Tandem/certspotter
2
0
Fork 0
mirror of https://github.com/SSLMate/certspotter.git synced 2025-06-27 10:15:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
312 Commits 1 Branch 23 Tags
Commit Graph

35 Commits

Author SHA1 Message Date
Andrew Ayer
e2b5a8c8ea Fix bug when fetching entries 
This bug caused certspotter to always request 1000 entries even if
went beyond the size of the log.  This would have prevented
certspotter from downloading entries near the end of the log, if the log was
strict with get-entries bounds.

In practice, none of the active CT logs are strict with get-entries bounds,
and even if a log were strict, certspotter would have been able to successfully
download the entries later once the log grew.
 2023-11-13 16:33:17 -05:00
Andrew Ayer
b957791a5f Add a helper function 2023-10-29 08:17:58 -04:00
Andrew Ayer
07bf0cfe2f Include Message-ID and Date in outbound emails 
Closes: #82
 2023-10-29 08:17:58 -04:00
Andrew Ayer
5fae49a971 Simplify some code 2023-10-29 07:45:23 -04:00
chayleaf
74fb03b579 make sendmail path configurable using an env var 
Closes: #80
 2023-10-24 11:32:59 -04:00
Andrew Ayer
e3d8e99143 Add a comment 2023-10-21 14:29:37 -04:00
Andrew Ayer
6ae7ae1f9a Update dependencies 2023-09-01 10:56:05 -04:00
Andrew Ayer
fd0a2a4d44 Execute scripts under $CERTSPOTTER_CONFIG_DIR/hooks.d, if it exists 2023-02-20 10:02:48 -05:00
Andrew Ayer
a242f6be26 Use same code to produce $SUMMARY and email subject 2023-02-19 08:48:30 -05:00
Andrew Ayer
152f4341d6 Save failed healthchecks, and put path in $TEXT_FILENAME 
To allow scripts to access them.
 2023-02-19 08:45:46 -05:00
Andrew Ayer
bd2bab5fcb Save malformed entries, and put paths in environment variables 
To allow scripts to access them.
 2023-02-19 08:45:32 -05:00
Andrew Ayer
ee8ae0c1f3 Add helper functions for writing files 2023-02-18 21:15:40 -05:00
Andrew Ayer
9c61d83ca2 Remove an errant log statement 2023-02-07 10:13:52 -05:00
Andrew Ayer
2dc99f8d23 Fix notification suppression 2023-02-07 09:23:01 -05:00
Andrew Ayer
a8af849c9f Remove fields from JSON file that I am not ready to stabilize 2023-02-06 10:10:58 -05:00
Andrew Ayer
52949d8ea3 Apply gofmt 2023-02-06 09:18:53 -05:00
Andrew Ayer
2a24abaa31 Make health check interval configurable 2023-02-06 09:18:37 -05:00
Andrew Ayer
6c798699f8 Apply gofmt 2023-02-05 21:08:13 -05:00
Andrew Ayer
e27e355b75 Implement monitor health check 2023-02-05 21:08:01 -05:00
Andrew Ayer
9ec3c74400 Rename LeafSHA256 to avoid confusion with Merkle leafs 2023-02-05 08:41:17 -05:00
Andrew Ayer
7a8a770d99 Apply gofmt 2023-02-05 08:30:53 -05:00
Andrew Ayer
c68cf401a3 Add $TBS_SHA256 and tbs_sha256 to script environment and JSON 2023-02-05 08:30:45 -05:00
Andrew Ayer
bc36175a53 Ensure that precertificates match the Merkle leaf input 2023-02-05 08:18:28 -05:00
Andrew Ayer
03c21ed118 Add PubkeySHA256 to discoveredCert 2023-02-05 08:08:07 -05:00
Andrew Ayer
05bf3d0c62 Fix typo in script environment variable 2023-02-05 07:56:42 -05:00
Andrew Ayer
e044aae1df Set proper intervals for monitoring 2023-02-03 17:12:48 -05:00
Andrew Ayer
2366c06ca6 Support ETag/Last-Modified when fetching loglist 2023-02-03 15:21:24 -05:00
Andrew Ayer
6bb03865fb Modernize loglist fetching, add context support 2023-02-03 14:55:09 -05:00
Andrew Ayer
897c861451 Remove redundant information in an error message 2023-02-03 14:38:02 -05:00
Andrew Ayer
35555b769a Remove script directory support (for now) 
The implementation was no good because it broke $PATH lookups.

I still like this feature but will defer it to a future version.
 2023-02-03 14:35:26 -05:00
Andrew Ayer
ef2a7698d7 Update a TODO comment 2023-02-03 14:32:44 -05:00
Andrew Ayer
a5a9008de2 Add .v1 to file suffix of JSON files 
If we add fields in the future this will make it clear that old
files don't have the new fields
 2023-02-03 14:32:35 -05:00
Andrew Ayer
6848316a5b Make the .notified file a hidden file 
Since it's an implementation detail that users shouldn't need
to know about.
 2023-02-03 14:29:58 -05:00
Andrew Ayer
5e7fa8c079 Remove some TODOs that I'v decided not to do 2023-02-03 14:29:24 -05:00
Andrew Ayer
209cdb181b Convert to a daemon and make many other improvements 
Specifically, certspotter no longer terminates unless it receives SIGTERM
or SIGINT or there is a serious error.

Although using cron made sense in the early days of Certificate
Transparency, certspotter now needs to run continuously to reliably keep
up with the high growth rate of contemporary CT logs, and to gracefully
handle the many transient errors that can arise when monitoring CT.

Closes: #63
Closes: #37
Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES)
Closes: #21 (with $WATCH_ITEM)
Closes: #25
 2023-02-03 14:12:03 -05:00