Gracefully handle all manner of poorly encoded identifiers 
Also add preliminary support for IP address identifiers.
 2016-04-28 22:00:32 -07:00