Gracefully handle failure to retrieve an STH or consistency proof

SSLMate / certspotter

Certificate Transparency Log Monitor

https://sslmate.com/certspotter

Mozilla Public License 2.0

955 stars 83 forks source link

Gracefully handle failure to retrieve an STH or consistency proof #9

Closed AGWA closed 2 years ago

AGWA commented 8 years ago

The Rocketeer log is distributed and is frequently unable to return a consistency proof. certspotter should only raise an error if this happens on several subsequent certspotter runs.

gene1wood commented 8 years ago

Here's an example of the error message that's returned, making the email feed noisy

/path/to/certspotter: https://ct.ws.symantec.com: 2016/08/10 20:39:05 Error retrieving STH from log: Get https://ct.ws.symantec.com/ct/v1/get-sth: net/http: request canceled

AGWA commented 8 years ago

Another common error message, for reference:

certspotter: https://ct.googleapis.com/rocketeer: 2016/08/09 16:42:17 Error fetching consistency proof: GET https://ct.googleapis.com/rocketeer/ct/v1/get-sth-consistency?first=23041084&second=23073883: 400 Bad Request ({
  "error_message": "Second tree size (23073883) cannot be greater than current tree size (23057417)",
  "success": false
}
)

AGWA commented 2 years ago

Would be solved by #63.