Mariano Cano
31af1efa48
Sign certificates with the issuer signature algorithm
...
An RSA key can sign another certificates using the RSA PKCS#1
and the RSA-PSS scheme, this change will keep the signature
algorithm used in the issuer in the signed certificates instead
of using PKCS#1 by default.
2022-06-15 19:10:58 -07:00
Mariano Cano
34f926804d
Merge pull request #954 from shuLhan/shulhan-gofmt
...
all: reformat all go files with the next gofmt (Go 1.19)
2022-06-15 18:11:51 -07:00
Mariano Cano
0b748f2d03
Merge pull request #955 from shuLhan/cas-cloudcas-test-go119
...
cas/cloudcas: update test on createPublicKey for the next Go release
2022-06-15 17:17:04 -07:00
Shulhan
ee53530d1f
cas/cloudcas: update test on createPublicKey for the next Go release
...
The next Go release call panic on elliptic.Marshal [1][2], which
affect the test case fail_ec_marshal on createPublicKey.
This changes fix this by initializing the P and B in test case
PublicKey CurveParams to prevent panic.
[1] https://github.com/golang/go/issues/50975
[2] a218b3520a
2022-06-16 03:01:38 +07:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
...
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Mariano Cano
304cc5a70f
Merge pull request #950 from gdbelvin/pinsrc
...
step-pkcs11-init pin-file support
2022-06-09 14:41:11 -07:00
Gary Belvin
fed09047f9
pinfile
2022-06-09 13:51:14 -04:00
Max
34d141e4d5
Merge pull request #945 from smallstep/changelog-update
...
Update changelog
2022-05-26 11:06:30 -07:00
max furman
5e56a7b4ec
Changelog update for 0.20.0
...
- added line for new WithOptions on authority Init
2022-05-26 10:57:05 -07:00
Herman Slatman
b4b9893fcd
Update changelog
2022-05-26 10:57:03 -07:00
Mariano Cano
6d580a69e8
Update changelog
2022-05-26 10:56:24 -07:00
Mariano Cano
de00e01f1b
Merge pull request #947 from smallstep/fix-ssh-revocation
...
Fix SSH certificate revocation
2022-05-25 17:24:45 -07:00
Mariano Cano
2adf8caac7
Fix Dependabot warning on an indirect dependency
2022-05-25 17:11:45 -07:00
Mariano Cano
9c049eec5a
Add revoke ssh unit test
2022-05-25 17:10:07 -07:00
Mariano Cano
ce9a23a0f7
Fix SSH certificate revocation
2022-05-25 16:55:22 -07:00
Herman Slatman
abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding
...
Strip base64-url padding from ACME CSR
2022-05-25 23:25:34 +02:00
Herman Slatman
fd546287ac
Strip base64-url padding from ACME CSR
...
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
2022-05-25 22:46:26 +02:00
Herman Slatman
a564b4f32e
Merge pull request #944 from smallstep/herman/tls-wasm-client
...
Set nil dial context for js/wasm runtime
2022-05-25 22:35:18 +02:00
Herman Slatman
a7dd3a986f
Set nil dial context for js/wasm runtime
2022-05-25 16:51:26 +02:00
Mariano Cano
911cec21da
Merge pull request #943 from smallstep/ssh-renew-provisioner
...
Add provisioner to SSH renewals
2022-05-23 17:21:55 -07:00
Mariano Cano
94f5b92513
Use proper context in authority package
2022-05-23 15:31:43 -07:00
Mariano Cano
1be74eca62
Merge branch 'master' into ssh-renew-provisioner
2022-05-23 14:31:15 -07:00
Mariano Cano
539bfddba5
Merge pull request #914 from smallstep/context-authority
...
Retrieve authority from the context
2022-05-23 14:12:58 -07:00
Mariano Cano
e7f4eaf6c4
Remove explicit deprecation notice
...
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
26dd97e718
Merge branch 'master' into context-authority
2022-05-23 12:36:16 -07:00
Mariano Cano
02fd0e7170
Merge pull request #913 from delamart/master
...
Vault Kubernetes Auth
2022-05-23 12:08:01 -07:00
Erik DeLamarter
07984a968f
better error messages
...
Co-authored-by: Mariano Cano <mariano.cano@gmail.com>
2022-05-21 21:11:52 +02:00
Erik De Lamarter
9ec154aab0
rewrite and improve secret-id config
2022-05-21 21:06:15 +02:00
Erik De Lamarter
6989c7f146
vault auth unit tests
2022-05-21 21:06:15 +02:00
Erik De Lamarter
6c44291d8d
refactor vault auth
2022-05-21 21:06:15 +02:00
Erik De Lamarter
dec1067add
vault kubernetes auth
2022-05-21 21:06:14 +02:00
Mariano Cano
6b3a8f22f3
Add provisioner to SSH renewals
...
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
3c4d0412ef
Merge pull request #941 from smallstep/ssh-provisioner
...
Report SSH provisioner
2022-05-20 12:24:30 -07:00
Mariano Cano
eebbd65dd5
Fix linter error
2022-05-20 12:03:36 -07:00
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
...
exposing authority configuration for provisioner cli commands
2022-05-19 22:53:59 -07:00
max furman
5443aa073a
gofmt -s
2022-05-19 22:46:25 -07:00
max furman
8ca9442fe9
Add -s to make fmt and bump golangci-lint to 1.45.2
2022-05-19 22:40:47 -07:00
Max
586e4fd3b5
Update authority/options.go
...
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2022-05-19 22:26:20 -07:00
Mariano Cano
1ad75a3bdb
Skip failing test for now
...
This test fails randomly on VMs, there's an issue to fix this so
skipping it for now
2022-05-19 18:51:51 -07:00
Mariano Cano
dd985ce154
Clarify errors when sending renewed certificates
2022-05-19 18:41:13 -07:00
Mariano Cano
a627f21440
Fix AuthorizeSSHSign tests with extra SignOption
2022-05-18 18:51:36 -07:00
Mariano Cano
e7d7eb1a94
Add provisioner as a signOption for SSH
2022-05-18 18:42:42 -07:00
Mariano Cano
293586079a
Store provisioner with SignSSH
...
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
2022-05-18 18:33:53 -07:00
Mariano Cano
c8d7ad7ab9
Fix store certificates methods with new interface
2022-05-18 18:33:22 -07:00
Mariano Cano
de99c3cac0
Report provisioner and parent on linkedca
2022-05-18 18:30:53 -07:00
Mariano Cano
20b2c6a201
Extract cert storer methods from AuthDB
...
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
2022-05-18 18:27:37 -07:00
Herman Slatman
9e05cc4d51
Merge pull request #940 from smallstep/herman/improve-renew-expired-cert-error
...
Improve error message when client renews with expired certificate
2022-05-19 01:46:01 +02:00
Herman Slatman
479eda7339
Improve error message when client renews with expired certificate
...
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.
This commit returns a slightly more informational message to the
client in this specific situation.
2022-05-19 01:25:30 +02:00
max furman
fff00aca78
Updates to issue templates
2022-05-18 15:56:40 -07:00
max furman
bfb406bf70
Fixes for PR review
2022-05-18 09:43:32 -07:00