Skip to main content

4.6. Retrieve Entries from Log

4.6. Retrieve Entries from Log

GET https://<log server>/ct/v1/get-entries

Inputs:

  • start: 0-based index of first entry to retrieve, in decimal.

  • end: 0-based index of last entry to retrieve, in decimal.

Outputs:

  • entries: An array of objects, each consisting of

    • leaf_input: The base64-encoded MerkleTreeLeaf structure.

    • extra_data: The base64-encoded unsigned data pertaining to the log entry. In the case of an X509ChainEntry, this is the "certificate_chain". In the case of a PrecertChainEntry, this is the whole "PrecertChainEntry".

Note that this message is not signed -- the retrieved data can be verified by constructing the Merkle Tree Hash corresponding to a retrieved STH. All leaves MUST be v1. However, a compliant v1 client MUST NOT construe an unrecognized MerkleLeafType or LogEntryType value as an error. This means it may be unable to parse some entries, but note that each client can inspect the entries it does recognize as well as verify the integrity of the data by treating unrecognized leaves as opaque input to the tree.

The "start" and "end" parameters SHOULD be within the range 0 <= x < "tree_size" as returned by "get-sth" in Section 4.3.

Logs MAY honor requests where 0 <= "start" < "tree_size" and "end" >= "tree_size" by returning a partial response covering only the valid entries in the specified range. Note that the following restriction may also apply:

Logs MAY restrict the number of entries that can be retrieved per "get-entries" request. If a client requests more than the permitted number of entries, the log SHALL return the maximum number of entries permissible. These entries SHALL be sequential beginning with the entry specified by "start".

Last updated on