[][src]Crate ctclient

Certificate Transparency Log client suitable for monitoring, quick SCT validation, gossiping, etc.

The source code of this project contains some best-effort explanation comments for others trying to implement such a client. As of 2019, the documentation that exists out there are (in my opinion) pretty lacking, and I had some bad time trying to implement this.

All pub_key are in DER format, which is the format returned (in base64) by google's trusted log list. signatures are Digitally-signed structs, and raw_signatures are ASN1-encoded signatures.

Best effort are made to catch misbehavior by CT logs or invalid certificates. It is up to the user of this library to decide what to do when logs don't behave corrctly.

This project is not intended to be a beginner friendly tutorial on how a CT log works. To learn more about CT, you can read the RFC.

API calls are currently all blocking. If anyone is interested in rewriting them in Futures, PR is welcome.



Verious utilities for checking the content of a certificate.


Downloading of log list from Google.


Things that are only useful if you are doing your own API calling.


Structs for parsing server response.


Some utility functions.



A stateful CT monitor.


An unverified Signed Certificate Timestamp (SCT).


An unverified signed tree head (STH), as returned from the server. This encapsulate the state of the tree at some point in time.



Errors that this library could produce.


Either a X509 der, or (in case of pre-cert) tbs and issuer key hash.


Either a fetched and checked SignedTreeHead, or a SignedTreeHead that has a valid signature but did not pass some internal checks, or just an Error.