aljaz/certspotter
1
1
Fork 0
mirror of https://github.com/SSLMate/certspotter.git synced 2026-01-16 18:24:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Parse common names separately from DNS names

Browse Source
This commit is contained in:
Andrew Ayer
2016-04-22 20:58:33 -07:00
parent ef0b46b7a5
commit 2d2aa37202
3 changed files with 36 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/ctwatch/main.go
View File

@@ -71,14 +71,17 @@ func processEntry (scanner *ctwatch.Scanner, entry *ct.LogEntry) {
info.CertInfo, info.ParseError = ctwatch.MakeCertInfoFromLogEntry(entry)
if info.ParseError == nil && info.CertInfo.DNSNamesParseError == nil {
// Match DNS names
if !anyDnsNameMatches(info.CertInfo.DNSNames) {
return
}
// If there's any sort of parse error related to the identifiers, report
// the certificate because we can't say for sure it doesn't match a domain
// we care about (fail safe behavior). Treat common names as DNS names
// because many TLS clients do.
if info.ParseError != nil ||
info.CertInfo.CommonNamesParseError != nil ||
info.CertInfo.DNSNamesParseError != nil ||
anyDnsNameMatches(info.CertInfo.CommonNames) ||
anyDnsNameMatches(info.CertInfo.DNSNames) {
cmd.LogEntry(&info)
}
cmd.LogEntry(&info)
}
func main() {