Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,260 Commits
40 Branches
214 Tags
90 MiB
master
wire-acme-extensions
mariano/init-provisioners
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.8.2
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

232 Commits (master)

Author SHA1 Message Date
verytrap db92404342 chore: fix function names in comment 
Signed-off-by: verytrap <wangqiuyue@outlook.com>
 3 weeks ago
Mariano Cano 10f6a901ec
Let the CA determine the RA lifetime 
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.

This commit also fixes linter warnings.

Related to #1094
 2 months ago
Herman Slatman cf8a50157f
Add a basic e2e test for `X-Request-Id` reflection 2 months ago
Herman Slatman 041b486c55
Remove usages of `Sign` without context 2 months ago
Herman Slatman 2a8b80a3e1
Merge branch 'master' into herman/webhook-request-id 2 months ago
Herman Slatman 3dbb4aad3d
Change CRL unavailable case to HTTP 404 3 months ago
Herman Slatman c76dad8a22
Improve tests for CRL HTTP handler 3 months ago
Herman Slatman d1deb7f930
Add `Expires` header to CRL response 3 months ago
Mariano Cano b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 5 months ago
Max 9f84f7ce35
Allow for identity certificate signing (in sshSign) by skipping validators (#1572) 
- skip urisValidator for identity certificate signing. Implemented
  by building the validator with the context in a hacky way.
 7 months ago
Mariano Cano 52baf52f84
Change scep password type to string 
This commit changes the type of the decrypter key password to string to
be consistent with other passwords in the ca.json
 7 months ago
Mariano Cano 33bdae4a34
Fix redacted tests 7 months ago
Mariano Cano 4d5fbfa439
Fix redacted types in SCEP provisioner 
This commit uses the same types for the fields in the provisioner.SCEP
type and the "redacted" models.SCEP.
 7 months ago
Herman Slatman ffe079f31b
Merge branch 'master' into herman/scep-provisioner-decrypter 7 months ago
Herman Slatman 5fd70af2c8
Make API responses aware of the new SCEP decrypter properties 7 months ago
Herman Slatman 3ade92f8d5
Support both a decrypter key URI as well as PEM 7 months ago
Dominic Evans 231b5d8406 chore(deps): upgrade github.com/go-chi/chi to v5 
Upgrade chi to the v5 module path to avoid deprecation warning about v4
and earlier on the old module path.

See https://github.com/go-chi/chi/blob/v4.1.3/go.mod#L1-L4

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
 8 months ago
Herman Slatman 4ef093dc4b
Fix broken tests relying on `Sign` in mocks 8 months ago
Herman Slatman 9e3807eaa3
Use `SignWithContext` in the critical paths 8 months ago
Herman Slatman 4e06bdbc51
Add `SignWithContext` method to authority and mocks 8 months ago
Herman Slatman 98d015b5c3
Fix linting issues 8 months ago
Herman Slatman d9f56cdbdc
Merge branch 'master' into herman/scep-provisioner-decrypter 8 months ago
Herman Slatman 9d3b78ae49
Add `excludeIntermediate` to SCEP provisioner 8 months ago
Max 116ff8ed65
bump go.mod to go1.20 and associated linter fixes (#1518) 8 months ago
Herman Slatman 4186b2c2d0
Change JSON marshaling for SCEP provisioners 
Instead of the old method that redacted sensitive information
by overriding the value of the property and changing it back
to the original, the API now uses a model specifically meant
for API responses. This prevents potential race conditions.

This may be iterated on a bit so that we don't need to rely
on the [provisioner.Interface] interface, which requires the
API model to implement unnecessary methods.
 9 months ago
Herman Slatman d754000a68
Fix SCEP provisioner API test 9 months ago
Herman Slatman 6985b4be62
Clean up the SCEP authority and provisioner 11 months ago
Herman Slatman 180162bd6a
Refactor SCEP provisioner and decrypter 11 months ago
Herman Slatman 0377fe559b
Add basic version of provisioner specific SCEP decrypter 11 months ago
Max df13351586
Merge pull request #1381 from smallstep/max/go-1.19 
Bump go.mod golang version to 1.19
 12 months ago
max furman 8b256f0351
address linter warning for go 1.19 12 months ago
Herman Slatman 017c3273ef
Merge pull request #1374 from smallstep/herman/log-ssh-certificate 
Log SSH certificates
 1 year ago
Herman Slatman f17bfdf57d
Reformat the SSH certificate logging output for read- and parsability 1 year ago
Herman Slatman 4c56877d97
Add SSH certificate logging to renew and rekey too 1 year ago
Panagiotis Siatras 2139121683
optimized render.JSON (#929) 
* api/render: render JSON directly to the underlying writer

* also consider json.MarshalerError a panic
 1 year ago
Herman Slatman 81140f859c
Fix `valid-from` and `valid-to` times 1 year ago
Herman Slatman 39e658b527
Add test for `LogSSHCertificate` 1 year ago
Herman Slatman 922f702da3
Add logging for SSH certificate issuance 1 year ago
Herman Slatman f9ec62f46c
Merge branch 'master' into herman/improve-scep-marshaling 1 year ago
Panagiotis Siatras d797941137
do not render CRLs in memory (#1373) 1 year ago
Herman Slatman c365d8580e
Move provisioner marshaling logic to api package 1 year ago
Herman Slatman b8c306ebfa
Refactor tests stylistically 1 year ago
Panagiotis Siatras 9197de3e96
api/log: removed dependency to certificates/logging 1 year ago
Panagiotis Siatras b7f4881972
merged log tests 1 year ago
Herman Slatman 27bbc3682b
Improve error log test readability 1 year ago
Herman Slatman 362be72120
Fix `StackTracedError` logging 
When running with `STEPDEBUG=1`, a response with a `StackTracedError`
would result in a nil pointer error. This commit fixes the check and
adds a test case.
 1 year ago
Mariano Cano c7f226bcec
Add support for renew when using stepcas 
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
 2 years ago
Mariano Cano 59775fff0c
Merge branch 'master' into crl-support 2 years ago
max furman 66858a3870
No longer need to ignore context warnings when context in request 
- after upgrade to golangci-lint 1.50.0
 2 years ago
Raal Goff d0e81af524 Merge branch 'master' into crl-support 2 years ago