Andrew Ayer
b297ba9967
Use bits in the exit code to convey what happened
2016-02-22 14:45:50 -08:00
Andrew Ayer
df6527b165
Change -all_time to only affect logs we haven't seen before
...
It's more useful this way - there's no sense in scanning logs we've
already scanned.
I need a better name for this switch, though.
2016-02-20 12:04:07 -08:00
Andrew Ayer
ff44576c87
Save old and new STHs if consistency proof fails
2016-02-18 12:40:21 -08:00
Andrew Ayer
e91d7bacbd
Minor cleanup to improve encapsulation
2016-02-18 10:23:07 -08:00
Andrew Ayer
b47d35a005
Rename some types/functions for clarity
2016-02-18 10:15:56 -08:00
Andrew Ayer
35eef25f4a
Rename function for clarity
2016-02-18 10:09:33 -08:00
Andrew Ayer
9558efc955
Verify STH signatures
2016-02-17 16:03:49 -08:00
Andrew Ayer
4b304fd192
Audit Merkle tree when retrieving entries
...
Also add an -all_time command line option to retrieve all certificates,
not just the ones since the last scan.
2016-02-17 14:54:40 -08:00
Andrew Ayer
b6dec7822d
Overhaul to be more robust and simpler
...
All certificates are now parsed with a special, extremely
lax parser that extracts only the DNS names. Only if the
DNS names match the domains we're interested in will we attempt
to parse the cert with the real X509 parser. This ensures that
we won't miss a very badly encoded certificate that has been
issued for a monitored domain.
As of the time of commit, the lax parser is able to process every
logged certificate in the known logs.
2016-02-09 10:28:52 -08:00
Andrew Ayer
a79cc26570
Include filename of saved cert in output/script invocation
2016-02-05 08:20:12 -08:00
Andrew Ayer
3f596730a0
New and simplified multi-log operation
2016-02-04 20:16:25 -08:00
Andrew Ayer
a418a3686d
Initial commit
2016-02-04 18:46:19 -08:00