{"id":13418278,"url":"https://github.com/google/certificate-transparency","last_synced_at":"2025-12-30T16:54:41.970Z","repository":{"id":17220819,"uuid":"19989605","full_name":"google/certificate-transparency","owner":"google","description":"Auditing for TLS certificates.","archived":true,"fork":false,"pushed_at":"2023-08-02T10:33:41.000Z","size":27912,"stargazers_count":870,"open_issues_count":78,"forks_count":281,"subscribers_count":102,"default_branch":"master","last_synced_at":"2025-01-07T16:07:30.403Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://certificate.transparency.dev","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README-MacOS.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2014-05-20T17:03:47.000Z","updated_at":"2025-01-04T14:09:38.000Z","dependencies_parsed_at":"2022-07-26T14:02:12.907Z","dependency_job_id":"ebc34805-afba-4f6e-bfb8-fd09c369f31b","html_url":"https://github.com/google/certificate-transparency","commit_stats":{"total_commits":2006,"total_committers":69,"mean_commits":29.07246376811594,"dds":0.7038883349950149,"last_synced_commit":"2588562fd306a447958471b6f06c1069619c1641"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fcertificate-transparency","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fcertificate-transparency/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fcertificate-transparency/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fcertificate-transparency/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/certificate-transparency/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243681024,"owners_count":20330152,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T22:01:00.504Z","updated_at":"2025-12-17T06:29:54.926Z","avatar_url":"https://github.com/google.png","language":"C++","readme":"OS X Specific Instructions\n==========================\n\nBuilds\n------\n\nWe recommend that you use GClient to build on OSX. Please follow the\ninstructions in the [main readme](README.md) file.\n\nTrusted root certificates\n-------------------------\n\nThe CT code requires a set of trusted root certificates in order to:\n   1. Validate outbound HTTPS connections\n   2. (In the case of the log-server) decide whether to accept a certificate\n      chain for inclusion.\n\nOn OSX, the system version of OpenSSL (0.9.8gz at time of writing) contains\nApple-provided patches which intercept failed chain validations and re-attempts\nthem using roots obtained from the system keychain. Since we use a much more\nrecent (and unpatched) version of OpenSSL this behaviour is unsupported and so\na PEM file containing the trusted root certs must be used.\n\nTo use a certificate PEM bundle file with the CT C++ code, the following\nmethods may be used.\n\n### Incoming inclusion requests (ct-server only)\n\nSet the `--trusted_cert_file` flag to point to the location of the PEM file\ncontaining the set of root certificates whose chains should be accepted for\ninclusion into the log.\n\n### For verifying outbound HTTPS connections (ct-mirror)\n\nEither set the `--trusted_roots_certs` flag, or the `SSL_CERT_FILE`\nenvironment variable, to point to the location of the PEM file containing the\nroot certificates to be used to verify the outbound HTTPS connection.\n\nSources of trusted roots\n------------------------\n\nObviously the choice of root certificates to trust for outbound HTTPS\nconnections and incoming inclusion requests are a matter of operating policy,\nbut it is often useful to have a set of common roots for testing and\ndevelopment at the very least.\n\nWhile OSX ships with a set of common trusted roots, they are not directly\navailable to OpenSSL and must be exported from the keychain first.  This can be\nachieved with the following command:\n\n```bash\nsecurity find-certificates -a -p /Library/Keychains/System.keychain \u003e certs.pem\nsecurity find-certificates -a -p /System/Library/Keychains/SystemRootCertificates.keychain \u003e\u003e certs.pem\n```\n\n","funding_links":[],"categories":["TODO scan for Android support in followings","Tools","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","\u003ca name=\"cpp\"\u003e\u003c/a\u003eC++","\u003ca id=\"86d5daccb4ed597e85a0ec9c87f3c66f\"\u003e\u003c/a\u003eTLS\u0026\u0026SSL\u0026\u0026HTTPS","C++"],"sub_categories":["Reconnaissance","\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"776c034543a65be69c061d1aafce3127\"\u003e\u003c/a\u003e新添加的"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fcertificate-transparency","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fcertificate-transparency","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fcertificate-transparency/lists"}