Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,154 Commits
41 Branches
215 Tags
44 MiB
master
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '231f03ae28'
${ noResults }
Commit Graph

64 Commits (231f03ae28ff2c8744cfa8e3091509e02c5124b5)

Author SHA1 Message Date
Herman Slatman 231f03ae28
Use a struct for the Wire DPoP token 5 months ago
Herman Slatman 9bb1b24bf1
Change `kid` and `dpop` validation 5 months ago
Herman Slatman 24795720e1
Perform initialization of DPoP and OIDC options once 5 months ago
Herman Slatman 79739e5073
Change signature algorithm property name 5 months ago
Herman Slatman 7eacb68361
Merge branch 'herman/remove-rusty-cli' into herman/wire-configuration-refactor 5 months ago
Herman Slatman 348363abce
Add Wire `DPoP` proof claims verification 5 months ago
Herman Slatman 1bf807add3
Use base64 encoded signing key format 5 months ago
Herman Slatman b964c97750
Add validation of `handle` and `token` to Wire verification 5 months ago
Herman Slatman cd9480ab14
Fix test for `parseAndVerifyWireAccessToken` 5 months ago
Herman Slatman 897688a831
Merge branch 'wire-acme-extensions' into herman/remove-rusty-cli 5 months ago
Herman Slatman 29fa6621b1
Remove the Wire CLI invocatation 5 months ago
Mariano Cano b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 6 months ago
Mariano Cano d8eeebfd51
Fix error string in tests 
This commit fixes a test checking an error string from an external
dependency.
 10 months ago
Herman Slatman c952e9fc9d
Use `NewDetailedError` instead 11 months ago
Herman Slatman f3c24fe875
Change how multiple identifiers are printed in errors 11 months ago
Herman Slatman 9a52675865
Return descriptive error when using unsupported format 11 months ago
Herman Slatman 0d3338ff3a
Return consistent ACME error types for specific cases 11 months ago
Herman Slatman dd9bf1e915
Add error details for the `step` format 11 months ago
Herman Slatman 9cbbd1d575
Add error details to ACME `tpm` format validation errors 11 months ago
max furman 8b256f0351
address linter warning for go 1.19 1 year ago
Herman Slatman d9aa2c110f
Increase test coverage for AK certificate properties 1 year ago
Mariano Cano 6ba20209c2
Verify CSR key fingerprint with attestation certificate key 
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
 1 year ago
Herman Slatman 3a6fc5e0b4
Remove dependency on `smallstep/assert` in ACME challenge tests 1 year ago
Herman Slatman 0f9128c873
Fix linting issue and order of test SUT 1 year ago
Herman Slatman 2ab9beb7ed
Add tests for `deviceAttest01Validate` 1 year ago
Mariano Cano e27c6c529b
Add support for custom acme ports 
This change adds the flags --acme-http-port, --acme-tls-port, that
combined with --insecure can be used to set custom ports for ACME
http-01 and tls-alpn-01 challenges. These flags should only be used
for testing purposes.

Fixes #1015
 2 years ago
Mariano Cano a7e597450a
Update acme/challenge_test.go 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2 years ago
Mariano Cano 7a78c76199
Add test simulating YubiKey v5.2.4 
There are YubiKeys v5.2.4 where the attestation intermediate (f9)
does not have a basic constraint extension, so that certificate
is not marked as a CA. The test and CA in this commit imitates
that use case. Currently the test case returns an error as we
don't support it. But if we change the verification to support
this use case, the test should change accordingly.
 2 years ago
Mariano Cano 21666ba887
Revert "Set timestamp when marking an acme challenge invalid" 
This reverts commit 5f130895f3.
 2 years ago
Mariano Cano 5f130895f3
Set timestamp when marking an acme challenge invalid 2 years ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano 498549c95c Extract common function used in tests 2 years ago
Mariano Cano 829530ae90 Fix linter errors 2 years ago
Mariano Cano 6b73a020e3 Add unit tests for apple and step attestations 2 years ago
Brandon Weeks aacd6f4cc6 Add device-attest-01 challenge type 2 years ago
Mariano Cano 2ab7dc6f9d Fix acme tests. 2 years ago
Herman Slatman 479c6d2bf5
Fix ACME IPv6 HTTP-01 challenges 
Fixes #890
 2 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano ae58a0ee4e Make tests compatible with Go 1.17. 
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
 3 years ago
Herman Slatman 64c15fde7e
Add tests for canonicalize function 3 years ago
Herman Slatman c514a187b2
Fix Fail() -_-b 3 years ago
Herman Slatman 135e912ac8
Improve coverage for TLS-ALPN-01 challenge 3 years ago
Herman Slatman af4803b8b8
Fix tests 3 years ago
max furman 440678cb62 Add markInvalid arg to storeError for invalidating challenge 3 years ago
max furman b6ebc0fd25 more unit tests 3 years ago
max furman a58466589f add tls-alpn-01 validate unit tests 3 years ago
max furman a8e4bbf715 start Validate unit tests 3 years ago
max furman 1fb0f1d7d9 add storeError unit tests 3 years ago
max furman 8b4a5a6d8b add unit tests for dns01 validate 3 years ago