Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,886 Commits
38 Branches
221 Tags
44 MiB
master
herman/pkcs7-windows-scep-fix
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.4-rc1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '84ea8bd67a'
${ noResults }
Commit Graph

191 Commits (84ea8bd67aa18909ff6d78b7b46eb926cb584076)

Author SHA1 Message Date
Herman Slatman bc2bb53009
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano 26e7cc6177 Allow to use the SDK with ed25519 keys. 3 years ago
Herman Slatman c04f556dc2
Merge branch 'master' into hs/scep 3 years ago
max furman 8c709fe3c2 Init config on load | Add wrapper for cli 3 years ago
Mariano Cano 5846314f88 Add missing Rekey method to the ca.Client 
Fixes #315
 3 years ago
Herman Slatman 68d5f6d0d2
Merge branch 'master' into hs/scep 3 years ago
Mariano Cano 1328aa3e47 Fix review comments. 3 years ago
Mariano Cano 50b9aaec57 Add new identity tests. 3 years ago
Mariano Cano e414d0c8ea Fix unit tests. 3 years ago
Mariano Cano c5234e9c61 Refactor tls tunnel connections. 
New method will use an identity-like file with the configuration
used to create the (m)TLS connection to the tunnel.
 3 years ago
Mariano Cano e75a9409a5 Add experimental support for a TLS over TLS tunnel. 3 years ago
Herman Slatman 0487686f69
Merge branch 'master' into hs/scep 4 years ago
Mariano Cano 02a5879cfe Specify always a Proxy in all custom transports. 
Fixes #535
 4 years ago
max furman 93c3c2bf2e Error handle non existent provisioner downstream and disable debug route logging 4 years ago
max furman b1888fd34d Use different method for unescpaed paths for the router 4 years ago
Max b724af30ad
Merge pull request #496 from smallstep/max/acme 
Convert to ACME DB interface
 4 years ago
max furman 672e3f976e Few ACME fixes ... 
- always URL escape linker output
- validateJWS should accept RSAPSS
- GetUpdateAccount -> GetOrUpdateAccount
 4 years ago
Herman Slatman 2320d0911e
Add sync.WaitGroup for proper error handling in Run() 4 years ago
Herman Slatman b815478981
Make serving SCEP endpoints optional 
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
 4 years ago
Herman Slatman c5e4ea08b3
Merge branch 'master' into hs/scep 4 years ago
Herman Slatman b97f024f8a
Remove superfluous call to StoreCertificate 4 years ago
max furman df05340521 fixing broken unit tests 4 years ago
max furman f72b2ff2c2 [acme db interface] nosql authz unit tests 4 years ago
max furman 074ab7b221 [acme db interface] add linker tests 4 years ago
max furman bb8d54e596 [acme db interface] unit tests compiling 4 years ago
max furman fc395f4d69 [acme db interface] compiles! 4 years ago
max furman 80a6640103 [acme db interface] wip 4 years ago
Mariano Cano 8c8c160c92 Fix method name in comment. 4 years ago
Mariano Cano bdeb0ccd7c Add support for the flag --issuer-password-file 
The new flag allows to pass a file with the password used to decrypt
the key used in RA mode.
 4 years ago
Herman Slatman 583d60dc0d
Address (most) PR comments 4 years ago
Herman Slatman e1cab4966f
Improve initialization of SCEP authority 4 years ago
Herman Slatman 8c5b12e21d
Add non-TLS server and improve crypto.Decrypter interface 
A server without TLS was added to serve the SCEP endpoints. According
to the RFC, SCEP has to be served via HTTP. The `sscep` client, for
example, will stop any URL that does not start with `http://` from
being used, so serving SCEP seems to be the right way to do it.

This commit adds a second server for which no TLS configuration is
configured. A distinct field in the configuration, `insecureAddress`
was added to specify the address for the insecure server.

The SCEP endpoints will also still be served via HTTPS. Some clients
may be able to work with that.

This commit also improves how the crypto.Decrypter interface is
handled for the different types of KMSes supported by step. The
apiv1.Decrypter interface was added. Currently only SoftKMS
implements this interface, providing a crypto.Decrypter required
for SCEP operations.
 4 years ago
Herman Slatman 2d21b09d41
Remove some duplicate and unnecessary logic 4 years ago
Herman Slatman 3a5f633cdd
Add support for multiple SCEP provisioners 
Similarly to how ACME suppors multiple provisioners, it's
now possible to load the right provisioner based on the
URL.
 4 years ago
Herman Slatman 7948f65ac0
Merge branch 'master' into hs/scep 4 years ago
Herman Slatman 7ad90d10b3
Refactor initialization of SCEP authority 4 years ago
Mariano Cano 5be86691c1 Fix unit tests in Go 1.16. 4 years ago
Herman Slatman 78d78580b2
Add note about using a second (unsecured) server 4 years ago
Herman Slatman 9e43dc85d8
Merge branch 'master' into hs/scep-master 4 years ago
Herman Slatman 713b571d7a
Refactor SCEP authority initialization and clean some code 4 years ago
Herman Slatman ffdd58ea3c
Add rudimentary (and incomplete) support for SCEP 4 years ago
Mariano Cano b487edbd13 Clarify comment. 4 years ago
Mariano Cano fbd2208044 Close key manager for safe reloads when a cgo module is used. 4 years ago
Mariano Cano 40d0596b71 Use smallstep/cli-utils instead of smallstep/cli 4 years ago
Mariano Cano ba918100d0 Use go.step.sm/crypto/jose 
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
 4 years ago
Mariano Cano d30a95236d Use always go.step.sm/crypto 4 years ago
Mariano Cano 533ad0ca20 Use always go.step.sm/crypto/x509util 4 years ago
Mariano Cano 4943ae58d8 Move TLSOption, TLSVersion, CipherSuites and ASN1DN to certificates. 4 years ago
Mariano Cano e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago