Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,272 Commits
40 Branches
214 Tags
90 MiB
master
wire-acme-extensions
mariano/init-provisioners
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.8.2
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

41 Commits (master)

Author SHA1 Message Date
Herman Slatman 041b486c55
Remove usages of `Sign` without context 3 months ago
Herman Slatman 4ef093dc4b
Fix broken tests relying on `Sign` in mocks 8 months ago
Herman Slatman 4e06bdbc51
Add `SignWithContext` method to authority and mocks 8 months ago
max furman 8b256f0351
address linter warning for go 1.19 1 year ago
Mariano Cano 6ba20209c2
Verify CSR key fingerprint with attestation certificate key 
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
 1 year ago
Herman Slatman 64d9ad7b38
Validate Subject Common Name for Orders with Permanent Identifier 1 year ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Herman Slatman 9e0edc7b50
Add early authority policy evaluation to ACME order API 2 years ago
Herman Slatman a5f2f004e3
Change name of IP Common Name test for clarity 2 years ago
Herman Slatman bc0875bd7b
Disallow email address and URLs in the CSR 
Before this commit `step` would allow email addresses and URLs
in the CSR. This doesn't fit nicely with the rest of ACME, in which
identifiers need to be authorized before a certificate is issued.
 2 years ago
Herman Slatman 13a31fd862
Merge branch 'master' into herman/ip-sans-improvements 2 years ago
Herman Slatman a5d33512fe
Fix test 2 years ago
Herman Slatman a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement 
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.

The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
 2 years ago
Herman Slatman 2d357da99b
Add tests for ACME revocation 2 years ago
Herman Slatman 8f7e700f09
Merge branch 'master' into hs/acme-revocation 3 years ago
max furman 857a50434c Merge branch 'master' into max/cert-mgr-crud 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Herman Slatman 16fe07d4dc
Fix mockSignAuth 3 years ago
Herman Slatman 8e4a4ecc1f
Refactor tests for sans 3 years ago
Herman Slatman 87b72afa25
Fix IP equality check and add more tests 3 years ago
Herman Slatman a6d33b7d06
Add tests for sans() 3 years ago
Herman Slatman 64c15fde7e
Add tests for canonicalize function 3 years ago
Herman Slatman 218a2adb9f
Add tests for IP Order validations 3 years ago
Herman Slatman 6d9710c88d
Add initial support for ACME IP validation 3 years ago
max furman bdf4c0f836 add acme order unit tests 3 years ago
max furman c0a9f24798 add authorization and order unit tests 3 years ago
max furman bb8d54e596 [acme db interface] unit tests compiling 3 years ago
max furman 272cce522e Fix test and change method name 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
Mariano Cano 0c8376a7f6 Fix existing unit tests. 4 years ago
max furman d25e7f64c2 wip 4 years ago
max furman 41a1a053d8 Always convert empty list to nil when saving orderIDs index. 4 years ago
max furman 704a510a2a Remove non-pending orders from the acme_orders_by_account index ... 
- Each acme account has an index in this table. Before this change, the
index would grow unchecked as orders accumulate. This change removes
orders that have moved out of the 'PENDING' state.
 4 years ago
max furman 6e69f99310 Always set nbf and naf for new ACME orders ... 
- Use the default value from the ACME provisioner if values are not
defined in the request.
 4 years ago
Max ba91f4ed13
Merge pull request #260 from anxolerd/feat-force-cn-if-empty 
[Feature] Force CommonName for certificates from ACME provisioner
 4 years ago
Oleksandr Kovalchuk 893a53793a
Modify existing tests to accept forceCNOption modifier 
Modify existing tests to pass with changes introduced in commit
322200b7db. This is safe to do as
tests assert exact length of modifiers, which has changed.
 4 years ago
max furman e1409349f3 Allow relative URL for all links in ACME api ... 
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
 4 years ago
Ivan Bertona 4b473732d9 Add support for TLS-ALPN-01 challenge. 4 years ago
Mariano Cano 0a890a5c16 Add the commonName as a DNSName to match RFC. 
Normalize names and remove the use of reflection.
 4 years ago
Jozef Kralik bc6074f596 Change api of functions Authority.Sign, Authority.Renew 
Returns certificate chain instead of 2 members.

Implements #126
 5 years ago
max furman e3826dd1c3 Add ACME CA capabilities 5 years ago