Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,402 Commits
38 Branches
221 Tags
44 MiB
master
herman/pkcs7-windows-scep-fix
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.4-rc1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '22ff90f655'
${ noResults }
Commit Graph

193 Commits (22ff90f655a5d1de3f049fccdb917487237b760f)

Author SHA1 Message Date
Herman Slatman 22ff90f655
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman a5f2f004e3
Change name of IP Common Name test for clarity 3 years ago
Herman Slatman f9ae875f9d
Use short if-style statements 3 years ago
Herman Slatman 80bebda69c
Fix code style issue 3 years ago
Herman Slatman bc0875bd7b
Disallow email address and URLs in the CSR 
Before this commit `step` would allow email addresses and URLs
in the CSR. This doesn't fit nicely with the rest of ACME, in which
identifiers need to be authorized before a certificate is issued.
 3 years ago
Herman Slatman 13a31fd862
Merge branch 'master' into herman/ip-sans-improvements 3 years ago
Herman Slatman ca707cbe05
Fix linting 3 years ago
Herman Slatman a5d33512fe
Fix test 3 years ago
Herman Slatman a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement 
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.

The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
 3 years ago
Herman Slatman d799359917
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 63371a8fb6
Add additional tests for ACME EAB Admin 3 years ago
Herman Slatman 0524122191
Remove authorization flow for different Account private keys 
As discussed in https://github.com/smallstep/certificates/issues/767,
we opted for not including this authorization flow to prevent users
from getting OOMs. We can add the functionality back when the
underlying data store can provide access to a long list of
Authorizations more efficiently, for example when a callback is
implemented.
 3 years ago
Herman Slatman 2215a05c28
Add tests for ACME EAB Admin 
Refactored some of the existing bits for testing the Authority
API by creation of a new LinkedAuthority interface and changing
visibility of the MockAuthority to be usable by other packages.

At this time, not all of the functions of MockAuthority it usable
yet. Will refactor when needed or requested.
 3 years ago
Herman Slatman 9885d42711
Fix linting issues 3 years ago
Herman Slatman 6e11657204
Refactor creation of (raw) EAB JWS contents 3 years ago
Herman Slatman 23898e9b76
Improve EAB JWS validation and increase test coverage 3 years ago
Herman Slatman d0c23973cc
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 004fc054d5
Fix PR comments 3 years ago
Herman Slatman 06bb97c91e
Add logic for Account authorizations and improve tests 3 years ago
Herman Slatman bae1d256ee
Improve tests for JWK vs. KID revoke auth flow 
The logic for both test cases is fairly similar, but with some
small differences. Made those clearer by means of some comments.
Also added some comments to the middleware logic that decided
whether to extract JWK or lookup by KID.
 3 years ago
Herman Slatman a7fbbc4748
Add tests for GetCertificateBySerial 3 years ago
Herman Slatman 4d01cf8135
Increase test code coverage 3 years ago
Herman Slatman 2d357da99b
Add tests for ACME revocation 3 years ago
Herman Slatman ed295ca15d
Fix linting issue 3 years ago
Herman Slatman 2d50c96d99
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
Herman Slatman 29f9730485
Satisfy golangci-lint 3 years ago
Herman Slatman c7a9c13060
Add tests for extractOrLookupJWK middleware 3 years ago
Herman Slatman 3151255a25
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman 4d726d6b4c
Add pagination to ACME EAB credentials endpoint 3 years ago
Herman Slatman d354d55e7f
Improve handling duplicate ACME EAB references 3 years ago
Herman Slatman dd4b4b0435
Fix remaining gocritic remarks 3 years ago
Herman Slatman a4660f73fa
Fix some of the gocritic remarks 3 years ago
Herman Slatman e0b495e4c8
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman c26041f835
Add ACME EAB nosql tests 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Herman Slatman 0afea2e957
Improve tests for already bound EAB keys 3 years ago
Herman Slatman c2bc1351c6
Add provisioner to remove endpoint and clear reference index on delete 3 years ago
Herman Slatman 746c5c9fd9
Disallow creation of EAB keys with non-unique references 3 years ago
Herman Slatman 9c0020352b
Add lookup by reference and make reference optional 3 years ago
Herman Slatman 02cd3b6b3b
Fix PR comments 3 years ago
Herman Slatman f11c0cdc0c
Add endpoint for listing ACME EAB keys 3 years ago
Herman Slatman a1afbce50c
Check EAB key exists before deleting it 3 years ago
Herman Slatman 9d09f5e575
Add support for deleting ACME EAB keys 3 years ago
Herman Slatman a98fe03e80
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 1dba8698e3
Use LinkedCA.EABKey type in ACME EAB API 3 years ago
Mariano Cano 470b546d59
Merge pull request #557 from joejulian/http01-isv 
use InsecureSkipVerify for validation
 3 years ago
max furman a3028bbc0e Add test for updateAddOrderIDs 3 years ago
Mariano Cano dc5205cc72 Extract the tls error code and fail accordingly. 3 years ago
Mariano Cano ae58a0ee4e Make tests compatible with Go 1.17. 
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
 3 years ago