Skip to content

Instantly share code, notes, and snippets.

View robstradling's full-sized avatar

Rob Stradling robstradling

219 followers · 1 following
View GitHub Profile
@robstradling
robstradling / apple_insufficient_scts.txt
Last active May 6, 2021 14:36
Rough analysis of CAs embedding too few SCTs to comply with the 2021-04-21 update to the Apple CT Policy
-- Step 1: Find the lowest/earliest certificate ID affected by the updated Apple CT Policy.
-- (Assumptions: (i) Certificate notBefore dates are never forward-dated and (ii) Log entry timestamps are always accurate).
certwatch@certwatch=> SELECT min(c.ID)
FROM certificate c
WHERE x509_notBefore(c.CERTIFICATE) >= '2021-04-21'::timestamp
AND c.ID IN (
SELECT ctle.CERTIFICATE_ID
FROM ct_log_entry_2021 ctle
WHERE ctle.ENTRY_TIMESTAMP >= '2021-04-21'::timestamp
@robstradling
robstradling / 20221011_AllCAsAndCACertificatesForSectigoSelfAssessment.csv
Last active October 11, 2022 21:03
List All CAs and CA Certificates for Sectigo Self-Assessment
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 4.
CA Certificate Type,Issuer Common Name,Subject DN,SHA-256(Certificate),Not Before,Not After,CA Owner,Main CPS?,eIDAS CPS?,Document Signing CPS?,External CPS?,Serial Number,Subject Key Identifier
Root,AAA Certificate Services,"CN=AAA Certificate Services
O=Comodo CA Limited
L=Salford
ST=Greater Manchester
C=GB",D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4,2004-01-01 00:00:00,2028-12-31 23:59:59,Sectigo,Main,n/a,n/a,n/a,01,A0110A233E96F107ECE2AF29EF82A57FD030A4B4
Intermediate,AAA Certificate Services,"CN=TrustAsia ECC DV TLS CA G2
O=TrustAsia Technologies, Inc.
C=CN",5251E2A5B3A42021667994B04E195B693B9B71B752267C44DC310A77979BDC00,2022-01-10 00:00:00,2028-12-31 23:59:59,Sectigo,Main,n/a,n/a,n/a,00D21ADFBDC3C45772BDF698B2BAD8FB0D,01A6B0FD96C74AA86922B2119E60DB6A34C61452
Intermediate,AAA Certificate Services,"CN=TrustAsia ECC EV TLS CA G2
@robstradling
robstradling / find_embedded_dodo_scts.sql
Last active March 31, 2023 01:12
Find certificates with embedded SCTs signed by Dodo's private key
-- CREATE TABLE temp_dodo_embedded_scts ( certificate_id bigint, issuer_ca_id integer );
-- GRANT SELECT ON temp_dodo_embedded_scts TO GUEST;
\timing on
\set ON_ERROR_STOP on
DO
$$DECLARE
t_minCertificateID certificate.ID%TYPE;
@robstradling
robstradling / affected_smime_subca_certs.csv
Last active May 3, 2023 11:26
Pre-existing S/MIME Sub-CA Certificates that cannot comply with the certificate policy requirements in SMIME BR 7.1.6.3
crt.sh URL Included Certificate Owner Certificate Name Trusted By
https://crt.sh/?id=2116242286 AC Camerfirma, S.A. CAMERFIRMA COLOMBIA SAS CERTIFICADOS - 001 Microsoft
https://crt.sh/?id=2116243541 AC Camerfirma, S.A. CAMERFIRMA COLOMBIA SAS CERTIFICADOS - 002 Microsoft
https://crt.sh/?id=1251 AC Camerfirma, S.A. Chambers of Commerce Root Apple,Microsoft
https://crt.sh/?id=10249844 AC Camerfirma, S.A. Global Chambersign Root Apple
https://crt.sh/?id=255724030 Actalis AgID CA1 Apple,Microsoft,Mozilla
https://crt.sh/?id=408583239 Actalis AgID CA1 Apple,Microsoft,Mozilla
https://crt.sh/?id=541765524 Actalis AgID CA1 Apple,Microsoft,Mozilla
https://crt.sh/?id=626725015 Actalis AgID CA1 Apple,Microsoft,Mozilla
https://crt.sh/?id=968143407 Actalis AgID CA1 Apple,Microsoft,Mozilla
@robstradling
robstradling / empty_arrays_demo.go
Last active May 5, 2023 16:14
go-ora: Unable to process input arrays that have no non-empty values
package main
import (
"context"
"database/sql"
"database/sql/driver"
"flag"
"fmt"
"os"
"time"
@robstradling
robstradling / Active_Russian_SANdNSNames.csv
Last active June 9, 2023 02:44
WebPKI Issuance and CRL Revocation of Russian/Belarusian subjectAltName:dNSNames (.ru, .su, .by)
CA OWNER ↓ DATE OF VALIDITY → 2022-02-21 2022-02-22 2022-02-23 2022-02-24 2022-02-25 2022-02-26 2022-02-27 2022-02-28 2022-03-01 2022-03-02 2022-03-03 2022-03-04 2022-03-05 2022-03-06 2022-03-07 2022-03-08 2022-03-09 2022-03-10 2022-03-11 2022-03-12 2022-03-13 2022-03-14 2022-03-15 2022-03-16 2022-03-17 2022-03-18 2022-03-19 2022-03-20 2022-03-21 2022-03-22 2022-03-23 2022-03-24 2022-03-25 2022-03-26 2022-03-27 2022-03-28 2022-03-29 2022-03-30 2022-03-31 2022-04-01 2022-04-02 2022-04-03 2022-04-04 2022-04-05 2022-04-06 2022-04-07 2022-04-08 2022-04-09 2022-04-10 2022-04-11 2022-04-12 2022-04-13 2022-04-14 2022-04-15 2022-04-16 2022-04-17 2022-04-18 2022-04-19 2022-04-20 2022-04-21 2022-04-22 2022-04-23 2022-04-24 2022-04-25 2022-04-26 2022-04-27 2022-04-28 2022-04-29 2022-04-30 2022-05-01 2022-05-02 2022-05-03 2022-05-04 2022-05-05 2022-05-06 2022-05-07 2022-05-08 2022-05-09 2022-05-10 2022-05-11 2022-05-12 2022-05-13 2022-05-14 2022-05-15 2022-05-16 2022-05-17 2022-05-18 2022-05-19 2022-05-20 2022-05-21
@robstradling
robstradling / finalTBSCertificateFromPrecertificate.go
Created June 16, 2023 13:12
Produce final certificate from precertificate
package main
import (
"crypto/x509/pkix"
"encoding/asn1"
"encoding/base64"
"encoding/pem"
"fmt"
"math/big"
"time"
@robstradling
robstradling / main.go
Created September 6, 2023 13:52
Demonstrate some go-ora regressions since v2.7.14
package main
@robstradling
robstradling / go.mod
Last active November 15, 2023 12:30
module gist.github.com/robstradling/f8f8c04b73af72e7f137c1eedb523d15
go 1.20
require github.com/sijms/go-ora/v2 v2.7.21
@robstradling
robstradling / go.mod
Last active November 15, 2023 12:31
go-ora issue 323
module gist.github.com/robstradling/3bf7c340bc4479f3b3a71c58a9842657
go 1.19
require github.com/sijms/go-ora/v2 v2.7.21