Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,220 Commits
43 Branches
215 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '66a8158f26'
${ noResults }
Commit Graph

216 Commits (66a8158f26d86c36d23fbd2d73b737b688bbbb9d)

Author SHA1 Message Date
Mariano Cano 36b622bfc2 Use Golang's default keep-alive. 
Since Go 1.13 a net.Listen keep-alive is enabled by default if
the protocol and OS supports it. The new one is 15s to match
the net.Dial default one. Previously http.Server ListenAndServe
and ListenAndServeTLS used to add a wrapper with 3m that we
replicated.

See https://github.com/golang/go/issues/31510
 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano 6729c79253 Add support for setting individual password for ssh and tls keys 
This change add the following flags:
 * --ssh-host-password-file
 * --ssh-user-password-file

Fixes #693
 3 years ago
Mariano Cano e3ef4a7da9 Update test with default tls options. 3 years ago
Mariano Cano 8fb5340dc9 Use a token at start time to configure linkedca. 
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
 3 years ago
max furman 1df21b9b6a Addressing comments in PR review 
- added a bit of validation to admin create and update
- using protojson where possible in admin api
- fixing a few instances of admin -> acme in errors
 3 years ago
max furman 77fdfc9fa3 Merge branch 'master' into max/cert-mgr-crud 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Herman Slatman 03c472359c Add sync.WaitGroup for proper error handling in Run() 3 years ago
Herman Slatman 13fe7a0121 Make serving SCEP endpoints optional 
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
 3 years ago
Herman Slatman 97b88c4d58 Address (most) PR comments 3 years ago
Herman Slatman 5df60c5a9b Add support for multiple SCEP provisioners 
Similarly to how ACME suppors multiple provisioners, it's
now possible to load the right provisioner based on the
URL.
 3 years ago
Herman Slatman 339039768c Refactor SCEP authority initialization and clean some code 3 years ago
Herman Slatman 48c86716a0 Add rudimentary (and incomplete) support for SCEP 3 years ago
max furman 94ba057f01 wip 3 years ago
max furman 01a4460812 wip 3 years ago
max furman 9bfb1c2e7b wip 3 years ago
max furman d8d5d7332b wip 3 years ago
max furman 9bf9bf142d wip 3 years ago
Herman Slatman bc2bb53009
Merge branch 'master' into hs/scep 3 years ago
max furman 4f3e5ef64d wip 3 years ago
max furman 5d09d04d14 wip 3 years ago
max furman 4d48072746 wip admin CRUD 3 years ago
max furman 98a6e54530 wip 3 years ago
max furman af3cf7dae9 first steps 3 years ago
max furman 7b5d6968a5 first commit 3 years ago
Mariano Cano 26e7cc6177 Allow to use the SDK with ed25519 keys. 3 years ago
Herman Slatman c04f556dc2
Merge branch 'master' into hs/scep 3 years ago
max furman 8c709fe3c2 Init config on load | Add wrapper for cli 3 years ago
Mariano Cano 5846314f88 Add missing Rekey method to the ca.Client 
Fixes #315
 3 years ago
Herman Slatman 68d5f6d0d2
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano 1328aa3e47 Fix review comments. 3 years ago
Mariano Cano 50b9aaec57 Add new identity tests. 3 years ago
Mariano Cano e414d0c8ea Fix unit tests. 3 years ago
Mariano Cano c5234e9c61 Refactor tls tunnel connections. 
New method will use an identity-like file with the configuration
used to create the (m)TLS connection to the tunnel.
 3 years ago
Mariano Cano e75a9409a5 Add experimental support for a TLS over TLS tunnel. 3 years ago
Herman Slatman 0487686f69
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano 02a5879cfe Specify always a Proxy in all custom transports. 
Fixes #535
 3 years ago
max furman 93c3c2bf2e Error handle non existent provisioner downstream and disable debug route logging 3 years ago
max furman b1888fd34d Use different method for unescpaed paths for the router 3 years ago
Max b724af30ad
Merge pull request #496 from smallstep/max/acme 
Convert to ACME DB interface
 3 years ago
max furman 672e3f976e Few ACME fixes ... 
- always URL escape linker output
- validateJWS should accept RSAPSS
- GetUpdateAccount -> GetOrUpdateAccount
 3 years ago
Herman Slatman 2320d0911e
Add sync.WaitGroup for proper error handling in Run() 3 years ago
Herman Slatman b815478981
Make serving SCEP endpoints optional 
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
 3 years ago
Herman Slatman c5e4ea08b3
Merge branch 'master' into hs/scep 3 years ago
Herman Slatman b97f024f8a
Remove superfluous call to StoreCertificate 3 years ago
max furman df05340521 fixing broken unit tests 3 years ago
max furman f72b2ff2c2 [acme db interface] nosql authz unit tests 3 years ago
max furman 074ab7b221 [acme db interface] add linker tests 3 years ago
max furman bb8d54e596 [acme db interface] unit tests compiling 3 years ago