Mariano Cano
a627f21440
Fix AuthorizeSSHSign tests with extra SignOption
2 years ago
Mariano Cano
e7d7eb1a94
Add provisioner as a signOption for SSH
2 years ago
Mariano Cano
293586079a
Store provisioner with SignSSH
...
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
2 years ago
Mariano Cano
c8d7ad7ab9
Fix store certificates methods with new interface
2 years ago
Mariano Cano
de99c3cac0
Report provisioner and parent on linkedca
2 years ago
Mariano Cano
20b2c6a201
Extract cert storer methods from AuthDB
...
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
2 years ago
Herman Slatman
9e05cc4d51
Merge pull request #940 from smallstep/herman/improve-renew-expired-cert-error
...
Improve error message when client renews with expired certificate
2 years ago
Herman Slatman
479eda7339
Improve error message when client renews with expired certificate
...
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.
This commit returns a slightly more informational message to the
client in this specific situation.
2 years ago
max furman
fff00aca78
Updates to issue templates
2 years ago
max furman
bfb406bf70
Fixes for PR review
2 years ago
Herman Slatman
14524d7916
Merge pull request #938 from smallstep/herman/update-crypto-0.16.2
...
Update go.step.sm/crypto to v0.16.2
2 years ago
Herman Slatman
d1ab1d5431
Merge branch 'master' into herman/update-crypto-0.16.2
2 years ago
Herman Slatman
984e4fcff8
Merge pull request #932 from smallstep/herman/pkcs7-patches
...
Use github.com/smallstep/pkcs7 fork with (selected) patches applied
2 years ago
Herman Slatman
b75ce3acbd
Update to go.step.sm/crypto v0.16.2
...
This patch release of go.step.sm/crypto fixes an issue with
not all `Subject` names being available for usage in a template
as `ExtraNames`.
2 years ago
Mariano Cano
400b1ece0b
Remove scep handler after merge.
2 years ago
Mariano Cano
898ca41268
Merge branch 'master' into context-authority
2 years ago
Herman Slatman
ea084d71fb
Merge pull request #933 from smallstep/herman/allow-deny
...
Fix check for admin not belonging to provisioner that policy applies to
2 years ago
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy
2 years ago
max furman
25b8d196d8
Couple changes in response to PR
...
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
admins when not using Admin API
2 years ago
Mariano Cano
d0c0733691
Merge pull request #924 from vijayjt/vijayt/helmchart-kms
...
Allow KMS type to be specified in the helm chart values YAML
2 years ago
Herman Slatman
7030dbb7a1
Use github.com/smallstep/pkcs7 fork with patches applied
2 years ago
Herman Slatman
d51913f62a
Merge pull request #917 from smallstep/herman/scep-get
...
Add SCEP GET requests
2 years ago
Mariano Cano
8942422973
Add GetID() and add authority to initial context
2 years ago
Herman Slatman
688ae837a4
Add some tests for SCEP request decoding
2 years ago
Herman Slatman
c9a89d13ee
Merge branch 'master' into herman/scep-get
2 years ago
Mariano Cano
1e03bbb1af
Change types in the ACMEAdminResponder
2 years ago
Mariano Cano
f639bfc53b
Use contexts on the new PolicyAdminResponder
2 years ago
Mariano Cano
d461918eb0
Merge branch 'master' into context-authority
2 years ago
Herman Slatman
65090daac3
Merge pull request #788 from smallstep/herman/allow-deny
...
Add allow/deny policy for x509 SANs and SSH Principals
2 years ago
Herman Slatman
cc26a0b394
Explicitly disable wildcard Common Name constraint
2 years ago
Herman Slatman
0f4ffa504a
Fix linting issues
2 years ago
Herman Slatman
7104299119
Add full policy validation in API
2 years ago
Mariano Cano
2ea0c70344
Move acme context middleware to deprecated handler
2 years ago
Herman Slatman
ed231d29e2
Update to go.step.sm/linkedca@v0.16.1
2 years ago
Herman Slatman
105211392c
Don't rely on linkedca model stability in API response bodies
2 years ago
Herman Slatman
5e9bce508d
Unexport GetPolicy()
2 years ago
Herman Slatman
f0272dc717
Fix import replacement of linkedca
2 years ago
Herman Slatman
60d8b22d89
Change context retrievers to MustTFromContext
2 years ago
Mariano Cano
d51c6b7d83
Make step handler backward compatible
2 years ago
Mariano Cano
43ddcf2efe
Do not use deprecated AuthorizeSign
2 years ago
vijayjt
02c0ae81ac
Allow KMS type to be specified in the helm chart template if specified on the command line.
2 years ago
Mariano Cano
62d93a644e
Apply base context to test of the ca package
2 years ago
Mariano Cano
9147356d8a
Fix linter errors
2 years ago
Mariano Cano
a8a4261980
Fix authority/admin/api tests
2 years ago
Mariano Cano
2ab7dc6f9d
Fix acme tests.
2 years ago
Mariano Cano
ba499eeb2a
Fix acme/api tests.
2 years ago
Mariano Cano
6f9d847bc6
Fix panic in acme/api tests.
2 years ago
Herman Slatman
723c4c14c0
Merge branch 'master' into herman/allow-deny
2 years ago
Herman Slatman
77893ea55c
Change authority policy to use dbPolicy model
2 years ago
Herman Slatman
13173ec8a2
Fix SCEP GET requests
2 years ago