Commit Graph

44 Commits

Author SHA1 Message Date
Dirk Stöcker c298970b68
Merge branch 'SSLMate:master' into master 2024-07-01 18:13:31 +02:00
Andrew Ayer 06ce937097 Improve some comments 2024-05-24 09:08:17 -04:00
Dirk Stöcker 6f019acd7b support filtering 2024-05-23 15:44:12 +02:00
Andrew Ayer cd4d796a7c Respect $EMAIL when sending emails
Envelope sender and RFC5322.From address are set to $EMAIL if it's non-empty.

Requested in #87
2024-05-21 15:11:22 -04:00
Andrew Ayer 93ca622a37 Add NotifyError to StateProvider 2024-04-04 08:09:00 -04:00
Andrew Ayer 7bb5602d09 Refine interface for malformed log entries 2024-04-04 07:55:44 -04:00
Andrew Ayer 73327f0c2c Refine interface for healthcheck failures 2024-04-04 07:53:35 -04:00
Andrew Ayer 5e0737353c Abstract state storage and notification logic behind an interface 2024-04-04 07:47:25 -04:00
Andrew Ayer 740bf5ac55 Apply gofmt 2024-04-03 16:51:02 -04:00
Andrew Ayer e2b5a8c8ea Fix bug when fetching entries
This bug caused certspotter to always request 1000 entries even if
went beyond the size of the log.  This would have prevented
certspotter from downloading entries near the end of the log, if the log was
strict with get-entries bounds.

In practice, none of the active CT logs are strict with get-entries bounds,
and even if a log were strict, certspotter would have been able to successfully
download the entries later once the log grew.
2023-11-13 16:33:17 -05:00
Andrew Ayer b957791a5f Add a helper function 2023-10-29 08:17:58 -04:00
Andrew Ayer 07bf0cfe2f Include `Message-ID` and `Date` in outbound emails
Closes: #82
2023-10-29 08:17:58 -04:00
Andrew Ayer 5fae49a971 Simplify some code 2023-10-29 07:45:23 -04:00
chayleaf 74fb03b579 make sendmail path configurable using an env var
Closes: #80
2023-10-24 11:32:59 -04:00
Andrew Ayer e3d8e99143 Add a comment 2023-10-21 14:29:37 -04:00
Andrew Ayer 6ae7ae1f9a Update dependencies 2023-09-01 10:56:05 -04:00
Andrew Ayer fd0a2a4d44 Execute scripts under $CERTSPOTTER_CONFIG_DIR/hooks.d, if it exists 2023-02-20 10:02:48 -05:00
Andrew Ayer a242f6be26 Use same code to produce $SUMMARY and email subject 2023-02-19 08:48:30 -05:00
Andrew Ayer 152f4341d6 Save failed healthchecks, and put path in $TEXT_FILENAME
To allow scripts to access them.
2023-02-19 08:45:46 -05:00
Andrew Ayer bd2bab5fcb Save malformed entries, and put paths in environment variables
To allow scripts to access them.
2023-02-19 08:45:32 -05:00
Andrew Ayer ee8ae0c1f3 Add helper functions for writing files 2023-02-18 21:15:40 -05:00
Andrew Ayer 9c61d83ca2 Remove an errant log statement 2023-02-07 10:13:52 -05:00
Andrew Ayer 2dc99f8d23 Fix notification suppression 2023-02-07 09:23:01 -05:00
Andrew Ayer a8af849c9f Remove fields from JSON file that I am not ready to stabilize 2023-02-06 10:10:58 -05:00
Andrew Ayer 52949d8ea3 Apply gofmt 2023-02-06 09:18:53 -05:00
Andrew Ayer 2a24abaa31 Make health check interval configurable 2023-02-06 09:18:37 -05:00
Andrew Ayer 6c798699f8 Apply gofmt 2023-02-05 21:08:13 -05:00
Andrew Ayer e27e355b75 Implement monitor health check 2023-02-05 21:08:01 -05:00
Andrew Ayer 9ec3c74400 Rename LeafSHA256 to avoid confusion with Merkle leafs 2023-02-05 08:41:17 -05:00
Andrew Ayer 7a8a770d99 Apply gofmt 2023-02-05 08:30:53 -05:00
Andrew Ayer c68cf401a3 Add $TBS_SHA256 and tbs_sha256 to script environment and JSON 2023-02-05 08:30:45 -05:00
Andrew Ayer bc36175a53 Ensure that precertificates match the Merkle leaf input 2023-02-05 08:18:28 -05:00
Andrew Ayer 03c21ed118 Add PubkeySHA256 to discoveredCert 2023-02-05 08:08:07 -05:00
Andrew Ayer 05bf3d0c62 Fix typo in script environment variable 2023-02-05 07:56:42 -05:00
Andrew Ayer e044aae1df Set proper intervals for monitoring 2023-02-03 17:12:48 -05:00
Andrew Ayer 2366c06ca6 Support ETag/Last-Modified when fetching loglist 2023-02-03 15:21:24 -05:00
Andrew Ayer 6bb03865fb Modernize loglist fetching, add context support 2023-02-03 14:55:09 -05:00
Andrew Ayer 897c861451 Remove redundant information in an error message 2023-02-03 14:38:02 -05:00
Andrew Ayer 35555b769a Remove script directory support (for now)
The implementation was no good because it broke $PATH lookups.

I still like this feature but will defer it to a future version.
2023-02-03 14:35:26 -05:00
Andrew Ayer ef2a7698d7 Update a TODO comment 2023-02-03 14:32:44 -05:00
Andrew Ayer a5a9008de2 Add .v1 to file suffix of JSON files
If we add fields in the future this will make it clear that old
files don't have the new fields
2023-02-03 14:32:35 -05:00
Andrew Ayer 6848316a5b Make the .notified file a hidden file
Since it's an implementation detail that users shouldn't need
to know about.
2023-02-03 14:29:58 -05:00
Andrew Ayer 5e7fa8c079 Remove some TODOs that I'v decided not to do 2023-02-03 14:29:24 -05:00
Andrew Ayer 209cdb181b Convert to a daemon and make many other improvements
Specifically, certspotter no longer terminates unless it receives SIGTERM
or SIGINT or there is a serious error.

Although using cron made sense in the early days of Certificate
Transparency, certspotter now needs to run continuously to reliably keep
up with the high growth rate of contemporary CT logs, and to gracefully
handle the many transient errors that can arise when monitoring CT.

Closes: #63
Closes: #37
Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES)
Closes: #21 (with $WATCH_ITEM)
Closes: #25
2023-02-03 14:12:03 -05:00