|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| | Use log metadata description if available, otherwise fall back on log
URL without the https:// suffix.
Keeping log_id for now at least - seems useful for scripts. | 
| | 
| 
| 
| | https://gitlab.torproject.org/tpo/tpa/team/-/issues/40677 | 
| | 
| 
| 
| 
| | Because openssl wasn't able to parse DER precertificates.  And now the
user can just view the file rather than fiddling with openssl. | 
| | 
| 
| 
| 
| | - Detect if we're falling behind while downloading
- Detect if there are any found certificates alerting | 
| | 
| 
| 
| 
| 
| | For convenience.  For example, now one can debug issues like this:
    openssl x509 -inform DER -in /path/to/crt.der -text -noout | 
| | 
| 
| 
| | To be consistent with naming of the tools in cmd/. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | As opposed to doing a new bootstrap with get-proof-by-hash every time
the next root is constructed.  Bootstrapping the compact range from a
get-proof-by-hash query works for the most part, but fails if the log
included a duplicate entry and gives us the index for that instead.  Log
operators with duplicate entries include Cloudflare and Digicert.
If bootstrap fails (unlucky), we try to bootstrap again once the log's
signed tree head moved forward (hoping the last entry has no duplicate).
The more reliable way to bootstrap a compact range would be to use the
get-entry-and-proof endpoint.  This does not work in practise because
some logs are not implementing this endpoint.  Digicert has such logs. | 
|  |  |