Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,249 Commits
40 Branches
214 Tags
90 MiB
master
wire-acme-extensions
mariano/init-provisioners
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.8.2
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

370 Commits (master)

Author SHA1 Message Date
verytrap db92404342 chore: fix function names in comment 
Signed-off-by: verytrap <wangqiuyue@outlook.com>
 3 weeks ago
Mariano Cano 10f6a901ec
Let the CA determine the RA lifetime 
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.

This commit also fixes linter warnings.

Related to #1094
 2 months ago
Herman Slatman 041b486c55
Remove usages of `Sign` without context 2 months ago
Herman Slatman 2a8b80a3e1
Merge branch 'master' into herman/webhook-request-id 2 months ago
Herman Slatman e52836f0ab
Add `RS1` support for ACME `device-attest-01` 4 months ago
Herman Slatman c59d293d26
Add support for `HTTP_PROXY` and `HTTPS_PROXY` to ACME solver client 4 months ago
Mariano Cano b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 5 months ago
Herman Slatman f453323ba9
Merge pull request #1631 from smallstep/herman/fix-apple-acmeclient-invalid-signatures 5 months ago
Herman Slatman 405aae798c
Simplify the `copy` logic used when patching JWS signature 5 months ago
Max d34f0f6a97
Fix linter warnings (#1634) 5 months ago
Herman Slatman 26a3bb3c11
Make the Apple JWS fix more robust and catch more cases. 5 months ago
Herman Slatman 113491e7af
Remove TODO for patching other algorithms for Apple ACME client 5 months ago
Herman Slatman 06f4cbbcda
Add (temporary) fix for missing null bytes in Apple JWS signatures 
Apparently the Apple macOS (and iOS?) ACME client seems to omit
leading null bytes from JWS signatures. The base64-url encoded
bytes decode to a shorter byte slice than what the JOSE library
expects (e.g. 63 bytes instead of 64 bytes for ES256), and then
results in a `jose.ErrCryptoFailure`.

This commit retries verification of the JWS in case the first
verification fails with `jose.ErrCryptoFailure`. The signatures are
checked to be of the correct length, and if not, null bytes are
prepended to the signature. Then verification is retried, which
might fail again, but for other reasons. On success, the payload
is returned.

Apple should fix this in their ACME client, but in the meantime
this commit prevents some "bad request" error cases from happening.
 5 months ago
Dominic Evans 231b5d8406 chore(deps): upgrade github.com/go-chi/chi to v5 
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.

See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
 7 months ago
Herman Slatman 4ef093dc4b
Fix broken tests relying on `Sign` in mocks 7 months ago
Herman Slatman 9e3807eaa3
Use `SignWithContext` in the critical paths 7 months ago
Herman Slatman 4e06bdbc51
Add `SignWithContext` method to authority and mocks 7 months ago
Herman Slatman f2993c4c3b
Use the legacy `tpm2` package import 7 months ago
Max 116ff8ed65
bump go.mod to go1.20 and associated linter fixes (#1518) 8 months ago
Mariano Cano d8eeebfd51
Fix error string in tests 
This commit fixes a test checking an error string from an external
dependency.
 8 months ago
Herman Slatman c952e9fc9d
Use `NewDetailedError` instead 9 months ago
Herman Slatman f3c24fe875
Change how multiple identifiers are printed in errors 9 months ago
Herman Slatman a0cdad335d
Add test for `WithAdditionalErrorDetail` 9 months ago
Herman Slatman 9a52675865
Return descriptive error when using unsupported format 9 months ago
Herman Slatman 0d3338ff3a
Return consistent ACME error types for specific cases 9 months ago
Herman Slatman df22b8a303
Cleanup some leftover TODOs 9 months ago
Herman Slatman dd9bf1e915
Add error details for the `step` format 9 months ago
Herman Slatman 9cbbd1d575
Add error details to ACME `tpm` format validation errors 9 months ago
Herman Slatman d5dd8feccd
Prevent internal errors from being returned to ACME clients 9 months ago
Herman Slatman 979e0f8f51
Add error details to select error cases for `apple` format 9 months ago
Herman Slatman a5801b3c74
Fix TPM simulator initialization for tests 10 months ago
Max 7731edd816
Store and verify Acme account location (#1386) 
* Store and verify account location on acme requests

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
Co-authored-by: Mariano Cano <mariano@smallstep.com>
 11 months ago
Herman Slatman e71b62e95c
Merge branch 'master' into herman/update-crypto-v0.29.4 12 months ago
max furman 8b256f0351
address linter warning for go 1.19 12 months ago
Herman Slatman 0c2b00f6a1
Depend on our fork of `go-attestation` 12 months ago
Herman Slatman d9aa2c110f
Increase test coverage for AK certificate properties 1 year ago
Herman Slatman ed1a62206e
Add additional verification of AK certificate 1 year ago
Herman Slatman 1c38e252a6
Cast `alg` to a valid `COSEAlgorithmIdentifier` 1 year ago
Herman Slatman e25acff13c
Simplify `alg` validity check 1 year ago
Herman Slatman 9cd4b362f7
Extract the `ParseSubjectAlternativeNames` function 1 year ago
Herman Slatman b6957358fc
Fix PR remarks 
- Root CA error message improved
- Looping through intermediate certs
- Change checking unhandled extensions to using `if`
 1 year ago
Herman Slatman 09bd7705cd
Fix linting issues 1 year ago
Herman Slatman f88ef6621f
Add `PermanentIdentifier` SAN parsing and tests 1 year ago
Herman Slatman 52023d6083
Add tests for `doTPMAttestationFormat` 1 year ago
Herman Slatman ae30f6e96b
Add failing TPM simulator test 1 year ago
Herman Slatman bf53b394a1
Add `tpm` format test with simulated TPM 1 year ago
Herman Slatman 094f0521e2
Remove check for `PermanentIdentifier` from `tpm` format validation 1 year ago
Herman Slatman 589a62df74
Make validation of `tpm` format stricter 1 year ago
Herman Slatman 213b31bc2c
Simplify processing logic for unhandled critical extension 1 year ago
Herman Slatman e1c7e8f00b
Return the CSR public key fingerprint for `tpm` format 1 year ago