mirror of
https://github.com/SSLMate/certspotter.git
synced 2025-06-27 10:15:33 +02:00
0af0262498
1. Instead of storing a single STH per log, we now store one verified STH and any number of unverified STHs. When we process a log, we verify each unverified STH using a consistency proof with the verified STH, and only delete it if it successfully verifies. We set the verified STH to the largest STH which we've successfully verified. This has two important benefits. First, we never ever delete an STH unless we can successfully verify it (previously, we would forget about an STH under certain error conditions). Second, it lays the groundwork for STH pollination. Upon reception of an STH, we can simply drop it in the log's unverified_sths directory (assuming the signature is valid), and Cert Spotter will audit it. There is no more "evidence" directory; if a consistency proof fails, the STHs will already be present elsewhere in the state directory. 2. We now persist a MerkleTreeBuilder between each run of Cert Spotter, instead of rebuilding it every time from the consistency proof. This is not intrinsically better, but it makes the code simpler considering we can now fetch numerous consistency proofs per run. 3. To accommodate the above changes, the state directory has a brand new layout. The state directory is now versioned, and Cert Spotter will automatically migrate old state directories to the new layout. This migration logic will be removed in a future Cert Spotter release. As a bonus, the code is generally cleaner now :-)