Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,015 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'herman/acme-da-roots'
${ noResults }
Commit Graph

3015 Commits (herman/acme-da-roots)
 

Author SHA1 Message Date
Mariano Cano a7fcfe0e4e Verify with roots and intermediates 2 years ago
Mariano Cano 30c54a555d Add entry in changelog 2 years ago
Mariano Cano ea8579f3df Fix bad signature algorithm on EC+RSA PKI 
When the root certificate has an EC key and he intermediate has an
RSA key, the signature algorithm of the leafs should be the default
one, SHA256WithRSA, instead of the one that the intermediate has.

Fixes #1033
 2 years ago
Mariano Cano 59b7603d1e Use a clientAuth only cert for device-attest-01 2 years ago
Mariano Cano 6db631df51 Upgrade go.step.sm/crypto@attest 2 years ago
Mariano Cano ca412e77cc Return error on attestation validation 
The method storeError returns a nil error
 2 years ago
Mariano Cano ab5f916bd3 Define ErrorBadAttestationStatement 2 years ago
Mariano Cano 735c9d49b0 Add support for yubikey attestation 2 years ago
Mariano Cano ebce40e9b6 Add new method ACMEClient.ValidateWithPayload 
This new method will be used to validate to validate the device
attestation payload.
 2 years ago
Mariano Cano a893d6e7f7 Upgrade go.step.sm/cli-utils 
Fixes issue with step path
 2 years ago
Mariano Cano 432477aa91
Merge pull request #1030 from smallstep/herman/fix-template-validation 
Add provisioner template validation
 2 years ago
Mariano Cano 1938b1bb34 Merge branch 'master' into herman/fix-template-validation 2 years ago
Mariano Cano 1d1e024b84 Upgrade to go.step.sm/crypto v0.18.0 2 years ago
Mariano Cano f1c63bc38d Fix challenge mapping 2 years ago
Mariano Cano 2a44972830 Run go mod tidy 2 years ago
Mariano Cano df96b126dc Add AuthorizeChallenge unit tests 2 years ago
Mariano Cano bca311b05e Add acme property to enable challenges 
Fixes #1027
 2 years ago
Mariano Cano ae8d4d8757 Fix unit test 2 years ago
Herman Slatman 6b7b989988
Add provisioner template validation 
Fixes #1012
 2 years ago
Mariano Cano 693dc39481 Merge branch 'master' into device-attestation 2 years ago
Mariano Cano b1e9d5ee86 Revert "Run on plaintext HTTP to support Cloud Run" 
This reverts commit 09b9673a60.
 2 years ago
Mariano Cano dd6f59b538
Merge pull request #1024 from smallstep/gosec 
Address gosec warnings
 2 years ago
Mariano Cano 23b8f45b37 Address gosec warnings 
Most if not all false positives
 2 years ago
Mariano Cano 713dfad884
Merge pull request #1019 from smallstep/head-middleware 
Add a middleware to automatically route HEAD requests to GET
 2 years ago
Max 8f88740a5a
Merge pull request #1014 from smallstep/max/dns-id 
Check for DNS name validity
 2 years ago
Mariano Cano 6cab4d328e Add a middleware to automatically route HEAD requests to GET 
Fixes #992
 2 years ago
max furman c040e4b459 Add unit tests 2 years ago
Mariano Cano 85fc837dc3
Merge pull request #1018 from smallstep/ra-config 
Ra config
 2 years ago
Mariano Cano 3c88a9ccc2 Fixed changelog 2 years ago
Mariano Cano 8e08f0dea3 Add entries to changelog 2 years ago
Mariano Cano 0c7467ceb2 Allow to automatically configure and linked RA 2 years ago
Mariano Cano 5e0be92273 Allow option to skip the validation of config 2 years ago
max furman b7c2f6c482 Check for DNS name validity 2 years ago
Mariano Cano ae76d943c9
Merge pull request #1009 from smallstep/code-ql 
Code QL
 2 years ago
Mariano Cano 2db15e4eb5 Remove unnecessary log entries 
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
 2 years ago
Mariano Cano 759aa26a57 Fix linter warning 2 years ago
Mariano Cano 90d2785776 Sanitize log entries in logging package 2 years ago
Mariano Cano b62f4d1000 Add lgtm comments on some security warnings 2 years ago
Mariano Cano a5439c43cd Remove ciphersuites without Lucky13 countermeasures 
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
 2 years ago
Mariano Cano d6baad443b
Merge pull request #1008 from smallstep/endpoint-id 
Endpoint ID
 2 years ago
Mariano Cano 8bd0174251 Rename field to IsCAServerCert 2 years ago
Mariano Cano 5df1694250 Add endpoint id for the RA certificate 
In a linked RA mode, send an endpoint id to group the server
certificates.
 2 years ago
Max 20784c7a00
Merge pull request #1006 from smallstep/max/revoke-serial-validation 
Validate revocation serial number
 2 years ago
max furman 1dd0d7d0ee Update bad serial error to be more specific 2 years ago
max furman 73ba411e1d [action] parameterize golangci-lint version 2 years ago
Mariano Cano eb091aec54 Simplify field names for ProvisionerInfo 2 years ago
Mariano Cano 2f7cb9225f Use go.step.sm/crypto to set the permanent identifier 2 years ago
Mariano Cano a65adc032b
Merge pull request #1005 from smallstep/crypto-kms 
Use go.step.sm/crypto/kms
 2 years ago
Mariano Cano 21427d5d65 Replace instead of prepend provisioner extension 
With non standard SANs this will generate the SAN and provisioner
extension in the same order.
 2 years ago
Mariano Cano 2ab1e6658e Fix nonce validation 
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
 2 years ago