Andrew Ayer
54d9762ff2
Add JSON marshalling for MerkleTreeBuilder
2017-01-05 15:43:26 -08:00
Andrew Ayer
7c55be7d5c
Add GetNumLeaves function for MerkleTreeBuilder
2017-01-05 15:00:56 -08:00
Andrew Ayer
3673518b30
Add constructor functions for MerkleTreeBuilder
2017-01-05 14:48:35 -08:00
Andrew Ayer
39737f33ec
Rename MerkleTreeBuilder.size to numLeaves
2017-01-05 14:41:54 -08:00
Andrew Ayer
f920ef0ec3
Add a TODO
2017-01-05 14:32:28 -08:00
Andrew Ayer
55d12ee013
Support empty trees
2017-01-05 14:32:22 -08:00
Andrew Ayer
4868243259
Add ID function to LogInfo to return log ID
2016-11-26 17:48:15 -08:00
Andrew Ayer
ff6d1f21fd
Add a TODO comment
2016-11-26 17:47:57 -08:00
Andrew Ayer
0bd48084f0
Add MakeMerkleTreeBuilder
2016-11-25 20:13:17 -08:00
Andrew Ayer
adce61e035
Add GetAuditProof to LogClient
2016-11-25 20:09:59 -08:00
Andrew Ayer
b63a024876
Replace MerkleTreeBuilder.Finish with non-mutating CalculateRoot
2016-11-25 17:43:07 -08:00
Andrew Ayer
ef18092eb9
Add new logs: Icarus, Skydiver, StartCom, WoSign
2016-11-15 15:59:39 -08:00
Andrew Ayer
9bf82346d8
Avoid use of json.Decoder
...
Per https://ahmetalpbalkan.com/blog/golang-json-decoder-pitfalls/
2016-11-15 15:59:39 -08:00
Andrew Ayer
36210a9544
VerifyConsistencyProof: properly return tree builder when two trees are the same
2016-11-15 15:59:39 -08:00
Andrew Ayer
31f2316aa2
Rework -all_time logic
...
If -all_time is specified, scan the entirety of all logs, even
existing logs. This matches user expectation better. Previously,
-all_time had no impact on existing logs.
The first time Cert Spotter is run, do not scan any logs, unless
-all_time is specified. This avoids a several hour wait the first
time Cert Spotter is run. If the user is interested in knowing
about existing certificates, they can use the certspotter.com API
or crt.sh. This is the same as existing behavior.
When a new log is added, scan it in its entirety even if -all_time is
not specified, so users are alerted to interesting certificates in the
new log. Hopefully new logs will be small and this won't take too long!
Previously, new logs were not scanned in their entirety unless -all_time
was specified.
Closes : #5
2016-11-15 15:59:38 -08:00
Andrew Ayer
7d2936eada
README: document upcoming mandatory CT
2016-11-12 08:09:42 -08:00
Andrew Ayer
f706b09bc8
README: document GlobalSign DV logging
2016-11-12 08:09:27 -08:00
Andrew Ayer
2a80e85783
Increase log client request timeout to 60 seconds
...
This should be configurable, but I need to experiment first.
2016-08-30 10:40:13 -07:00
Andrew Ayer
35c646ae62
Add NEWS file for 0.2 release
2016-08-25 17:13:31 -07:00
Joe Tsai
4104152de6
Use io.ReadFull instead of raw Read
...
An io.Reader does not guarantee that it can read all bytes possible
to fill the input buffer. Thus, we should use io.ReadFull here instead.
Cherry-picked from ddfd4a2b2d89e20f0a7c63c88420aaa419d4d95c
of https://github.com/google/certificate-transparency
2016-08-25 16:48:58 -07:00
Andrew Ayer
c36452f67a
Improve log client error messages
2016-08-25 16:04:29 -07:00
Andrew Ayer
1af6309367
Define tagUTCTime and tagGeneralizedTime
...
They're only exported in Go1.6 and I'd like to support Go1.5 as well.
Closes : #15
2016-08-20 19:43:44 -07:00
Andrew Ayer
b1dc229785
Fix typo
2016-07-28 15:52:32 -07:00
Andrew Ayer
1f97fb3a13
Suppress duplicate identifiers
2016-07-28 14:00:15 -07:00
Andrew Ayer
6cae4942e4
Identifiers: abstract out appendIPAddress
2016-07-28 13:53:24 -07:00
Jonathan Rudenberg
c217200b96
Return errors from InvokeHookScript instead of failing silently
...
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
2016-07-28 12:26:58 -07:00
Jonathan Rudenberg
acc6781f29
Run gofmt
...
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
2016-07-28 14:55:46 -04:00
Andrew Ayer
38b9c920eb
Add README
2016-07-27 14:17:53 -07:00
Andrew Ayer
1dc7e1cda9
Refine command line flag descriptions
2016-07-27 14:14:09 -07:00
Andrew Ayer
902755d4e8
Don't enforce public key compliance
...
You have to trust the public key anyways, so compliance checks are
superfluous.
2016-07-26 17:00:01 -07:00
Andrew Ayer
f75c47d9ca
Always store files in ~/.certspotter, even if running as root
2016-07-26 16:57:26 -07:00
Andrew Ayer
c185657181
Remove Izenpe log, add CNNIC
2016-07-19 10:46:15 -07:00
Andrew Ayer
cf8a5d8703
Remove description field from logs.go
2016-07-19 10:39:01 -07:00
Andrew Ayer
37bc55be2d
Add key hash to logs.go
2016-07-19 10:32:05 -07:00
Andrew Ayer
ebdf2af720
Add some comments
2016-07-19 10:31:23 -07:00
Andrew Ayer
19e05b901a
Remove some dead code from the scanner
2016-06-22 10:32:42 -07:00
Andrew Ayer
74f9ceb6a2
Add attribution of the ct sub-directory
2016-06-22 10:30:16 -07:00
Andrew Ayer
724517e4c4
Update crt.sh link to use sha256= instead of q=
2016-06-20 15:23:15 -07:00
Andrew Ayer
fa1236f434
Use a switch statement instead of an if statement
...
This will make it cleaner to handle other extension types
2016-06-08 15:57:56 -07:00
Andrew Ayer
196bd864cd
Properly handle non-200 responses from logs
2016-06-08 15:18:28 -07:00
Andrew Ayer
1fc964732b
Allow public key to be omitted from log JSON file
...
In which case signatures are not checked.
2016-06-03 08:10:38 -07:00
Andrew Ayer
2c8cb1f402
Return exit code from cmd.Main instead of exiting directly
...
This allows the calling code to do custom cleanup.
2016-06-03 07:21:08 -07:00
Andrew Ayer
6db3f7564c
Add function to reconstruct pre-cert TBS from cert TBS
2016-05-16 11:33:03 -07:00
Andrew Ayer
ae59c317dc
Ignore empty DNS names
2016-05-13 10:31:13 -07:00
Andrew Ayer
2bed88e7c5
Rework watchlist
...
Watchlist is now read from ~/.certspotter/watchlist by default, or from
the file specified by -watchlist (- for stdin).
By default, only exact DNS names are matched. To match both the domain
itself and all sub-domains, prefix with a dot (e.g. .example.com).
Comments are now allowed in watchlist files.
2016-05-12 11:30:59 -07:00
Andrew Ayer
7196ec5217
Use $CERTSPOTTER_STATE_DIR to specify state directory
2016-05-12 10:53:57 -07:00
Andrew Ayer
dac062e17d
Add unit tests for MatchesWildcard
2016-05-10 14:29:10 -07:00
Andrew Ayer
f9432ae4b9
Reverse order of certspotter.MatchesWildcard arguments
2016-05-10 14:29:04 -07:00
Andrew Ayer
92fbdcb947
Support crazy wildcards (not just in the left-most label)
2016-05-10 10:37:10 -07:00
Andrew Ayer
e99ee481a4
Disable check of pre-cert poision value
...
Too many pre-certs in the logs with the wrong value :-(
2016-05-09 15:46:14 -07:00