summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bin-src/crtsh-pem2html.go6
-rw-r--r--bin-src/pem-diff.go5
-rw-r--r--bin-src/util/oid.go10
-rw-r--r--bin-src/util/rfc6962.go26
4 files changed, 33 insertions, 14 deletions
diff --git a/bin-src/crtsh-pem2html.go b/bin-src/crtsh-pem2html.go
index c0b815c..2c9debb 100644
--- a/bin-src/crtsh-pem2html.go
+++ b/bin-src/crtsh-pem2html.go
@@ -29,10 +29,8 @@ func handleBool(ok bool, str string, a ...interface{}) {
}
func rfc6962type(certX509 *x509.Certificate) string {
- for _, ext := range certX509.Extensions {
- if ext.Id.Equal(util.OID_RFC6962_Poison) {
- return "Precertificate"
- }
+ if util.IsPrecertificate(certX509) {
+ return "Precertificate"
}
return "Certificate"
}
diff --git a/bin-src/pem-diff.go b/bin-src/pem-diff.go
index da27a62..0159349 100644
--- a/bin-src/pem-diff.go
+++ b/bin-src/pem-diff.go
@@ -10,6 +10,8 @@ import (
"os"
"sort"
"strings"
+
+ "./util"
)
func handleErr(err error, str string, a ...interface{}) {
@@ -89,6 +91,9 @@ func readCrtSh(filename string, hosts []string) (map[string]Cert, error) {
if err != nil {
return nil, err
}
+ if util.IsPrecertificate(certX509) {
+ continue
+ }
for _, host := range hosts {
if certX509.VerifyHostname(host) == nil {
if old, haveold := ret[host]; !haveold || certX509.NotBefore.After(old.X509.NotBefore) {
diff --git a/bin-src/util/oid.go b/bin-src/util/oid.go
deleted file mode 100644
index b9fee4c..0000000
--- a/bin-src/util/oid.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package util
-
-import (
- "encoding/asn1"
-)
-
-var (
- OID_RFC6962_SCTs = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2}
- OID_RFC6962_Poison = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3}
-)
diff --git a/bin-src/util/rfc6962.go b/bin-src/util/rfc6962.go
new file mode 100644
index 0000000..46a531b
--- /dev/null
+++ b/bin-src/util/rfc6962.go
@@ -0,0 +1,26 @@
+package util
+
+import (
+ "crypto/x509"
+ "encoding/asn1"
+
+ //"fmt"
+ //"os"
+)
+
+var (
+ oidSCTs = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2}
+ oidPrecertificatePoison = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3}
+)
+
+func IsPrecertificate(certX509 *x509.Certificate) bool {
+ for _, ext := range certX509.Extensions {
+ //fmt.Fprintln(os.Stderr, "ext", ext)
+ if ext.Id.Equal(oidPrecertificatePoison) {
+ //fmt.Fprintln(os.Stderr, "t")
+ return true
+ }
+ }
+ //fmt.Fprintln(os.Stderr, "f")
+ return false
+}