Quick question from newbie.
96 views
Skip to first unread message
Michał Polomonokowski
Apr 29, 2016, 5:28:51 AM4/29/16
to certificate-transparency
Hi everyone.
I have one simple question, Im totally newbie so im asking for indulgence also sorry for my broken English.
Can i somehow download all available certification for all sites ?
I have one simple question, Im totally newbie so im asking for indulgence also sorry for my broken English.
Can i somehow download all available certification for all sites ?
Regards.
Paul Hadfield
Apr 29, 2016, 5:34:50 AM4/29/16
to certificate-...@googlegroups.com
Hi Michał,
Are you asking how to download all certificates that have been logged to a particular CT Log?
If so, the way to do this would be to write some code to retrieve entries from the Log in batches.
The algorithm would be similar to that defined in the CT RFC for building a Monitor:
Whether you choose to verify the signatures would be up to you.
Essentially you need to:
* get the log's current tree_size by retrieving its STH via GET <log_url>/ct/v1/get-sth
* iterate from 0 to tree_size to retrieve the log entries in batches via GET <log_url>/ct/v1/get-entries?start=<batch_start>&end=<batch_start + batch_size>
* parse the structures returned from get-entries. see https://tools.ietf.org/html/rfc6962#section-4.6 and https://tools.ietf.org/html/rfc6962#section-3.4
There's definitely Python client code that does the above in the certificate-transparency Github repo. I think the C++ client code you might need is there too.
hth
Paul
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michał Polomonokowski
Apr 29, 2016, 7:41:52 AM4/29/16
to certificate-transparency
Okay I understand. i thought that is some easier way.
Thanks for answer Paul.
Thanks for answer Paul.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
Pierre Phaneuf
Apr 29, 2016, 7:53:33 AM4/29/16
to certificate-transparency
On Fri, Apr 29, 2016 at 12:41 PM, Michał Polomonokowski
<yqh...@gmail.com> wrote:
> Okay I understand. i thought that is some easier way.
One small detail that is often missed: logs are allowed to return
<yqh...@gmail.com> wrote:
> Okay I understand. i thought that is some easier way.
fewer entries than requested. So if you do get-entries?start=0&end=9,
you should check that you indeed have 10 entries. If you get only 5,
for example, you would need to do get-entries?start=5&end=9 to get the
5 others.
Tom Ritter
Apr 29, 2016, 9:30:47 AM4/29/16
to certificate-transparency
On 29 April 2016 at 06:41, Michał Polomonokowski <yqh...@gmail.com> wrote:
> Okay I understand. i thought that is some easier way.
Ditto, so I made one =) (With Linus' help)
> Okay I understand. i thought that is some easier way.
https://ritter.vg/blog-querying_ct_logs.html
-tom
Reply all
Reply to author
Forward
0 new messages