[SSL Observatory] crlwatch
Jacob Appelbaum
jacob at appelbaum.net
Fri Mar 18 11:50:07 PDT 2011
On 03/18/2011 09:41 AM, Peter Eckersley wrote:
> This runs largely replicates the functionality of the
> questions/crl_blacklist/check_crls.py script in the Observatory source code.
>
That seems true. Is there any way to get your code into git somewhere? :-)
> That script only fetches CRLs that pertain to the weak debian keys, though
> removing the "natual join" clause from its MySQL query in main() will change
> that. check_crls.py writes the results into a "revoked" table, which is
> pretty handy for writing investigative queries.
Right - I think that in the long run, we should probably stuff all of
this data into the database.
>
> Note that check_crls.py is lazy about what it downloads: it won't re-fetch a
> CRL if there's already a copy of it in the current directory.
Right, that's why I wrote all of this independently of the current
observatory stuff. I'm going to automate fetching, parsing and updating
the CRL data and hopefully I'll have a better idea of the amount of
daily data we should expect.
I've already found something really interesting with this code and I'm
working on a write up.
All the best,
Jacob
More information about the Observatory
mailing list