crt.sh reliability

2 files changed, 11 insertions, 6 deletions

diff --git a/Makefile b/Makefile
index 7ee6e91..fa8cadc 100644
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,7 @@ NET-%:
 	date > $@
 
 .DELETE_ON_ERROR:
-.SECONDARY:
+.NOTINTERMEDIATE:
 .PHONY: FORCE
 
 # bin/
@@ -39,9 +39,14 @@ public/%.css: public/%.scss
 
 public/index.html: public/tls.html.part public/crtsh.html.part public/diff.html.part public/jarmon.html.in
 
-public/crtsh.pem: bin/crtsh-getcerts cfg/domains.txt NET-crtsh
+public/crtsh-%.atom: NET-crtsh
 	@mkdir -p '$(@D)'
-	bin/crtsh-getcerts $$(sed 's/#.*//' cfg/domains.txt) > $@
+	rm -f -- $@
+	set -x; while ! grep --quiet '<entry' $@ 2>/dev/null; do \
+	  curl 'https://crt.sh/atom?identity=%25.$*&exclude=expired' >$@ || rm -f -- $@; \
+	done
+public/crtsh.pem: bin/crtsh-getcerts cfg/domains.txt $(foreach d,$(shell sed 's/#.*//' cfg/domains.txt),public/crtsh-$d.atom)
+	bin/crtsh-getcerts $(filter %.atom,$^) >$@
 
 public/tls.pem: bin/tls-getcerts cfg/sockets.txt NET-tls
 	@mkdir -p '$(@D)'
diff --git a/bin-src/crtsh-getcerts b/bin-src/crtsh-getcerts
index f01a4c7..9831555 100755
--- a/bin-src/crtsh-getcerts
+++ b/bin-src/crtsh-getcerts
@@ -3,9 +3,9 @@ require 'nokogiri'
 require 'open-uri'
 
 certs = {}
-ARGV.each do |domain|
-	[ domain, "%.#{domain}" ].each do |pattern|
-		Nokogiri::XML(URI.open("https://crt.sh/atom?"+URI.encode_www_form("identity" => pattern, "exclude" => "expired"))).css('feed > entry').each do |entry|
+ARGV.each do |domain_atom|
+	File.open(domain_atom) do |fh|
+		Nokogiri::XML(fh).css('feed > entry').each do |entry|
 			url = entry.css('id').first.text.split("#").first
 
 			updated = entry.css('updated').first.text