| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backoff on 4XX and 5XX. See related issue:
https://github.com/google/certificate-transparency-go/issues/898
Test manually hints:
```
$ cat srv.py
from http.server import HTTPServer, BaseHTTPRequestHandler
class RequestHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(429)
self.send_header("Content-Type", "text/plain")
self.end_headers()
self.wfile.write(b"429 something something...")
def do_POST(self):
self.do_GET()
def do_PUT(self):
self.do_GET()
def do_DELETE(self):
self.do_GET()
if __name__ == "__main__":
server_address = ('localhost', 9090)
httpd = HTTPServer(server_address, RequestHandler)
print("Server running on http://localhost:9090")
httpd.serve_forever()
```
And a transport for http.Client that redirects to localhost:
```
type statusRR struct {
inner http.RoundTripper
}
func (s *statusRR) RoundTrip(req *http.Request) (*http.Response, error) {
if strings.Contains(req.URL.Path, "ct/v1/get-entries") {
req.URL.Scheme = "http"
req.URL.Host = "localhost:9090"
}
rsp, err := s.inner.RoundTrip(req)
return rsp, err
}
```
|
| |
|
|
| |
Our get-entries fetcher already backs-off exponentially.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Needs tuning, too noisy right now.
|
| |
|
|
| |
Ensures we alert asap if we have something to alert for.
|
| |
|
|
|
| |
- Detect if we're falling behind while downloading
- Detect if there are any found certificates alerting
|
| |
|
|
|
| |
Currently it only runs if there are monitor/feedback events. Which is
probably fine for the most part, but will be a bit more robust.
|
| | |
|
| |
|
|
| |
To be consistent with naming of the tools in cmd/.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As opposed to doing a new bootstrap with get-proof-by-hash every time
the next root is constructed. Bootstrapping the compact range from a
get-proof-by-hash query works for the most part, but fails if the log
included a duplicate entry and gives us the index for that instead. Log
operators with duplicate entries include Cloudflare and Digicert.
If bootstrap fails (unlucky), we try to bootstrap again once the log's
signed tree head moved forward (hoping the last entry has no duplicate).
The more reliable way to bootstrap a compact range would be to use the
get-entry-and-proof endpoint. This does not work in practise because
some logs are not implementing this endpoint. Digicert has such logs.
|
| |
|
|
| |
This fixes the issue of the monitor stopping after the second pull.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
curl http://localhost:2009/get-status
curl -X POST --data-binary @/home/rgdd/fullchain.pem -u node_a:aaaa http://localhost:2009/add-chain
|
| |
|
