[−][src]Crate ctclient
Certificate Transparency Log client for monitoring and gossiping.
The source code of this project contains some best-effort explanation comments for others trying to implement such a client to read - as of 2019, the documentation that exists out there are (in my opinion) pretty lacking, and I had some bad time trying to implement this.
All pub_key
are in DER format, which is the format returned (in base64)
by google's trusted log list. (No one told me this).
The source code of this project is not intended to be a beginner friendly tutorial on how a CT log works. To learn more about CT, you can read the RFC.
Modules
certutils | Verious utilities for checking the content of a certificate. |
google_log_list | Downloading of log list from Google. |
internal | Things that are only useful if you are doing your own API calling. |
jsons | Structs for parsing server response. |
utils | Some utility functions. |
Structs
CTClient | A stateful CT monitor. |
SignedCertificateTimestamp | An unverified Signed Certificate Timestamp (SCT). |
SignedTreeHead | An unverified signed tree head (STH), as returned from the server. This encapsulate the state of the tree at some point in time. |
Enums
Error | Errors that this library could produce. |
SctEntry | Either a X509 der, or (in case of pre-cert) tbs and issuer key hash. |
SthResult | Either a fetched and checked |