Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-15 18:12:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,969 Commits 39 Branches 223 Tags 44 MiB
4c51360400
Commit Graph

3969 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
4ded102f81
Merge pull request #1503 from smallstep/dependabot/go_modules/golang.org/x/net-0.14.0 
Bump golang.org/x/net from 0.13.0 to 0.14.0
 2023-08-07 21:16:16 +02:00
dependabot[bot]
91ef511e65
Bump github.com/newrelic/go-agent/v3 from 3.23.1 to 3.24.0 
Bumps [github.com/newrelic/go-agent/v3](https://github.com/newrelic/go-agent) from 3.23.1 to 3.24.0.
- [Release notes](https://github.com/newrelic/go-agent/releases)
- [Changelog](https://github.com/newrelic/go-agent/blob/master/CHANGELOG.md)
- [Commits](https://github.com/newrelic/go-agent/compare/v3.23.1...v3.24.0)

---
updated-dependencies:
- dependency-name: github.com/newrelic/go-agent/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-07 16:01:49 +00:00
dependabot[bot]
e074b77243
Bump golang.org/x/net from 0.13.0 to 0.14.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-07 16:01:34 +00:00
Herman Slatman
e182c620c8
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-08-04 22:50:37 +02:00
Herman Slatman
645b6ffc18
Ensure no prompt is fired for loading provisioner decrypter 2023-08-04 22:50:22 +02:00
Herman Slatman
6de964f13a
Merge pull request #1495 from smallstep/herman/acme-attestation-errors 
Return more detailed errors to ACME clients using `device-attest-01`
 2023-08-04 21:01:32 +02:00
Mariano Cano
bdc7b1b691
Merge pull request #1501 from smallstep/safe-save 
Write configuration only if encoding succeeds
 2023-08-04 10:02:26 -07:00
Herman Slatman
0d09f3e202
Prevent data races with multiple PKCS7 encryption operations 2023-08-04 12:14:29 +02:00
Herman Slatman
cbc1be310d
Merge branch 'master' into herman/acme-attestation-errors 2023-08-04 11:24:59 +02:00
Herman Slatman
c952e9fc9d
Use NewDetailedError instead 2023-08-04 11:24:22 +02:00
Mariano Cano
30ce9e65f7
Write configuration only if encoding succeeds 
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.

Related to smallstep/cli#994
 2023-08-03 17:54:49 -07:00
Herman Slatman
e2e9bf5494
Clarify some SCEP properties 2023-08-04 01:55:52 +02:00
Herman Slatman
70626b157d
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-08-04 01:36:39 +02:00
Mariano Cano
47d820561f
Merge pull request #1500 from smallstep/upgrade-crypto 
Fix adding certificate templates with ASN.1 functions
 2023-08-03 16:02:29 -07:00
Mariano Cano
4667060df8
Upgrade golang.org/x/net 
This commit fixes the vulnerability GO-2023-1988, improper rendering of
text nodes in golang.org/x/net/html.

More info: https://pkg.go.dev/vuln/GO-2023-1988
 2023-08-03 15:30:04 -07:00
Mariano Cano
103b4e1cf1
Fix adding certificate templates with ASN.1 functions 
This commit upgrades go.step.sm/crypto with a fix to validate the
templates that use custom functions.
 2023-08-03 15:30:04 -07:00
Herman Slatman
4186b2c2d0
Change JSON marshaling for SCEP provisioners 
Instead of the old method that redacted sensitive information
by overriding the value of the property and changing it back
to the original, the API now uses a model specifically meant
for API responses. This prevents potential race conditions.

This may be iterated on a bit so that we don't need to rely
on the [provisioner.Interface] interface, which requires the
API model to implement unnecessary methods.
 2023-08-03 17:21:50 +02:00
Herman Slatman
d754000a68
Fix SCEP provisioner API test 2023-08-03 16:20:04 +02:00
Herman Slatman
c0a1837cd9
Verify full decrypter/signer configuration at usage time 
When changing the SCEP configuration it is possible that one
or both of the decrypter configurations required are not available
or have been provided in a way that's not usable for actual SCEP
requests.

Instead of failing hard when provisioners are loaded,
which could result in the CA not starting properly, this type of
problematic configuration errors will now be handled at usage
time instead.
 2023-08-03 16:09:51 +02:00
Herman Slatman
88ed900dc3
Rely on the latest linkedca 2023-08-03 15:37:18 +02:00
Herman Slatman
0f35bb1af5
Defer missing decrypter/signer configuration errors to SCEP authority 2023-08-03 15:34:20 +02:00
Herman Slatman
afdd8d3786
Upgrade golang.org/x/net to v0.13.0 2023-08-03 14:48:26 +02:00
Herman Slatman
f3c24fe875
Change how multiple identifiers are printed in errors 2023-08-03 14:45:00 +02:00
Herman Slatman
4496830859
Merge branch 'master' into herman/acme-attestation-errors 2023-08-02 21:45:15 +02:00
Herman Slatman
fc1fb51854
Improve SCEP authority initialization and reload 2023-08-02 18:35:38 +02:00
Herman Slatman
7163c4f95f
Add helper for getting the appropriate SCEP response signer 2023-08-02 16:01:58 +02:00
Herman Slatman
59b7419dcf
Rely on latest linkedca commit with SCEPDecrypter support 2023-08-02 15:49:32 +02:00
Herman Slatman
569a1be12c
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-08-02 15:45:45 +02:00
github-actions[bot]
c07124e374
Merge pull request #1499 from smallstep/dependabot/go_modules/google.golang.org/api-0.134.0 
Bump google.golang.org/api from 0.132.0 to 0.134.0
 2023-07-31 10:20:37 -07:00
dependabot[bot]
74240092e9
Bump google.golang.org/api from 0.132.0 to 0.134.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.132.0 to 0.134.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.132.0...v0.134.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-31 17:12:25 +00:00
github-actions[bot]
edd718d89e
Merge pull request #1498 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.57.0 
Bump google.golang.org/grpc from 1.56.2 to 1.57.0
 2023-07-31 10:10:53 -07:00
dependabot[bot]
a8b67cd9e6
Bump google.golang.org/grpc from 1.56.2 to 1.57.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-31 15:12:12 +00:00
Herman Slatman
a0cdad335d
Add test for WithAdditionalErrorDetail 2023-07-31 13:22:00 +02:00
Herman Slatman
9a52675865
Return descriptive error when using unsupported format 2023-07-31 12:29:07 +02:00
Herman Slatman
0d3338ff3a
Return consistent ACME error types for specific cases 2023-07-31 12:11:50 +02:00
Herman Slatman
df22b8a303
Cleanup some leftover TODOs 2023-07-31 11:59:26 +02:00
Mariano Cano
d8a9c69eaa
Merge pull request #1484 from smallstep/fix-620 
Add support for the disableSmallstepExtensions claim
 2023-07-28 08:30:13 -07:00
Herman Slatman
dd9bf1e915
Add error details for the step format 2023-07-28 16:59:34 +02:00
Herman Slatman
9cbbd1d575
Add error details to ACME tpm format validation errors 2023-07-28 16:28:47 +02:00
Herman Slatman
d5dd8feccd
Prevent internal errors from being returned to ACME clients 2023-07-28 14:39:35 +02:00
Herman Slatman
979e0f8f51
Add error details to select error cases for apple format 2023-07-28 14:25:17 +02:00
Mariano Cano
d0fd9ebe42
Update Makefile preparing for a new release 2023-07-27 15:05:04 -07:00
Mariano Cano
cce7d9e839
Address comments from code review 2023-07-27 15:05:04 -07:00
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 2023-07-27 15:05:01 -07:00
Mariano Cano
d7efceadb1
Merge pull request #1493 from smallstep/steppath 
Remove automatic initialization of the STEPPATH
 2023-07-27 12:33:35 -07:00
Mariano Cano
7429008599
Use tagged versions of crypto and cli-utils 2023-07-27 12:24:17 -07:00
Herman Slatman
1ce80cf740
Merge branch 'master' into herman/scep-provisioner-decrypter 2023-07-27 01:03:26 +02:00
Herman Slatman
567fc25404
Use the RSA decryption configuration for signing responses too 2023-07-27 00:55:39 +02:00
Mariano Cano
7061147885
Use step.Abs to load the certificate templates 
step.Abs has been removed from crypto and they need to be set when those
methods are used
 2023-07-26 15:44:02 -07:00
Mariano Cano
40a2f53589
Remove automatic initialization of the STEPPATH 
This commit upgrades cli-utils and crypto packages that remove the
automatic initialization of the STEPPATH.
 2023-07-26 15:34:05 -07:00