Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,879 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0efaf514d7'
${ noResults }
Commit Graph

164 Commits (0efaf514d72373fa3b10688f2b3975982fbebf99)

Author SHA1 Message Date
Mariano Cano 1be74eca62 Merge branch 'master' into ssh-renew-provisioner 2 years ago
Mariano Cano 6b3a8f22f3 Add provisioner to SSH renewals 
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
 2 years ago
Mariano Cano d461918eb0 Merge branch 'master' into context-authority 2 years ago
Mariano Cano 43ddcf2efe Do not use deprecated AuthorizeSign 2 years ago
Herman Slatman 2b7f6931f3
Change Subject Common Name verification 
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
 2 years ago
Mariano Cano 48e2fabeb8 Add authority.MustFromContext 2 years ago
Mariano Cano 817af3d696 Fix unit tests on the api package 2 years ago
Mariano Cano a93653ea8e Use api.Route instead of the caHandler. 2 years ago
Mariano Cano a6b8e65d69 Retrieve the authority from the context in api methods. 2 years ago
Herman Slatman 74a6e59b1f
Add tests for ProtoJSON and bad proto messages 2 years ago
Herman Slatman bddd08d4b0
Remove "proto:" prefix from bad proto JSON messages 2 years ago
Herman Slatman a2cfbe3d54
Fix (part of) PR comments 2 years ago
Herman Slatman 6532c93303
Improve read.ProtoJSON bad protobuf body error handling 2 years ago
Herman Slatman def9438ad6
Improve handling of bad JSON protobuf bodies 2 years ago
Herman Slatman 30d5d89a13
Improve test coverage for Policy Admin API 2 years ago
Herman Slatman 571b21abbc
Fix (most) PR comments 2 years ago
Herman Slatman 628d7448de
Don't return policy in provisioner JSON 2 years ago
Herman Slatman 2fbdf7d5b0
Merge branch 'master' into herman/allow-deny 2 years ago
Panagiotis Siatras 00634fb648
api/render, api/log: initial implementation of the packages (#860) 
* api/render: initial implementation of the package

* acme/api: refactored to support api/render

* authority/admin: refactored to support api/render

* ca: refactored to support api/render

* api: refactored to support api/render

* api/render: implemented Error

* api: refactored to support api/render.Error

* acme/api: refactored to support api/render.Error

* authority/admin: refactored to support api/render.Error

* ca: refactored to support api/render.Error

* ca: fixed broken tests

* api/render, api/log: moved error logging to this package

* acme: refactored Error so that it implements render.RenderableError

* authority/admin: refactored Error so that it implements render.RenderableError

* api/render: implemented RenderableError

* api/render: added test coverage for Error

* api/render: implemented statusCodeFromError

* api: refactored RootsPEM to work with render.Error

* acme, authority/admin: fixed pointer receiver name for consistency

* api/render, errs: moved StatusCoder & StackTracer to the render package
 2 years ago
Andrew Reed d5d70baba7
Add /roots.pem handler (#866) 
* Add /roots.pem handler

* Review changes

* Remove no peer cert test case
 2 years ago
Herman Slatman 23676d3bcc
Merge branch 'master' into herman/allow-deny 2 years ago
Panagiotis Siatras b98f86a515
scep: minor cleanup (#867) 
* api, scep: removed scep.Error

* scep/api: replaced nextHTTP with http.HandlerFunc

* scep/api: renamed writeSCEPResponse to writeResponse

* scep/api: renamed decodeSCEPRequest to decodeRequest

* scep/api: renamed writeError to fail

* scep/api: replaced pkg/errors with errors

* scep/api: formatted imports

* scep/api: do not export SCEPRequest & SCEPResponse

* scep/api: do not export Handler

* api: flush errors better
 2 years ago
Herman Slatman 613c99f00f
Fix linting issues 2 years ago
Herman Slatman dc23fd23bf
Merge branch 'master' into herman/allow-deny-next 2 years ago
Herman Slatman 6b620c8e9c
Improve protobuf unmarshaling error handling 2 years ago
Panagiotis Siatras 80abda22ee
api/log: initial implementation of the package (#859) 
* api/log: initial implementation of the package

* api: refactored to support api/log

* scep/api: refactored to support api/log

* api/log: documented the package

* api: moved log-related tests to api/log
 2 years ago
Panagiotis Siatras df89ed5acb
api: moved read-related tests to api/read 2 years ago
Panagiotis Siatras 29092b9d8a
api: refactored to use the read package 2 years ago
Panagiotis Siatras 7fb8acda27
api/read: initial implementation of the package 2 years ago
Herman Slatman 81b0c6c37c
Add API implementation for authority and provisioner policy 2 years ago
Mariano Cano f8df6a1acc Change variable name for consistency 2 years ago
Mariano Cano 616490a9c6 Refactor renew after expiry token authorization 
This changes adds a new authority method that authorizes the
renew after expiry tokens.
 2 years ago
Mariano Cano afb5d36206 Allow to renew certificates using an x5c-like token. 2 years ago
Herman Slatman 5fe9909174
Refactor AdminAuthority interface 2 years ago
Herman Slatman 5f224b729e
Add tests for Provisioner Admin API 3 years ago
Herman Slatman d799359917
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 2215a05c28
Add tests for ACME EAB Admin 
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.

At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
 3 years ago
Mariano Cano 0cebde3db5 Change fallback message on RekeySSH. 3 years ago
Mariano Cano 9fd147f3da Change error message. 3 years ago
Mariano Cano b5db3f5706 Modify errs.ForbiddenErr to always return an error to the cli. 3 years ago
Mariano Cano 668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 3 years ago
Mariano Cano 8c8db0d4b7 Modify errs.BadRequestErr() to always return an error to the client. 3 years ago
Mariano Cano 8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 3 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano 833d28cb6a Clone the certificate in case we need to look at it later. 3 years ago
Mariano Cano 568fce201a Enforce identity cert to match ssh cert on renewals. 3 years ago
Mariano Cano 4aa529605d
Merge pull request #641 from hillu/quote-serial 
Log certificate's serial number as stringified decimal number
 3 years ago
Herman Slatman 9210a6740b
Fix logging provisioner name as string 3 years ago
Hilko Bengen edb01bc9f2 Log certificate's serial number as stringified decimal number 
Using a JSON string fixes a common issue with JSON parsers that
deserialize all numbers to a 64-bit IEEE-754 floats. (Certificate
serial numbers are usually 128 bit values.)

This change is consistent with existing log entries for revocation
requests.

See also: #630, #631
 3 years ago