Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,146 Commits
43 Branches
215 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8f504483ce'
${ noResults }
Commit Graph

1146 Commits (8f504483ceaec2bfa86b049009cea8d07c28e3c2)
 

Author SHA1 Message Date
dharanikumar-s 8f504483ce Added RenewOrRekey function based on @maraino suggestion. RenewOrReky is called from Renew. 4 years ago
dharanikumar-s 3813f57b1a Add support for rekeying Fixes #292 4 years ago
Max 2ebfc73f77
Merge pull request #290 from smallstep/max/profileLimit 
Update profileLimitDuration validator ...
 4 years ago
max furman 7d5cf34ce5 Update profileLimitDuration validator ... 
- respect notBefore of the provisioner
- modify/fix the reported errors
 4 years ago
Mariano Cano 72bb6e159f
Merge pull request #287 from smallstep/nil-templates 
Avoid nil pointer panic on step ssh config with no templates.

Fixes #289
 4 years ago
max furman 54be8889cd Correct attribute names for SSH claims in provisioner docs 4 years ago
Max 6ee30c3a41
Merge pull request #288 from smallstep/max/rhel-doc 
Add RHEL/Centos install documentation and a section on systemctl configuration
 4 years ago
max furman aaec9931f4 Add RHEL/Centos install docs and a section on systemctl config 4 years ago
Mariano Cano 9832d1538b Avoid nil pointer panic on step ssh config with no templates. 4 years ago
Mariano Cano 91bf74551b
Merge pull request #176 from moqmar/patch/ports-below-1024 
Let step-ca bind to ports < 1024

Fixes #170
 4 years ago
Mariano Cano 88add85e42
Merge pull request #286 from smallstep/ksm-imports 
Move load of kms to main package.
 4 years ago
Mariano Cano ddb4ca7a74 Move load of kms to main package. 
With this change packages that import the authority won't load by
default all the supported kms with all its dependencies.

Fixes #228
 4 years ago
Miclain K Keffeler 2d45f61987
Merge pull request #1 from mkkeffeler/mkkeffeler-docs 
RHEL/CentOS Example
 4 years ago
Miclain K Keffeler 195cdd664a
RHEL/CentOS Example 4 years ago
Max 0b528d2507
Merge pull request #283 from smallstep/max/empty-oids-nil 
Always convert empty list to nil when saving orderIDs index.
 4 years ago
max furman 41a1a053d8 Always convert empty list to nil when saving orderIDs index. 4 years ago
Max 619f6f6ce0
Merge pull request #281 from smallstep/max/acmeOrders 
Only retain `pending' orders in the `acme_account_orders_index`
 4 years ago
max furman 704a510a2a Remove non-pending orders from the acme_orders_by_account index ... 
- Each acme account has an index in this table. Before this change, the
index would grow unchecked as orders accumulate. This change removes
orders that have moved out of the 'PENDING' state.
 4 years ago
max furman c4f1eea5dc Correct badger file loading mode documentation. 4 years ago
David Cowden 30bfba48d5 Merge branch 'dcow/key-change-error' 
Fixes: https://github.com/smallstep/certificates/pull/276
 4 years ago
max furman d9a1fb7e5d Recommend badgerV2 in badger extra options documentation. 4 years ago
David Cowden a26b5f322d acme/api: Brush up documentation on key-change 
Add more specific wording describing what a 501 means and add more color
explaining how official vs unofficial error types should be handled.
 4 years ago
Mariano Cano 2ca63a9ff5
Merge pull request #267 from smallstep/awskms 
AWS KMS support
 4 years ago
Mariano Cano 26c89cf779 Rename method. 4 years ago
Mariano Cano 7a985b1470 Fix usage, remove unsupported flag. 4 years ago
Mariano Cano df3e9c0cd6 Add full version of the license. 4 years ago
Mariano Cano 4ac51dd508
Merge pull request #274 from smallstep/oidc-raw-locals 
Allow dots and other symbols in principals for OIDC
 4 years ago
Mariano Cano 6c9cd7050c Add test with query strings. 4 years ago
Mariano Cano dfe8e11e44 Remove anchor from link. 4 years ago
Mariano Cano 3246a3e81f Add missing test case. 4 years ago
David Cowden b26e6e42b3 acme: Return 501 for the key-change route 
RFC 8555 § 7.3.5 is not listed as optional but we do not currently
support it. Rather than 404, return a 501 to inform clients that this
functionality is not yet implemented.

The notImplmented error type is not an official error registered in the
ietf:params:acme:error namespace, so prefix if with step:acme:error. An
ACME server is allowed to return other errors and clients should display
the message detail to users.

Fixes: https://github.com/smallstep/certificates/issues/209
 4 years ago
Max ab0f2aedcc
Merge pull request #268 from smallstep/max/acme-nbf 
Set nbf and nbf for ACME orders even when they are not set in the request.

Closes #92
 4 years ago
max furman 6e69f99310 Always set nbf and naf for new ACME orders ... 
- Use the default value from the ACME provisioner if values are not
defined in the request.
 4 years ago
Mariano Cano 0b5fd156e8 Add a third principal on OIDC tokens with the raw local part of the email. 
For the email first.last@example.com it will create the principals
  ["firstlast", "first.last", "first.last@example.com"]

Fixes #253, #254
 4 years ago
Mariano Cano 7104588fcb Fix linter error. 4 years ago
Mariano Cano f006cca87a Use Go 1.14. 4 years ago
Mariano Cano aaf71ce66a Add unit tests for awskms. 4 years ago
Mariano Cano d4cb9f4ac7 Define an interface for kms operations. 
This interface will be used for unit testing.
 4 years ago
Mariano Cano deac15327f Add docs for AWS KMS. 4 years ago
Mariano Cano 82fb96588e Fix unit tests. 4 years ago
Mariano Cano 5b680b2349 Add initialization script for an AWS KMS. 4 years ago
Mariano Cano c32abb76cd Add initial implementation to support AWS KMS. 4 years ago
Mariano Cano b0f768a3fb Add implementation of URIs for KMS. 
Implementation is based on the PKCS #11 URI Scheme RFC
https://tools.ietf.org/html/rfc7512
 4 years ago
Mariano Cano 2bc69d3edd
Merge pull request #252 from smallstep/yubikey 
Yubikey support
 4 years ago
Mariano Cano 89e164dad6 Add AuthorityKeyId to cloudkms root cert. 4 years ago
Mariano Cano 97508ca215 Add AuthorityKeyId to root certificate. 
Fix error string.
 4 years ago
Max ba91f4ed13
Merge pull request #260 from anxolerd/feat-force-cn-if-empty 
[Feature] Force CommonName for certificates from ACME provisioner
 4 years ago
Oleksandr Kovalchuk 4cd01b6868
Implement tests for forceCNOption modifier 
Implement unit tests which checks forceCNOption modifier (implemented
in 322200b7db) is not broken and works
correctly.

Ref: https://github.com/smallstep/certificates/issues/259
 4 years ago
Oleksandr Kovalchuk 893a53793a
Modify existing tests to accept forceCNOption modifier 
Modify existing tests to pass with changes introduced in commit
322200b7db. This is safe to do as
tests assert exact length of modifiers, which has changed.
 4 years ago
Oleksandr Kovalchuk 322200b7db
Implement modifier to set CommonName 
Implement modifier which sets CommonName to the certificate if
CommonName is empty and forceCN is set in the config. Replace previous
implementation introduced in 0218018cee
with new modifier.

Closes https://github.com/smallstep/certificates/issues/259
Ref: https://github.com/smallstep/certificates/pull/260#issuecomment-628961322
 4 years ago