Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.python > #16667 > unrolled thread

Certstream Go & Python packages

Started bySimon Josefsson <simon@josefsson.org>
First post2025-01-06 17:20 +0100
Last post2025-01-06 17:20 +0100
Articles 1 — 1 participant

Back to article view | Back to linux.debian.maint.python

Contents

  Certstream Go & Python packages Simon Josefsson <simon@josefsson.org> - 2025-01-06 17:20 +0100

#16667 — Certstream Go & Python packages

FromSimon Josefsson <simon@josefsson.org>
Date2025-01-06 17:20 +0100
SubjectCertstream Go & Python packages
Message-ID<K1XZE-6cW8-7@gated-at.bofh.it>

[Multipart message — attachments visible in raw view] — view raw

All,

I have uploaded a pair of CertStream-related projects: one self-hosted
server written in Go and a Python library and client tool.

What do they do?  It allows you to watch the stream of newly minted
certificates published into various certificate transparency logs.

Please let me know if you find anything strange with the packaging.

Here is a small recipe for testing for future reference:

Build your own packages from git:
https://salsa.debian.org/python-team/packages/python-certstream/
https://salsa.debian.org/go-team/packages/certstream-server-go/

Or pick the latest Salsa-built amd64 binaries:
https://salsa.debian.org/jas/certstream-server-go/-/jobs/6872068
https://salsa.debian.org/python-team/packages/python-certstream/-/jobs/6872129

Either 'dpkg -i' or 'apt-get install' the 'certstream-server-go' package
and start it locally like this:

/usr/bin/certstream-server-go -config /usr/share/doc/certstream-server-go/examples/config.sample.yaml 

you should see it start talking to networks and print lines like:

2025/01/06 17:10:19 ct-watcher.go:143: Currently monitored ct logs: 48
2025/01/06 17:10:26 ct-watcher.go:292: Processed 1000 entries | Queue length: 0
2025/01/06 17:10:31 ct-watcher.go:292: Processed 2000 entries | Queue length: 0
...

Then either 'dpkg -i' or 'apt-get install' the 'python3-certstream'
package and start the client talking to your own server like this:

/usr/bin/certstream --url ws://127.0.0.1:8080/

You should see output like this:

...
[2025-01-06T17:11:31.623000] https://wyvern.ct.digicert.com/2025h1 - cc.xiaoxidaka.cn [cc.xiaoxidaka.cn]
[2025-01-06T17:11:31.624000] https://wyvern.ct.digicert.com/2025h1 - *.swvasb.com [*.swvasb.com, www.swvabook.swvasb.com, www.swvasb.swvasb.com]
[2025-01-06T17:11:31.653000] https://ct.googleapis.com/logs/eu1/xenon2025h1 - www.silverresorts.com [www.silverresorts.com]
[2025-01-06T17:11:31.654000] https://ct.googleapis.com/logs/eu1/xenon2025h1 - www.phoenixcpa.cpa [www.phoenixcpa.cpa]
[2025-01-06T17:11:31.655000] https://ct.googleapis.com/logs/eu1/xenon2025h1 - intranet.wov.ch [intranet.wov.ch]
...

/Simon

[toc] | [standalone]

Back to top | Article view | linux.debian.maint.python

csiph-web