certstream-server
certstream-server copied to clipboard
CaliDog
Server stops querying with `(MatchError) no match of right hand side` and hangs
After running the included Dockerfile for a few weeks, it crashed with this error:
certstream_1 | 00:47:21.223 [error] Task #PID<0.32421.2282> started from #PID<0.26850.2282> terminating
certstream_1 | ** (MatchError) no match of right hand side value: <<48, 0>>
certstream_1 | (easy_ssl) lib/easy_ssl.ex:519: anonymous fn/2 in EasySSL.parse_extensions/1
certstream_1 | (elixir) lib/enum.ex:1940: Enum."-reduce/3-lists^foldl/2-0-"/3
certstream_1 | (easy_ssl) lib/easy_ssl.ex:508: anonymous fn/2 in EasySSL.parse_extensions/1
certstream_1 | (elixir) lib/enum.ex:1940: Enum."-reduce/3-lists^foldl/2-0-"/3
certstream_1 | (easy_ssl) lib/easy_ssl.ex:494: anonymous fn/2 in EasySSL.parse_extensions/1
certstream_1 | (elixir) lib/enum.ex:1940: Enum."-reduce/3-lists^foldl/2-0-"/3
certstream_1 | (easy_ssl) lib/easy_ssl.ex:84: EasySSL.parse_der/2
certstream_1 | (certstream) lib/certstream/ct_parser.ex:65: Certstream.CTParser.parse_certificate_chain/2
certstream_1 | Function: &:erlang.apply/2
certstream_1 | Args: [#Function<0.1115940/1 in Certstream.CTWatcher.broadcast_updates/2>, [[802869502, 802869503, 802869504, 802869505, 802869506, 802869507, 802869508, 802869509, 802869510, 802869511, 802869512, 802869513, 802869514, 802869515, 802869516, 802869517, 802869518, 802869519, 802869520, 802869521, 802869522, 802869523, 802869524, 802869525, 802869526, 802869527, 802869528, 802869529, 802869530, 802869531, 802869532, 802869533, 802869534, 802869535, 802869536, 802869537, 802869538, 802869539, 802869540, 802869541, 802869542, 802869543, 802869544, 802869545, 802869546, 802869547, 802869548, ...]]]
After this point, certstream-server doesn't send any more GET requests or log anything else.
This closed issue seems very related: https://github.com/CaliDog/certstream-server/issues/5
P.S. @Fitblip thanks for your work on this project. I started hosting my own instance after seeing your tweet. This project makes following CT logs so simple!
I also encountered this issue, so I do a bit try do/ rescue to skip certs which failed to parse
+++ b/certstream_server/lib/certstream/ct_watcher.ex
@@ -175,20 +175,25 @@ defmodule Certstream.CTWatcher do
entries
|> Enum.zip(ids)
|> Enum.map(fn {entry, cert_index} ->
- entry
- |> Certstream.CTParser.parse_entry
- |> Map.merge(
- %{
- :cert_index => cert_index,
- :seen => :os.system_time(:microsecond) / 1_000_000,
- :source => %{
- :url => state[:operator]["url"],
- :name => state[:operator]["description"],
- },
- :cert_link => "#{state[:operator]["url"]}ct/v1/get-entries?start=#{cert_index}&end=#{cert_index}"
- }
- )
+ try do
+ entry
+ |> Certstream.CTParser.parse_entry
+ |> Map.merge(
+ %{
+ :cert_index => cert_index,
+ :seen => :os.system_time(:microsecond) / 1_000_000,
+ :source => %{
+ :url => state[:operator]["url"],
+ :name => state[:operator]["description"],
+ },
+ :cert_link => "#{state[:operator]["url"]}ct/v1/get-entries?start=#{cert_index}&end=#{cert_index}"
+ }
+ )
+ rescue e ->
+ Logger.error("Failed to parse cert #{inspect e} #{inspect entry}")
+ end
end)
+ |> Enum.filter(&is_map/1)
|> Certstream.ClientManager.broadcast_to_clients
