certspotter

mirror of https://github.com/SSLMate/certspotter.git synced 2025-06-27 10:15:33 +02:00

Author	SHA1	Message	Date
Andrew Ayer	e9c9ef8b43	Avoid integer overflow leading to panic in rand.N	2025-05-07 17:54:36 -04:00
Andrew Ayer	9ba1d4d915	Release v0.19.0 v0.19.0	2025-05-07 16:47:31 -04:00
Andrew Ayer	403d5e2f58	Apply gofmt	2025-05-07 09:58:22 -04:00
Andrew Ayer	8a655b8566	Avoid calling t.Fatalf from goroutine	2025-05-07 09:56:14 -04:00
Andrew Ayer	647b036ed1	Remove unreachable return statements	2025-05-07 09:55:45 -04:00
Andrew Ayer	61508d8bf1	Fix printf mistake	2025-05-07 09:49:18 -04:00
Andrew Ayer	560ab984e3	Update README	2025-05-07 09:32:55 -04:00
Andrew Ayer	300adf6608	Update copyright year in man pages	2025-05-07 09:27:27 -04:00
Andrew Ayer	344df03c6c	Avoid generating download batches with an invalid range Previously, if we rounded down the tree size to avoid downloading a partial tile, but the log position was already within the partial tile (which can happen with a brand new log and -start_at_end), we'd generate a download batch where end < begin, which caused all sorts of problems.	2025-05-06 15:13:31 -04:00
Andrew Ayer	5769c83cf3	Revert "Avoid calling get-entries when range is invalid (end < begin)" This reverts commit 71b296141ed278d9a808689aad0444324fe37cb6.	2025-05-06 15:10:58 -04:00
Andrew Ayer	71b296141e	Avoid calling get-entries when range is invalid (end < begin) end < begin can arise if we've rounded down end to avoid downloading a partial tile, but the log position is already within the partial tile (which can happen with a brand new log and -start_at_end).	2025-05-06 14:58:23 -04:00
Andrew Ayer	a6af6c54ba	Avoid inclusive end bound until last possible moment Inclusive end bounds are the devil.	2025-05-06 14:52:36 -04:00
Andrew Ayer	8119925c16	Store issuers cache under os.UserCacheDir	2025-05-06 14:25:41 -04:00
Andrew Ayer	6151cb26da	Cache issuer certificates retrieved from static-ct-api logs	2025-05-06 14:19:25 -04:00
Andrew Ayer	958e7a9efb	Avoid relying on STH timestamp during monitoring Instead use the time at which the STH was observed (which for FilesystemState is assumed to be the mtime of the STH file). This is easier to reason about: we don't have to worry about logs lying about the time; we don't have to take into account the delay between STH fetch and healthcheck; we won't raise spurious health checks about logs with MMDs longer than the healthcheck interval.	2025-05-06 10:41:33 -04:00
Andrew Ayer	00fd77f6ed	Rename certspotter-specific loglist fields, again	2025-05-05 10:29:20 -04:00
Andrew Ayer	56b190f7c0	Rename DownloadWorkers, revert to old defaults	2025-05-05 10:15:09 -04:00
Andrew Ayer	bc199bca4b	Rename DownloadJobSize to GetEntriesSize	2025-05-05 10:04:50 -04:00
Andrew Ayer	c967253f80	monitor: fsync state files before renaming them Without fsync, there's a risk of zero-length files being persisted if there's a power failure. Don't bother fsyncing the parent directory because it's OK if the data rolls back to the previous version; we only need to avoid data corruption. Closes: #101	2025-05-04 20:44:36 -04:00
Andrew Ayer	b856d7f163	static-ct-api support, parallel downloading	2025-05-04 20:41:33 -04:00
Andrew Ayer	84bd080553	Add a TODO	2025-05-04 20:32:38 -04:00
Andrew Ayer	97a0e7b2a2	Add LogID.Base64URLString	2025-05-02 08:15:00 -04:00
Andrew Ayer	8c26a075c0	Remove unused SCT verification code	2025-05-01 19:48:11 -04:00
Andrew Ayer	196b3e3bef	Remove submitct It may return in the future	2025-05-01 19:46:42 -04:00
Andrew Ayer	0dbe647121	use a more specific type	2025-05-01 19:23:33 -04:00
Andrew Ayer	0cd0c7d602	Remove unused MaxGetEntriesSize from RFC6962Log	2025-05-01 13:13:33 -04:00
Andrew Ayer	e909faaaf8	Add helpful comments	2025-05-01 13:11:35 -04:00
Andrew Ayer	f291855f97	Add sequencer package	2025-05-01 12:23:39 -04:00
Andrew Ayer	3765b4240b	Add a useful comment	2025-05-01 11:21:13 -04:00
Andrew Ayer	13837fde04	Add ctclient, ctcrypto, cttypes, tlstypes packages	2025-05-01 10:37:42 -04:00
Andrew Ayer	3a609ea037	Remove unnecessary Printf	2025-01-11 11:35:31 -05:00
Andrew Ayer	8472e14d4c	Add log list support for static-ct-api logs	2024-11-25 08:09:57 -05:00
Andrew Ayer	0ba0a1fef0	merkletree: replace IsComplete with more useful ContainsFirstN	2024-10-16 08:23:22 -04:00
Andrew Ayer	ed9ee59e8e	Emphasize that start_at_end applies to new logs	2024-06-14 15:16:26 -04:00
Andrew Ayer	1b9a21baa8	Remove unnecessary pointer receivers from FragmentedCollapsedTree	2024-06-13 14:37:02 -04:00
Andrew Ayer	e570923ef2	Add merkletree.FragmentedCollapsedTree	2024-06-13 09:24:17 -04:00
Andrew Ayer	fca2b8f8f1	Add offset to merkletree.CollapsedTree so that it can represent arbitrary subtrees	2024-06-13 09:23:12 -04:00
Andrew Ayer	b711c8762e	Refine the CollapsedTree API	2024-06-12 11:21:58 -04:00
Andrew Ayer	759631f7e6	merkletree.Append: fix appending to empty trees	2024-06-09 11:13:16 -04:00
Andrew Ayer	cc98a06bcb	merkletree: add method for getting collapsed tree nodes	2024-05-25 11:19:55 -04:00
Andrew Ayer	7f17992c9c	merkletree: factor out common initialization code	2024-05-25 10:52:54 -04:00
Andrew Ayer	06ce937097	Improve some comments	2024-05-24 09:08:17 -04:00
Andrew Ayer	cd4d796a7c	Respect $EMAIL when sending emails Envelope sender and RFC5322.From address are set to $EMAIL if it's non-empty. Requested in #87	2024-05-21 15:11:22 -04:00
Andrew Ayer	b5f9a48dc3	man page: document that -no_save causes duplicate notifications Suggested by @certrik in #26	2024-05-21 15:02:30 -04:00
Andrew Ayer	93ca622a37	Add NotifyError to StateProvider	2024-04-04 08:09:00 -04:00
Andrew Ayer	7bb5602d09	Refine interface for malformed log entries	2024-04-04 07:55:44 -04:00
Andrew Ayer	73327f0c2c	Refine interface for healthcheck failures	2024-04-04 07:53:35 -04:00
Andrew Ayer	5e0737353c	Abstract state storage and notification logic behind an interface	2024-04-04 07:47:25 -04:00
Andrew Ayer	740bf5ac55	Apply gofmt	2024-04-03 16:51:02 -04:00
Andrew Ayer	658e320638	Remove unnecessary seeding of math/rand No longer necessary with Go 1.20.	2023-11-13 16:44:10 -05:00

1 2 3 4 5 ...

363 Commits