Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,330 Commits
43 Branches
215 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3f660ff07e'
${ noResults }
Commit Graph

481 Commits (3f660ff07e834fbe7b387da6c7a7d004e59da057)

Author SHA1 Message Date
max furman cb594ed2e0 go mod tidy and golang 1.15.0 cleanup ... 
- cs.NegotiatedProtocolIsMutual has been deprecated but we still build
in travis with 1.14 so for now we'll ignore this linting error
- string(int) was resolving to string of a single rune rather than
string of digits -> use fmt.Sprint
 4 years ago
Mariano Cano aaaa7e9b4e Merge branch 'master' into cert-templates 4 years ago
Mariano Cano c8d225a763 Use x509util from go.step.sm/crypto/x509util 4 years ago
Mariano Cano 3e80f41c19 Change provisioner options to have X509 as a field. 4 years ago
max furman 3f844c5e23 Update the way SubjectKeyId is calculated, and more ... 
- swith lint to first in line for `make all`
- update tests to conform with new subjectkeyid
 4 years ago
Mariano Cano a7b65f1e1e Add authority.Sign test with custom templates. 4 years ago
David Cowden 86efe7aff0 aws: use http.NoBody instead of nil 
It's a little more descriptive.
 4 years ago
David Cowden 2b121efc8f aws: test constructor with empty IDMS string array 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
David Cowden dc39eef721 aws: test badIDMS functional path 
The existing test only covers the constructor logic. Also test the live
code path that is executed when a bad IDMS version is supplied.
 4 years ago
David Cowden 51f16ee2e0 aws: add tests covering metadata service versions 
* Add constructor tests for the aws provisioner.
* Add a test to make sure the "v1" logic continues to work.

By and large, v2 is the way to go. However, there are some instances of
things that specifically request metadata service version 1 and so this
adds minimal coverage to make sure we don't accidentally break the path
should anyone need to depend on the former logic.
 4 years ago
David Cowden 5efe5f3573 metadata-v2: pull in joshathysolate-master 
Taking of this PR to get it across the goal line.
 4 years ago
Mariano Cano 978ad7e2b6 Fix merged tests. 4 years ago
Mariano Cano 5ac3f8a160 Add provisioner options tests. 4 years ago
Mariano Cano 02c4f9817d Set full token payload instead of only the known properties. 4 years ago
Mariano Cano 0c8376a7f6 Fix existing unit tests. 4 years ago
Mariano Cano d64cb99a22 Fix authority package tests. 4 years ago
Mariano Cano ccc705cdcd Use alias x509legacy to cli x509util in tls.go. 4 years ago
Mariano Cano 8f0dd811af Allow to send errors from template to cli. 4 years ago
Mariano Cano a7fe0104c4 Remove ACME restrictions and add proper template support. 4 years ago
Mariano Cano cf2989a848 Add token and subject to K8sSA provisioner to be used in custom 
templates.
 4 years ago
Mariano Cano 71be83b25e Add iss#sub uri in OIDC certificates. 
Admin will use the CR template if none is provided.
 4 years ago
Mariano Cano c58117b30d Allow to use base64 when defining a template in the ca.json. 4 years ago
Mariano Cano b2ca3176f5 Prepend insecure to user and CR variables names. 4 years ago
Mariano Cano b11486f41f Fix option method for template variable. 4 years ago
Mariano Cano 04f5053a7a Add template support for x5c. 4 years ago
Mariano Cano eb8886d828 Add CR subject as iid default subject. 
Add a minimal subject with just a common name to iid provisioners
in case we want to use it.
 4 years ago
Mariano Cano e60ea419cc Add template support for gcp provisioner. 4 years ago
Mariano Cano 32646c49bf Add templates support to Azure provisioner. 4 years ago
Mariano Cano a44f0ca866 Add token payload. 4 years ago
Mariano Cano 00fd41a3d0 Add template support to K8sSA provisioners. 4 years ago
Mariano Cano 13b704aeed Add template support for AWS provisioner. 4 years ago
Mariano Cano 49b9aa6e3f Fix log string. 4 years ago
Mariano Cano 4795e371bd Add back the support for ca.json DN template. 4 years ago
Mariano Cano e6fed5e0aa Minor fixes and comments. 4 years ago
Mariano Cano 81cd288104 Enable templates in acme provisioners. 4 years ago
Mariano Cano ca2fb42d68 Move options to the provisioner. 4 years ago
Mariano Cano 206bc6757a Add initial support for templates in the OIDC provisioner. 4 years ago
Mariano Cano 95c3a41bf0 Rename UserData to TemplateData and fix unmarshaling. 4 years ago
Mariano Cano 9f3acc254b Set the token payload in the JWK provisioner. 4 years ago
Mariano Cano ef0ed0ff95 Integrate simple templates in the JWK provisioner. 4 years ago
Mariano Cano d1d9ae42d6 Use certificates x509util instead of cli for certificate signing. 4 years ago
Mariano Cano 9032018cf2 Convert x509util.WithOptions to new modifiers. 4 years ago
Carl Tashian 912e298043 Whitelist -> Allowlist per https://tools.ietf.org/id/draft-knodel-terminology-01.html 4 years ago
max furman fd05f3249b A few last fixes and tests added for rekey/renew ... 
- remove all `renewOrRekey`
- explicitly test difference between renew and rekey (diff pub keys)
- add back tests for renew
 4 years ago
Max ea9bc493b8
Merge pull request #307 from dharanikumar-s/master 
Add support for rekeying Fixes #292
 4 years ago
dharanikumar-s 57fb0c80cf Removed calculating SubjectKeyIdentifier on Rekey 4 years ago
dharanikumar-s dfda497929 Renamed RenewOrRekey to Rekey 4 years ago
dharanikumar-s fe73154a20 Corrected misspelling 4 years ago
dharanikumar-s 0c21f0ae9e Added error check after GenerateDefaultKeyPair 4 years ago