libnodelay
certificate-transparency-go
libnodelay | certificate-transparency-go | |
---|---|---|
1 | 8 | |
6 | 834 | |
- | 1.1% | |
10.0 | 9.5 | |
over 2 years ago | 7 days ago | |
C | Go | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libnodelay
-
Golang is evil on shitty networks
> not to mention nearly 50% of every packet was literally packet headers
I was just looking at a similar issue with grpc-go, where it would somehow send a HEADERS frame, a DATA frame, and a terminal HEADERS frame in 3 different packets. The grpc server is a golang binary (lightstep collector), which definitely disables Nagle's algorithm as shown by strace output, and the flag can't be flipped back via the LD_PRELOAD trick (e.g. with a flipped version of https://github.com/sschroe/libnodelay) as the binary is statically linked.
I can't reproduce this with a dummy grpc-go server, where all 3 frames would be sent in the same packet. So I can't blame Nagle's algorithm, but I am still not sure why the lightstep collector behaves differently.
certificate-transparency-go
- Show HN: Free Certificate Monitoring via RSS
-
Have governments ever been caught using a CA backdoor?
If you're talking about a certificate honored by a browser, these days they'd have to put it in a CT log, or at least obtain a "signed certificate timestamp" from a CT log: https://certificate.transparency.dev/
-
UEFI Software Bill of Materials Proposal
>This feels like this might actually be a use-case for a blockchain or a Merkle Tree.
A few years ago, this idea[0] had been explored by Google as a possible application of their Trillian[1] distributed ledger, which is based on Merkle Trees.
I don't know if they've advanced adoption of Trillian for firmware, however, the website lists Go packaging[2], Certificate Transparency [3], and SigStore[4] as current applications.
have used Trillian as the basis for their Certificate Transparency implementation.[2]
[0] https://github.com/google/trillian-examples/tree/master/bina...
[1] https://transparency.dev/
[2] https://go.googlesource.com/proposal/+/master/design/25530-s...
[3] https://certificate.transparency.dev/
[4] https://www.sigstore.dev/
-
Last Chance to Fix EIDAS (Mozilla)
You can find more about certificate monitoring and who are involved here
https://certificate.transparency.dev/
-
Last Week's Let's Encrypt Downtime
Excellent question! The sctcheck command from https://github.com/google/certificate-transparency-go/ can be used to check the signatures of embedded SCTs.
I've also got an online tool which you can use to test a site for CT policy compliance: https://sslmate.com/labs/ct_policy_analyzer/
Example of a working site: https://sslmate.com/labs/ct_policy_analyzer/?sslmate.com
Example of one of the sites affected by the Let's Encrypt incident: https://sslmate.com/labs/ct_policy_analyzer/?thecandyshake.c...
-
Golang is evil on shitty networks
The x509 package has unfortunately burned me several times, this one included. It is too anal about non-fatal errors, that Google themselves forked it (and asn1) to improve usability.
https://github.com/google/certificate-transparency-go
-
Parsing Certificate Transparency end in X509Cert is nil
ogClient, err := client.New( l.URI, &http.Client{ Timeout: 10 * time.Second, Transport: &http.Transport{ TLSHandshakeTimeout: 30 * time.Second, ResponseHeaderTimeout: 30 * time.Second, MaxIdleConnsPerHost: 10, DisableKeepAlives: false, MaxIdleConns: 100, IdleConnTimeout: 90 * time.Second, ExpectContinueTimeout: 1 * time.Second, }, }, jsonclient.Options{UserAgent: "ct-go-scanlog/1.0"}, ) if err != nil { fmt.Fprintf(os.Stderr, "%s -> Failed to create new client: %s\n", l.Name, err) return } sth, err := logClient.GetSTH(context.TODO()) if err != nil { fmt.Fprintf(os.Stderr, "%s -> Failed to get SignedTreeHead: %s\n", l.Name, err) return } fmt.Printf("%s -> Number of logs: %d\n", l.Name, sth.TreeSize) index := uint64(0) // Logs MAY return fewer than the number of leaves requested. Only complete // if we actually got all the leaves we were expecting. // See more: https://github.com/google/certificate-transparency-go/blob/52d94d8cbab94d6698621839ab1a439d17ebbfb2/scanner/fetcher.go#L263 for index <= sth.TreeSize { fmt.Printf("%s -> New fetch start with index %d-%d\n", l.Name, index, index+100) entries, err := logClient.GetRawEntries(context.TODO(), int64(index), int64(index)+100) if err != nil { fmt.Fprintf(os.Stderr, "%s -> Failed to get raw entries: %s\n", l.Name, err) return } if entries == nil { fmt.Fprintf(os.Stderr, "%s -> entries is nil", l.Name) return } if DEBUG { fmt.Printf("%s -> Got %d leaf entry\n", l.Name, len(entries.Entries)) } for i := range entries.Entries { rawLogE, err := ct.RawLogEntryFromLeaf(int64(index), &entries.Entries[i]) if err != nil { fmt.Fprintf(os.Stderr, "%s -> Failed to parse leaf to raw entry at index %d: %s\n", l.Name, index, err) index++ continue } logE, err := rawLogE.ToLogEntry() if err != nil { fmt.Printf("%s -> Failed to convert raw log to log at index %d: %s\n", l.Name, index, err) index++ continue } /* * This check is true most of the time. */ if logE.X509Cert == nil { fmt.Printf("%s -> Failed to read log cert at index %d: X509Cert is nil\n", l.Name, index) index++ continue } if DEBUG { fmt.Printf("%s -> Leaf entry at %d is parsed successfuly!\n", l.Name, index) } entryChan <- *logE index++ } }
-
Google's Certificate Transparency Search page to be discontinued May 15th, 2022
Yes, you can use the certificate-transparency go code to pull down from the trillian API https://github.com/google/certificate-transparency-go/blob/m...
You would need to know the index, or you could just iterate over a range
What are some alternatives?
rke2
osv.dev - Open source vulnerability DB and triage service.
.NET Runtime - .NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
trillian-examples - A place to store some examples which use Trillian APIs to build things.
grpc-go - The Go language implementation of gRPC. HTTP/2 based RPC
certspotter - Certificate Transparency Log Monitor
go - The Go programming language
plan9port - Plan 9 from User Space
kubernetes - Production-Grade Container Scheduling and Management
GhidraChatGPT - Brings the power of ChatGPT to Ghidra!
s2n - An implementation of the TLS/SSL protocols
ansible-rulebook