Commit Graph

9 Commits

Author SHA1 Message Date
Andrew Ayer ea3db97486 Only replace DNS label with placeholder if it's utterly unparsable
e.g. contains control characters, Punycode conversion fails

There are quite simply too many certs with bogus DNS labels out in the wild,
and it just doesn't make sense to bother every .com domain holder because
GoDaddy signed a cert with a DNS name like "www.        just4funpartyrentals.com"
It is highly unlikely any validator will ever match that DNS name.
2016-05-04 11:43:02 -07:00
Andrew Ayer 60636ba2d7 Move Identifiers from CertInfo to EntryInfo
It's more logical, and it avoids some redundant parsing.
2016-05-03 11:58:59 -07:00
Andrew Ayer df5ad71a40 Support for IP addresses encoded as strings in CNs/DNS SANs 2016-05-02 11:38:08 -07:00
Andrew Ayer 82167b8151 Additional handling of pathological DNS names
1. Trim leading and trailing whitespace of DNS names.

2. Trim http:// and https:// prefixes.

3. If DNS name contains a slash, ALSO process the DNS name up to
   the first slash, since it's probably a URL.
2016-05-01 17:02:52 -07:00
Andrew Ayer 3ec8a0a3db Ignore IP address SANs with an invalid length 2016-05-01 14:52:19 -07:00
Andrew Ayer ca8f60740a Trim trailing dots from DNS names 2016-05-01 12:49:26 -07:00
Andrew Ayer 847b7129e8 Monitor for all DNS names that _might_ match a monitored domain
Wildcards, redacted labels, and unparseable labels.
2016-04-29 09:02:03 -07:00
Andrew Ayer ec68dde647 Only allow * and ? as entire DNS name labels 2016-04-29 08:45:54 -07:00
Andrew Ayer 2c9df274e9 Gracefully handle all manner of poorly encoded identifiers
Also add preliminary support for IP address identifiers.
2016-04-28 22:00:32 -07:00