This repository has been archived by the owner on Apr 27, 2021. It is now read-only.
Add Support for Ignoring Hosts to CertificateTransparencyInterceptor #16
Assignees
Labels
enhancement
New feature or request
Comments
|
Added support in v0.1.5 |
|
Wonderful, thank you @mattmook - absolute super star! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently we can only specify hosts to process. The use case is this:
1: Configure a bunch of wild card domains to enable this for PLUS...
2: A bunch of overrides we want this disabled for.
Disabled hosts higher priority than enabled ones obviously.
The behaviour then allows our configuration to represent a bunch of exceptions that we need to work our way through and get certs in place that support SCTs.
Might look like this...
new CertificateTransparencyInterception.Builder()
.addHost(".example.com")
.addHost(".anotherexample.com")
.addIgnoreHost("domainwithoutscts.example.com")
.build()
Hopefully that makes sense. Over time our development team would look to remove the ignored hosts as they get fixed to contain certs containing the SCTs. Once all ignores gone we'd be free of operational burden (kinda) as the wild card hosts protect all our domains without having to keep specifying exact details.
The text was updated successfully, but these errors were encountered: