search

crtsh / certwatch_db

Database schema
https://crt.sh/
GNU General Public License v3.0
199 stars 36 forks source link

Make the Authority Key Identifier navigable #67

Closed RufusJWB closed 5 years ago

RufusJWB commented 5 years ago

It would be a nice feature, if one could click on the "Authority Key Identifier" in a certificate to be forwarded to the "Subject Key Identifier" overview of the CA.

For example: From here: https://crt.sh/?id=1725538589 I would like to be directly sent to https://crt.sh/?ski=897089f3ff2e6f4f92831d3faa23df4ee6635030

robstradling commented 5 years ago

RFC5280 section 4.2.1.1 says:

   AuthorityKeyIdentifier ::= SEQUENCE {
      keyIdentifier             [0] KeyIdentifier           OPTIONAL,
      authorityCertIssuer       [1] GeneralNames            OPTIONAL,
      authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }

I'll make it navigable when keyIdentifier is provided, which is the common case.

robstradling commented 5 years ago

Fixed by https://github.com/crtsh/certwatch_db/commit/8a19346b96e6668f02b4fb7839d64feda85d3983, with help from: https://github.com/crtsh/libx509pq/commit/f4e47891f3ff966598749138be09b95e1f5a2986 https://github.com/crtsh/libx509pq/commit/0901edecdf380a41df07b0bd646a7240eedba357