Closed HugooB closed 9 months ago
Great work @d-Rickyy-b. I'm in the same situation as @HugooB's context. I tried your tool and it seems to work great, but I'm also getting the same output.
Following this thread. Cheers
Hi there, happy you enjoy the project. This error message is shown when the certstream cilent can't process all the certificates the certstream server receives from the CT network. We're talking ~250-300 certs per second.
Possible reasons are usually slow clients, meaning either a slow network connection or a slow programming language. Alternatively this might also happen if your server has a bad network connection or if the server is trying to provide certificates to too many clients.
I assume you are using only one or a handful of clients. In case you are using Python: Python is quite a slow language by default. Make sure you either use asyncio or multiple threads. I once wrote certleak as a multithreaded python certstream client. Maybe you want to try out that as well.
Apart from that, I will make the per client buffer size configurable. In certain cases a client might be slow for a certain period of time (network hickup) and will be able to fetch the missed certs at a quicker pace later on. I tried to find a sane default and set the client buffer to a size of max. 100 certificates:
Also make sure to check to which endpoint you are connecting to. If you only need domains, connect to the /domains-only
endpoint. That saves a lot of bandwidth and parsing.
Thanks for your swift reply! I'm indeed using a single threaded Python client and I'm not surprised that it wasn't able to handle 250-300 certs per second. I will definitely take a look at your certleak as well, great stuff man!
Nice job! Are you going to release a new version soon? Also at Docker Hub?
Sure thing, probably by the end of the week if time allows.
New release published: https://github.com/d-Rickyy-b/certstream-server-go/releases/tag/v1.5.0
Also please let me know if the issue is fixed for you (even though I think it's not a server side issue).
Hi,
please let me know if the issue is fixed for you
Thank you very much for sharing this software.
With 1.4.0
, I had a lot of the buffer is full
errors whatever buffer and settings values I tried to adjust into the client (running on localhost).
With the new 1.5.0
, and after 1 hour and processed over 1 million entries, I have not seen yet the buffer is full
errors for now.
So at least for me, for now, I see a huge difference with what you changed into 1.5.0
👍
Need more tests over more time... Will post here again if error is back.
Hi there! Great work on this! I relied heavily on Calidogs server and since that is offline, this seems to be a perfect replacement. I setup your certstream-server and changed the Websocket address in my certstream implementation to
ws://localhost:8080
. It works, but the server gives me this error:Any thoughts why?