Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,040 Commits
43 Branches
215 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'herman/fix-nebula-curve-param'
${ noResults }
Commit Graph

376 Commits (herman/fix-nebula-curve-param)

Author SHA1 Message Date
Mariano Cano f639bfc53b Use contexts on the new PolicyAdminResponder 2 years ago
Mariano Cano d461918eb0 Merge branch 'master' into context-authority 2 years ago
Mariano Cano 62d93a644e Apply base context to test of the ca package 2 years ago
Mariano Cano 9147356d8a Fix linter errors 2 years ago
Mariano Cano d1f75f1720 Refactor ACME api. 2 years ago
Mariano Cano 688f9ceb56 Add scep authority to context. 2 years ago
Mariano Cano 216d8f0efb Handle acme requests with the new api 2 years ago
Mariano Cano 439cb81b13 Use admin Route function 2 years ago
Mariano Cano 8bd4e1d73e Inject the acme database in the context 2 years ago
Mariano Cano 0446e82320 Add context methods for the authority database 2 years ago
Mariano Cano 623c296555 Create context methods from admin database 2 years ago
Mariano Cano d5070ecf31 Use server BaseContext 
Instead of using the authority middleware this change adds the
authority in the base context of the server.
 2 years ago
Mariano Cano a93653ea8e Use api.Route instead of the caHandler. 2 years ago
Mariano Cano 900a640f01 Enable the authority middleware in the server 2 years ago
Herman Slatman 2a7620641f
Fix more PR comments 2 years ago
Herman Slatman 76112c2da1
Improve error creation and testing for core policy engine 2 years ago
max furman b91affdd34 exposing authority configuration for provisioner cli commands 2 years ago
Herman Slatman a3c51881c7
Merge branch 'master' into herman/allow-deny 2 years ago
Herman Slatman b72430f4ea
Block all APIs when using linked deployment mode 2 years ago
Carl Tashian 97b64aa851 Cosmetic fix for consistency in the startup messages 2 years ago
Herman Slatman ad2de16299
Merge branch 'master' into herman/allow-deny 2 years ago
Mariano Cano 4770b405ba Drop any query string from the admin tokens 
This commit makes sure the admin token audience is passed without
a query string (or any fragment).
 2 years ago
Herman Slatman ff8cb19b78
Fix usage of URL in generateAdminToken 2 years ago
Herman Slatman abcad679ff
Merge branch 'master' into herman/allow-deny 2 years ago
Mariano Cano 2fbff47acf Add missing return in test. 2 years ago
Mariano Cano 304bb5b97a Remove unused code. 2 years ago
Mariano Cano 8abd568f03 Merge branch 'master' into fix/adminra 2 years ago
Mariano Cano c55b27a2fc Refactor admin token to use with RAs. 2 years ago
Herman Slatman 034b7943fe
Merge branch 'master' into herman/allow-deny 2 years ago
Herman Slatman 7df52dbb76
Add ACME EAB policy 2 years ago
Carl Tashian 150eee70df Updates based on Herman's feedback 2 years ago
Carl Tashian acc75bc679 Add context name to startup info 2 years ago
Carl Tashian 4b9f44982d Merge branch 'master' into startup-info 2 years ago
Carl Tashian 43f2c655b9 More info on startup 2 years ago
Carl Tashian 7ebb2e4c74
Update ca/ca.go 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2 years ago
Carl Tashian 1ba1584c7a Formatted. 2 years ago
Carl Tashian a13e58e340 Update GetAuthorityInfo -> GetInfo 2 years ago
Carl Tashian 90cb6315b1 Progress. 2 years ago
Carl Tashian 055e75f394 Progress? 2 years ago
Herman Slatman 2fbdf7d5b0
Merge branch 'master' into herman/allow-deny 2 years ago
Herman Slatman 0e052fe299
Add authority policy API 2 years ago
Panagiotis Siatras 00634fb648
api/render, api/log: initial implementation of the packages (#860) 
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
 2 years ago
Mariano Cano 750e9ee2f8 Attempt to fix TestBootstrapClientServerRotation 
This change attempts to fix the test TestBootstrapClientServerRotation.
Due to the backdate, the renew options get too large, causing
continuous renewals, and random errors. After experimenting with
different options, truncating durations to seconds have shown better
results than rounding or just use the plain time.
 2 years ago
Mariano Cano 5ab79f53be Fix linter errors 2 years ago
Herman Slatman dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2 years ago
Mariano Cano ba0b170818 Attempt to fix TestBootstrapClientServerRotation 
This change attempts to fix the test TestBootstrapClientServerRotation.
Due to the backdate, the renew options get too large, causing
continuous renewals, and random errors. After experimenting with
different options, truncating durations to seconds have shown better
results than rounding or just use the plain time.
 2 years ago
Carl Tashian f20784be56 format 2 years ago
Carl Tashian 91be50cf70 Add --quiet flag 2 years ago
Carl Tashian 91a25b52bd Print discord 2 years ago
Carl Tashian baf3c40fef Print some basic configuration info on startup 2 years ago
Mariano Cano ad8a813abe Fix linter errors 2 years ago
Panagiotis Siatras e6b2359273
ca: fixed import statement order 2 years ago
Panagiotis Siatras 9ba33bab4e
ca: refactored to use the read package 2 years ago
Mariano Cano 915911efb6 Disable http loggers in test. 
They hide the test that fail on tests in the CI.
 2 years ago
Mariano Cano ead742ca0f Fix unit test 2 years ago
Herman Slatman 81b0c6c37c
Add API implementation for authority and provisioner policy 2 years ago
Mariano Cano 6dcde8a743 Fix typo 2 years ago
Mariano Cano a4dd586a81 Add method to get the CA url from the client. 2 years ago
Mariano Cano 616490a9c6 Refactor renew after expiry token authorization 
This changes adds a new authority method that authorizes the
renew after expiry tokens.
 2 years ago
Mariano Cano 41ea67ce10 Attempt to fix a bootstrap tests 2 years ago
Herman Slatman 4ebf43c011
Merge pull request #820 from smallstep/herman/acme-api 
Refactor ACME Admin API
 2 years ago
Herman Slatman 5cb23c6029
Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names 
Normalize IPv6 hostname addresses
 2 years ago
Herman Slatman d00729df0b
Refactor ACME Admin API 2 years ago
Chris Crook 11637b5793 Add descriptive provisioner JWK decryption error messages 
Wrap other errors in decryption process with more helpful messaging.  This should help users troubleshoot misconfiguration more easily.

Fixes #816
 2 years ago
Herman Slatman bfa2245abb
Merge branch 'master' into herman/normalize-ipv6-dns-names 2 years ago
Herman Slatman c7c5c3c94e
Merge branch 'master' into herman/scep-macos-renewal-fixes 2 years ago
Herman Slatman fd9845e9c7
Add cursor and limit to ACME EAB DB interface 2 years ago
Herman Slatman 716b946e7a
Normalize IPv6 hostname addresses 2 years ago
Herman Slatman 64680bb16d
Fix PR comments 2 years ago
Herman Slatman 3612eefc31
Cleanup 2 years ago
Herman Slatman 9c6580ccd2
Fix macOS SCEP client issues 
Fixes #746
 2 years ago
Herman Slatman 30859d3c83
Remove server-side paging logic for ExternalAccountKeys 3 years ago
Herman Slatman 6929e31fe0
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 22ff90f655
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 07addd0cac
Fix linting issue 3 years ago
Herman Slatman a68208a3ba
Set Step CLI User-Agent when performing ACME requests 3 years ago
Mariano Cano 2c63abcf52 fix grammar 3 years ago
Mariano Cano 7c4e6dcc96 Remove duplicated code in bootstrap methods 3 years ago
Mariano Cano 64c19d4264 Fix subject in test, use ip 3 years ago
Mariano Cano b0b2e77b0e Avoid doing unauthenticated requests on the SDK 
When step-ca runs with mTLS required on some endpoints, the SDK
used in autocert will fail to start because the identity certificate
is missing. This certificate is only required to retrieve all roots,
in most cases there's only one, and the SDK has access to it.
 3 years ago
Herman Slatman d799359917
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 3bc3957b06
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman d0c23973cc
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 2d357da99b
Add tests for ACME revocation 3 years ago
Mariano Cano d35848f7a9 Fix unit tests. 3 years ago
Mariano Cano b9beab071d Fix unit tests. 3 years ago
Mariano Cano 8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 3 years ago
Mariano Cano 8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 3 years ago
max furman 7fac8c96c3 Merge branch 'master' into max/context 3 years ago
max furman a7d144996f SSH backwards compat updates 
- use existence of new value in data map as boolean
- add tests for backwards and forwards compatibility
- fix old tests that used static dir locations
 3 years ago
max furman d777fc23c2 Add ca.WithInsecure and use methods for file names 3 years ago
max furman e5951fd84c Use methods in the step package 
* rather than variables set at execution time, which may not match the
actual current context
 3 years ago
max furman 7eeebca529 Enable step path contexts in identity and pki paths 3 years ago
max furman 10db335f13 mv pkg config -> step 3 years ago
max furman 741ac64c61 change name of package cli-utils/config to cli-utils/step 3 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
Herman Slatman bcd1240a0e
Merge branch 'master' into hs/acme-eab 3 years ago
Mariano Cano 36b622bfc2 Use Golang's default keep-alive. 
Since Go 1.13 a net.Listen keep-alive is enabled by default if
the protocol and OS supports it. The new one is 15s to match
the net.Dial default one. Previously http.Server ListenAndServe
and ListenAndServeTLS used to add a wrapper with 3m that we
replicated.

See https://github.com/golang/go/issues/31510
 3 years ago
Herman Slatman dd4b4b0435
Fix remaining gocritic remarks 3 years ago
Herman Slatman e0b495e4c8
Merge branch 'master' into hs/acme-eab 3 years ago