Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,175 Commits
37 Branches
221 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.4-rc1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6736ddee69'
${ noResults }
Commit Graph

419 Commits (6736ddee699092ab3e6f0fb5770b1f6f93aa9715)

Author SHA1 Message Date
Max debce1cec2
Merge pull request #299 from smallstep/max/refactor 
Refactor
 4 years ago
max furman accf1be7e9 wip 4 years ago
max furman 71d87b4e61 wip 4 years ago
max furman d25e7f64c2 wip 4 years ago
max furman 3636ba3228 wip 4 years ago
Mariano Cano 39650637d4
Merge pull request #297 from smallstep/no-bastion-bastion 
Do not return bastion for the configured bastion host.
 4 years ago
Mariano Cano fcfc4e9b2b Fix ssh federated template variables. 4 years ago
max furman 1951669e13 wip 4 years ago
Mariano Cano b0fdd0b2be Do not return bastion for the configured bastion host. 
Fixes #296
 4 years ago
Mariano Cano ff32746312 Add test case for error executing template. 4 years ago
Mariano Cano e3ae751b57 Use templates from authority instead of config. 4 years ago
Mariano Cano 237baa5169 Check for required variables in templates. 
Fixes smallstep/cli#232
 4 years ago
Mariano Cano 6c844a0618 Load default templates if no templates are configured. 4 years ago
Max 2ebfc73f77
Merge pull request #290 from smallstep/max/profileLimit 
Update profileLimitDuration validator ...
 4 years ago
max furman 7d5cf34ce5 Update profileLimitDuration validator ... 
- respect notBefore of the provisioner
- modify/fix the reported errors
 4 years ago
Mariano Cano 9832d1538b Avoid nil pointer panic on step ssh config with no templates. 4 years ago
Mariano Cano 4ac51dd508
Merge pull request #274 from smallstep/oidc-raw-locals 
Allow dots and other symbols in principals for OIDC
 4 years ago
Mariano Cano 3246a3e81f Add missing test case. 4 years ago
max furman 6e69f99310 Always set nbf and naf for new ACME orders ... 
- Use the default value from the ACME provisioner if values are not
defined in the request.
 4 years ago
Mariano Cano 0b5fd156e8 Add a third principal on OIDC tokens with the raw local part of the email. 
For the email first.last@example.com it will create the principals
  ["firstlast", "first.last", "first.last@example.com"]

Fixes #253, #254
 4 years ago
Mariano Cano 2bc69d3edd
Merge pull request #252 from smallstep/yubikey 
Yubikey support
 4 years ago
Oleksandr Kovalchuk 4cd01b6868
Implement tests for forceCNOption modifier 
Implement unit tests which checks forceCNOption modifier (implemented
in 322200b7db) is not broken and works
correctly.

Ref: https://github.com/smallstep/certificates/issues/259
 4 years ago
Oleksandr Kovalchuk 893a53793a
Modify existing tests to accept forceCNOption modifier 
Modify existing tests to pass with changes introduced in commit
322200b7db. This is safe to do as
tests assert exact length of modifiers, which has changed.
 4 years ago
Oleksandr Kovalchuk 322200b7db
Implement modifier to set CommonName 
Implement modifier which sets CommonName to the certificate if
CommonName is empty and forceCN is set in the config. Replace previous
implementation introduced in 0218018cee
with new modifier.

Closes https://github.com/smallstep/certificates/issues/259
Ref: https://github.com/smallstep/certificates/pull/260#issuecomment-628961322
 4 years ago
Oleksandr Kovalchuk 503c9f6101
Add config option to force CN 
Add configuration option `forceCN` to ACME provisioner. When this option
is set to `true`, provisioner should generate Subject.CommonName for
certificate if it was not present in the request. Default value of
`false` should keep the existing behavior (do not modify CSR and
certificate).

Ref: https://github.com/smallstep/certificates/issues/259
 4 years ago
Mariano Cano c02fe77998 Close the key manager before shutting down. 4 years ago
Mariano Cano 4e544344f9 Initialize the required config fields on embedded authorities. 
This change is to make easier the use of embedded authorities. It
can be difficult for third parties to know what fields are required.
The new init methods will define the minimum usable configuration.
 4 years ago
Mariano Cano b5eab009b2 Rename method to NewEmbedded 4 years ago
Mariano Cano 824374bde0 Create a method to initialize the authority without a config file. 
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
 4 years ago
Mariano Cano 4e9bff0986 Add support for OIDC multitoken tenants for azure. 5 years ago
Mariano Cano 8bc3b05232 Add new extra test case. 5 years ago
Mariano Cano b0ff731d18 Add support for user provisioner certificates on OIDC provisioners. 
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.

Fixes smallstep/cli#268
 5 years ago
Mariano Cano a2dfa6faa8 Fix unit tests. 5 years ago
Mariano Cano 13507efb35 Remove the requirement for CSR to have a common name. 
Fixes #226
 5 years ago
Mariano Cano 02ed784a9b Do not enable by default ForwardAgent. 5 years ago
Mariano Cano bfe1f4952d Rename interface to CertificateEnforcer and add tests. 5 years ago
Mariano Cano 64f26c0f40 Enforce a duration for identity certificates. 5 years ago
Mariano Cano fa416336a8 Add context to tests. 5 years ago
Mariano Cano c49a9d5e33 Add context parameter to all SSH methods. 5 years ago
Mariano Cano f868e07a76 Allow to use custom principals on cloud provisioners. 
Fixes #203
 5 years ago
Mariano Cano 59fc8cdd2d Fix typo in comments. 5 years ago
Mariano Cano 5c8c741fab Fix linting issues. 5 years ago
Mariano Cano 05cc1437b7 Remove unnecessary parse of certificate. 5 years ago
Mariano Cano 2d4f369db2 Add options to set root and federated certificates using x509.Certificate 5 years ago
Mariano Cano 43bd8113aa Remove unnecessary comments. 5 years ago
Mariano Cano 4eaeede77d Fix unit tests. 5 years ago
Mariano Cano 21bd339b86 Merge branch 'master' into kms 5 years ago
Mariano Cano 7846696fbb Fix return sign options on ssh sign. 5 years ago
max furman d482ae2fb5 Remove test that is no longer implemented by the method. 5 years ago
max furman 397a181d10 Add backdate validation to sshCertValidityValidator. 5 years ago