Releases: reloading01/certstream-server-rust
v1.3.4 — Submission Timestamp Support
Adds the submission_timestamp field to all certificate messages — the moment the CT log issued the Signed Certificate Timestamp (SCT) per RFC 6962 §3.1.
New Features
submission_timestamp Field
Every certificate message (full, lite) now includes submission_timestamp: a Unix timestamp (seconds since epoch, millisecond precision) extracted from the TimestampedEntry.timestamp field in the CT log's Merkle tree leaf.
{
"seen": 1703808000.123,
"submission_timestamp": 1703721600.456
}| Field | Source | Meaning |
|---|---|---|
seen |
Server clock | When this server processed the entry |
submission_timestamp |
CT log | When the CT log accepted the certificate and issued the SCT |
Upgrade Notes
- Drop-in upgrade from v1.3.3. No config or state file changes.
- Additive change — no fields removed.
docker pull ghcr.io/reloading01/certstream-server-rust:1.3.4Community
Thanks to @raffysommy for the contribution (#5).
Contributors
Assets 2
v1.3.3 — Bandwidth Optimization & Stream Control
New Features
Configurable Stream Types
Each stream type (full/lite/domains-only) can be independently enabled or disabled. Disabled streams skip JSON serialization and their routes are not registered — saving CPU and outbound bandwidth.
streams:
full: false # ~4-5 KB/cert — disable to save ~80% outbound
lite: true # ~1 KB/cert
domains_only: true # ~200 B/cert| Variable | Default |
|---|---|
CERTSTREAM_STREAM_FULL_ENABLED |
true |
CERTSTREAM_STREAM_LITE_ENABLED |
true |
CERTSTREAM_STREAM_DOMAINS_ONLY_ENABLED |
true |
Performance
HTTP Compression (gzip + brotli + deflate)
CT log fetch responses are now compressed. Expected inbound bandwidth reduction: ~30-50% (~100-180 GB/day on a full deployment).
Chrome-Trusted Log List
Default log list switched from all_logs_list.json to log_list.json. Removes 31 test/staging/legacy logs, adds 16 new production logs (TrustAsia, Geomys, IPng Networks).
Deferred Chain Parsing
Chain cert parsing deferred until after dedup check — skips DER-parsing 2-4 chain certs for duplicate entries (~60-80% of all fetched entries).
Upgrade Notes
- Drop-in upgrade from v1.3.2
- New
streamsconfig section is optional — defaults to all enabled - For bandwidth-constrained deployments:
CERTSTREAM_STREAM_FULL_ENABLED=false - Override log list URL with
CERTSTREAM_CT_LOGS_URLif needed
docker pull ghcr.io/reloading01/certstream-server-rust:1.3.3
docker pull reloading01/certstream-server-rust:1.3.3v1.3.2
Republished to trigger CI/CD release workflow after workflow trigger fix.