certificate-transparency/ctool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refuse the +sct +issuer +ctlog flags when fetching hash tiles

Browse Source
This commit is contained in:
Pim van Pelt
2026-04-05 22:06:51 +02:00
parent d80eeb9677
commit 76e3ce28e1
3 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/utils/utils.go
View File

@@ -211,7 +211,7 @@ func DumpAllEntries(tileData []byte, opts Options) (*DumpResult, error) {
if err != nil {
// If it fails, try as hash tile
fmt.Fprintf(os.Stderr, "Not a data tile, trying as hash tile...\n")
return dumpHashTile(tileData)
return dumpHashTile(tileData, opts)
}
return result, nil
}
@@ -237,7 +237,11 @@ func dumpDataTile(tileData []byte, opts Options) (*DumpResult, error) {
}, nil
}
func dumpHashTile(tileData []byte) (*DumpResult, error) {
func dumpHashTile(tileData []byte, opts Options) (*DumpResult, error) {
if opts.ShowSCT || opts.ShowIssuer || opts.ShowCTLog {
return nil, fmt.Errorf("+sct, +issuer, and +ctlog are not valid for hash tiles (only data tiles contain certificates)")
}
const hashSize = 32 // SHA-256 hash size
if len(tileData)%hashSize != 0 {