Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,959 Commits
41 Branches
215 Tags
44 MiB
master
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '54d92095ac'
${ noResults }
Commit Graph

51 Commits (54d92095acfad9a0a5411c70613fc65028077cf6)

Author SHA1 Message Date
Mariano Cano 54d92095ac Validate proof of possession signature 
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
 2 years ago
Mariano Cano ca412e77cc Return error on attestation validation 
The method storeError returns a nil error
 2 years ago
Mariano Cano 735c9d49b0 Add support for yubikey attestation 2 years ago
Mariano Cano 693dc39481 Merge branch 'master' into device-attestation 2 years ago
Mariano Cano 23b8f45b37 Address gosec warnings 
Most if not all false positives
 2 years ago
Mariano Cano 2ab1e6658e Fix nonce validation 
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
 2 years ago
Mariano Cano 66356cff43 Add attestation certificate validation for Apple devices 2 years ago
Brandon Weeks 274f6ccb41 iOS 16 beta 2 support 2 years ago
Brandon Weeks 7e1b0bebd9 iOS 16 beta 1 support 2 years ago
Brandon Weeks 77c6d10fd6 Verify key authorization is contained within the TPM quote extraData field 2 years ago
Brandon Weeks e1ec31c0ed Implement TPM attestation statement verification 2 years ago
Brandon Weeks aacd6f4cc6 Add device-attest-01 challenge type 2 years ago
Mariano Cano d1f75f1720 Refactor ACME api. 2 years ago
Herman Slatman 479c6d2bf5
Fix ACME IPv6 HTTP-01 challenges 
Fixes #890
 2 years ago
Herman Slatman 2d50c96d99
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues 3 years ago
Herman Slatman 29f9730485
Satisfy golangci-lint 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano dc5205cc72 Extract the tls error code and fail accordingly. 3 years ago
Mariano Cano ae58a0ee4e Make tests compatible with Go 1.17. 
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
 3 years ago
Herman Slatman 64c15fde7e
Add tests for canonicalize function 3 years ago
Herman Slatman 135e912ac8
Improve coverage for TLS-ALPN-01 challenge 3 years ago
Herman Slatman 523ae96749
Change identifier and challenge types to consts 3 years ago
Herman Slatman af4803b8b8
Fix tests 3 years ago
Herman Slatman 0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge 3 years ago
Herman Slatman a6405e98a9
Remove fmt. 3 years ago
Herman Slatman 2f40011da8
Add support for TLS-ALPN-01 challenge 3 years ago
Herman Slatman 3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers 3 years ago
max furman 6cfb9b790c Remove check of deprecated value 
- NegotiatedProtocolIsMutual is always true: Deprecated according to
golang docs
 3 years ago
max furman 440678cb62 Add markInvalid arg to storeError for invalidating challenge 3 years ago
max furman 6b8585c702 PR review fixes / updates 3 years ago
max furman b6ebc0fd25 more unit tests 3 years ago
max furman 206909b12e [acme db interface] unit tests for challenge nosql db 3 years ago
max furman 20b9785d20 [acme db interface] continuing unit test work 3 years ago
max furman 80a6640103 [acme db interface] wip 3 years ago
max furman 1135ae04fc [acme db interface] wip 3 years ago
max furman 03ba229bcb [acme db interface] wip more errors 3 years ago
max furman 2ae43ef2dc [acme db interface] wip errors 3 years ago
max furman 121cc34cca [acme db interface] wip 3 years ago
max furman 461bad3fef [acme db interface] wip 3 years ago
max furman 31ad7f2e9b [acme] Continued work on acme db interface (wip) 3 years ago
max furman 20f8d950c4 Fix broken ValidateChallenge test 4 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
max furman e1409349f3 Allow relative URL for all links in ACME api ... 
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
 4 years ago
Ivan Bertona 157686e338 Tiny finishes. 4 years ago
Ivan Bertona 6843408d42 Reject obsolete id-pe-acmeIdentifier. 4 years ago
Ivan Bertona 4b473732d9 Add support for TLS-ALPN-01 challenge. 4 years ago
max furman 967e86a48b Simplify trimming *. prefix of domain in acme dns validation. 5 years ago
Oleksandr Kovalchuk 46832bb9b3
Remove superflurous Printf statement 
The statement was used for debug purposes and should not be included in
the final build
 5 years ago
Oleksandr Kovalchuk a995cca418
Perform domain normalization for wildcard domains 
Perform domain normalization for wildcard domains, so we do query
TXT records for _acme-challenge.example.domain instead of
_acme-challenge.*.example.domain when performing DNS-01 challenge. In
this way the behavior is consistent with letsencrypt and records queried
are in sync with the ones that are shown in certbot manual mode.
 5 years ago