smallstep-certificates

mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00

Author	SHA1	Message	Date
Herman Slatman	64680bb16d	Fix PR comments	2022-01-19 11:31:33 +01:00
Herman Slatman	3612eefc31	Cleanup	2022-01-18 15:54:18 +01:00
Herman Slatman	9c6580ccd2	Fix macOS SCEP client issues Fixes #746	2022-01-14 10:48:23 +01:00
Mariano Cano	57f9e54151	Merge pull request #785 from smallstep/nebulous Add initial implementation of a nebula provisioner	2022-01-11 17:50:40 -08:00
Mariano Cano	de549adf2d	Do not add extra new lines when creating nebula provisioners	2022-01-07 11:24:59 -08:00
Mariano Cano	0920224816	Fix error message.	2022-01-07 11:09:32 -08:00
Mariano Cano	01a76445ea	Upgrade go.step.sm/crypto	2022-01-06 12:50:26 -08:00
Mariano Cano	98044cf08d	Use a tagged version of linkedca	2022-01-06 12:04:57 -08:00
Mariano Cano	449a9fdfd6	Address review comments.	2022-01-06 12:00:58 -08:00
Mariano Cano	b424aa3dc1	Add nebula header and use der version of certificate.	2022-01-06 11:19:46 -08:00
Mariano Cano	f49a4b326f	Add missing comments.	2022-01-05 10:54:09 -08:00
Mariano Cano	6600f1253e	Fix error messages after review.	2022-01-05 10:12:49 -08:00
Mariano Cano	6a1d0cb9f8	Add linkedca conversions.	2022-01-04 18:42:57 -08:00
Mariano Cano	de51c2edfb	More unit tests for nebula.	2022-01-04 18:16:41 -08:00
Mariano Cano	99845d38bb	Add some extra unit tests for nebula.	2022-01-04 12:06:44 -08:00
Mariano Cano	76794ce613	Use default SANs without sans in the token. Fix step claim condition in SSH	2022-01-04 12:05:58 -08:00
Mariano Cano	9ec0276887	Update certificate set with new api.	2022-01-03 18:54:01 -08:00
Mariano Cano	cb72796a2d	Fix decoding of certificate.	2021-12-29 16:07:05 -08:00
Mariano Cano	32390a2964	Add initial implementation of a nebula provisioner. A nebula provisioner will generate a X509 or SSH certificate with the identities in the nebula certificate embedded in the token. The token is signed with the private key of the nebula certificate.	2021-12-29 14:12:03 -08:00
Herman Slatman	8fee970297	Merge pull request #779 from smallstep/herman/acme-cli-user-agent	2021-12-29 20:51:09 +01:00
Herman Slatman	07addd0cac	Fix linting issue	2021-12-22 11:58:00 +01:00
Herman Slatman	a68208a3ba	Set Step CLI User-Agent when performing ACME requests	2021-12-22 11:54:01 +01:00
Herman Slatman	8473164b41	Merge pull request #773 from smallstep/herman/ip-sans-improvements Improve IP SANS support	2021-12-20 19:56:55 +01:00
Herman Slatman	a5f2f004e3	Change name of IP Common Name test for clarity	2021-12-20 18:55:23 +01:00
Herman Slatman	80bebda69c	Fix code style issue	2021-12-20 13:40:17 +01:00
Mariano Cano	f7c1a328ed	Merge pull request #777 from smallstep/pkcs11-decrypter Implement the kms.Decrypter with PKCS#11	2021-12-17 11:10:56 -08:00
Mariano Cano	d5c6572da4	Fix typo.	2021-12-17 10:55:23 -08:00
Mariano Cano	5a32401d23	Implement the kms.Decrypter with PKCS#11 This interface allows the use of SCEP with PKCS#11 modules.	2021-12-16 18:30:09 -08:00
Mariano Cano	ab44fbfb3f	Merge pull request #774 from smallstep/cm-roots Avoid doing unauthenticated requests on the SDK	2021-12-15 12:22:36 -08:00
Mariano Cano	2c63abcf52	fix grammar	2021-12-15 12:16:21 -08:00
Mariano Cano	7c4e6dcc96	Remove duplicated code in bootstrap methods	2021-12-15 11:24:46 -08:00
Mariano Cano	64c19d4264	Fix subject in test, use ip	2021-12-14 15:27:18 -08:00
Mariano Cano	b0b2e77b0e	Avoid doing unauthenticated requests on the SDK When step-ca runs with mTLS required on some endpoints, the SDK used in autocert will fail to start because the identity certificate is missing. This certificate is only required to retrieve all roots, in most cases there's only one, and the SDK has access to it.	2021-12-14 14:42:38 -08:00
Herman Slatman	bc0875bd7b	Disallow email address and URLs in the CSR Before this commit `step` would allow email addresses and URLs in the CSR. This doesn't fit nicely with the rest of ACME, in which identifiers need to be authorized before a certificate is issued.	2021-12-13 16:14:39 +01:00
Herman Slatman	13a31fd862	Merge branch 'master' into herman/ip-sans-improvements	2021-12-13 16:04:53 +01:00
Herman Slatman	ca707cbe05	Fix linting	2021-12-13 16:01:40 +01:00
Herman Slatman	a5d33512fe	Fix test	2021-12-13 15:59:01 +01:00
Herman Slatman	a2c9b5cd7e	Allow IP identifiers in subject, including authorization enforcement To support IPs in the subject using `step-cli`, this PR ensures that Subject Common Names that can be parsed as an IP are also checked to have been authorized before. The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.	2021-12-13 15:34:56 +01:00
Herman Slatman	fbd3fd2145	Merge pull request #625 from hslatman/hs/acme-revocation ACME Certificate Revocation	2021-12-09 09:48:02 +01:00
Herman Slatman	00539d07c9	Add changelog entry for ACME revocation	2021-12-09 09:42:38 +01:00
Herman Slatman	3bc3957b06	Merge branch 'master' into hs/acme-revocation	2021-12-09 09:36:52 +01:00
Herman Slatman	0524122191	Remove authorization flow for different Account private keys As discussed in https://github.com/smallstep/certificates/issues/767, we opted for not including this authorization flow to prevent users from getting OOMs. We can add the functionality back when the underlying data store can provide access to a long list of Authorizations more efficiently, for example when a callback is implemented.	2021-12-08 16:28:14 +01:00
Carl Tashian	53ebd85327	Update star gif size	2021-12-07 10:17:48 -08:00
Carl Tashian	c0255b7caa	Update star gif	2021-12-07 10:07:50 -08:00
Carl Tashian	accb0710a1	Star gif	2021-12-07 10:02:44 -08:00
Mariano Cano	94afec7e1f	Merge pull request #758 from smallstep/errors-forbidden Forbidden errors and more	2021-12-06 16:01:19 -08:00
Mariano Cano	e0fee84694	Add comment about public key validator.	2021-12-03 15:24:42 -08:00
Mariano Cano	0cebde3db5	Change fallback message on RekeySSH.	2021-12-03 15:12:00 -08:00
Herman Slatman	004fc054d5	Fix PR comments	2021-12-03 15:06:28 +01:00
Mariano Cano	9fd147f3da	Change error message.	2021-12-02 16:44:57 -08:00

1 2 3 4 5 ...

2376 Commits