Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,803 Commits
37 Branches
218 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6c44291d8d'
${ noResults }
Commit Graph

2803 Commits (6c44291d8df63e16e662a9cc03ffa8783fa364ce)
 

Author SHA1 Message Date
Erik De Lamarter 6c44291d8d
refactor vault auth 2 years ago
Erik De Lamarter dec1067add
vault kubernetes auth 2 years ago
Mariano Cano 3c4d0412ef
Merge pull request #941 from smallstep/ssh-provisioner 
Report SSH provisioner
 2 years ago
Mariano Cano eebbd65dd5 Fix linter error 2 years ago
Max f8148071fb
Merge pull request #915 from smallstep/max/removing-beta 
exposing authority configuration for provisioner cli commands
 2 years ago
max furman 5443aa073a gofmt -s 2 years ago
max furman 8ca9442fe9 Add -s to make fmt and bump golangci-lint to 1.45.2 2 years ago
Max 586e4fd3b5
Update authority/options.go 
Co-authored-by: Mariano Cano <mariano@smallstep.com>
 2 years ago
Mariano Cano 1ad75a3bdb Skip failing test for now 
This test fails randomly on VMs, there's an issue to fix this so
skipping it for now
 2 years ago
Mariano Cano dd985ce154 Clarify errors when sending renewed certificates 2 years ago
Mariano Cano a627f21440 Fix AuthorizeSSHSign tests with extra SignOption 2 years ago
Mariano Cano e7d7eb1a94 Add provisioner as a signOption for SSH 2 years ago
Mariano Cano 293586079a Store provisioner with SignSSH 
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
 2 years ago
Mariano Cano c8d7ad7ab9 Fix store certificates methods with new interface 2 years ago
Mariano Cano de99c3cac0 Report provisioner and parent on linkedca 2 years ago
Mariano Cano 20b2c6a201 Extract cert storer methods from AuthDB 
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
 2 years ago
Herman Slatman 9e05cc4d51
Merge pull request #940 from smallstep/herman/improve-renew-expired-cert-error 
Improve error message when client renews with expired certificate
 2 years ago
Herman Slatman 479eda7339
Improve error message when client renews with expired certificate 
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.

This commit returns a slightly more informational message to the
client in this specific situation.
 2 years ago
max furman fff00aca78 Updates to issue templates 2 years ago
max furman bfb406bf70 Fixes for PR review 2 years ago
Herman Slatman 14524d7916
Merge pull request #938 from smallstep/herman/update-crypto-0.16.2 
Update go.step.sm/crypto to v0.16.2
 2 years ago
Herman Slatman d1ab1d5431
Merge branch 'master' into herman/update-crypto-0.16.2 2 years ago
Herman Slatman 984e4fcff8
Merge pull request #932 from smallstep/herman/pkcs7-patches 
Use github.com/smallstep/pkcs7 fork with (selected) patches applied
 2 years ago
Herman Slatman b75ce3acbd
Update to go.step.sm/crypto v0.16.2 
This patch release of go.step.sm/crypto fixes an issue with
not all `Subject` names being available for usage in a template
as `ExtraNames`.
 2 years ago
Herman Slatman ea084d71fb
Merge pull request #933 from smallstep/herman/allow-deny 
Fix check for admin not belonging to provisioner that policy applies to
 2 years ago
Herman Slatman c695b23e24
Fix check for admin not belonging to policy 2 years ago
max furman 25b8d196d8 Couple changes in response to PR 
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
 2 years ago
Mariano Cano d0c0733691
Merge pull request #924 from vijayjt/vijayt/helmchart-kms 
Allow KMS type to be specified in the helm chart values YAML
 2 years ago
Herman Slatman 7030dbb7a1
Use github.com/smallstep/pkcs7 fork with patches applied 2 years ago
Herman Slatman d51913f62a
Merge pull request #917 from smallstep/herman/scep-get 
Add SCEP GET requests
 2 years ago
Herman Slatman 688ae837a4
Add some tests for SCEP request decoding 2 years ago
Herman Slatman c9a89d13ee
Merge branch 'master' into herman/scep-get 2 years ago
Herman Slatman 65090daac3
Merge pull request #788 from smallstep/herman/allow-deny 
Add allow/deny policy for x509 SANs and SSH Principals
 2 years ago
Herman Slatman cc26a0b394
Explicitly disable wildcard Common Name constraint 2 years ago
Herman Slatman 0f4ffa504a
Fix linting issues 2 years ago
Herman Slatman 7104299119
Add full policy validation in API 2 years ago
Herman Slatman ed231d29e2
Update to go.step.sm/linkedca@v0.16.1 2 years ago
Herman Slatman 105211392c
Don't rely on linkedca model stability in API response bodies 2 years ago
Herman Slatman 5e9bce508d
Unexport GetPolicy() 2 years ago
Herman Slatman f0272dc717
Fix import replacement of linkedca 2 years ago
Herman Slatman 60d8b22d89
Change context retrievers to MustTFromContext 2 years ago
vijayjt 02c0ae81ac Allow KMS type to be specified in the helm chart template if specified on the command line. 2 years ago
Herman Slatman 723c4c14c0
Merge branch 'master' into herman/allow-deny 2 years ago
Herman Slatman 77893ea55c
Change authority policy to use dbPolicy model 2 years ago
Herman Slatman 13173ec8a2
Fix SCEP GET requests 2 years ago
max furman 4cb74e7d8b fix linter warnings 2 years ago
Herman Slatman d82e51b748
Update AllowWildcardNames configuration name 2 years ago
Herman Slatman 2b7f6931f3
Change Subject Common Name verification 
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
 2 years ago
max furman 88a1bf17cf Update to pull request template 2 years ago
Carl Tashian c82296b7cd
Merge pull request #910 from jschlyter/docker_hsm 
Dockerfile for HSM-enabled Step CA
 2 years ago