smallstep-certificates

Commit Graph

Author	SHA1	Message	Date
Mariano Cano	d68c765e20	Add context to errors	2 years ago
Mariano Cano	72e2c4eb2e	Render proper policy and constrains errors	2 years ago
Mariano Cano	4b79405dac	Check constraints and policy for leaf certificates too	2 years ago
Mariano Cano	a6e85cbbf6	Fix linter errors	2 years ago
Mariano Cano	325d8bca4f	Merge branch 'master' into name-constraints	2 years ago
max furman	2d4efc8292	Fix linter warnings	2 years ago
max furman	75bb196193	Add concurrency workflow config \| fix broken test due to golang ver	2 years ago
max furman	120629edab	Do not use the templateError in the BadRequestErr	2 years ago
max furman	7c5e5b2b87	Even more linter fixes	2 years ago
max furman	f3d1863ec6	A few more linter errors	2 years ago
max furman	1e0ea6f958	more linting fixes	2 years ago
max furman	33458c88aa	Standardize linting file and fix or ignore lots of linting errors	2 years ago
Mariano Cano	f0a24bd8ca	Add acme property to enable challenges Fixes #1027	2 years ago
Mariano Cano	567d96c771	Revert "Run on plaintext HTTP to support Cloud Run" This reverts commit `09b9673a60`.	2 years ago
Mariano Cano	191d9e8629	Use go.step.sm/crypto to set the permanent identifier	2 years ago
Mariano Cano	debe565e42	Validate constraints on Sign and Renew/Rekey Fixes #1060	2 years ago
Mariano Cano	89b6aa924a	Normalize IPs in matchIPConstraint	2 years ago
Brandon Weeks	f3d2bd7a19	Run on plaintext HTTP to support Cloud Run	2 years ago
Herman Slatman	25cbe02b9e	Add provisioner template validation Fixes #1012	2 years ago
Max	2de7d3fcf0	Update authority/provisioner/claims.go Co-authored-by: Mariano Cano <mariano@smallstep.com>	2 years ago
max furman	ab0d2503ae	Standardize linting file and fix or ignore lots of linting errors	2 years ago
Mariano Cano	3f58f30b21	Name tests properly	2 years ago
Mariano Cano	75bff055fc	Add StatusCoder to ConstraintError	2 years ago
Mariano Cano	2959aa676d	Add helper ValidateCertificate	2 years ago
Mariano Cano	8b54e25f64	Allow nil engines	2 years ago
Mariano Cano	2a15e3eee1	Rename constraint.Service to constraint.Engine	2 years ago
Mariano Cano	45e594f98c	Make the constraint service public	2 years ago
Mariano Cano	7bea2f4d0e	Add more constraint unit tests	2 years ago
Mariano Cano	495494ce8f	Return a typed error	2 years ago
Mariano Cano	6686f0437d	Remove x509 prefixes	2 years ago
Mariano Cano	0263468424	Initial work on name constraints validation Issue #1060	2 years ago
Mariano Cano	34c6c65671	Pass attestation information to the Sign method Attestation information might be useful in authorizing webhooks	2 years ago
Mariano Cano	42102d88d5	Fix merge and add unit tests	2 years ago
Mariano Cano	ee7307bd41	Cherry-pick acme.go from `acdfdf3`	2 years ago
Mariano Cano	8fc4a58242	Fix nil pointer exception, missing error	2 years ago
Raal Goff	40baf73dff	remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,	2 years ago
Mariano Cano	4e19aa4c52	Add cache duration if crl is set	2 years ago
Mariano Cano	0829f37fe8	Define a default crl cache duration	2 years ago
Mariano Cano	4a4f7ca9ba	Fix panic if cacheDuration is not set	2 years ago
Mariano Cano	bb0210e875	Fix typo in linkedca variable	2 years ago
Mariano Cano	1e098aef5b	Fixes ACMEAttestationFormat comment	2 years ago
Mariano Cano	66407139e5	Add methods to convert attestation formats	2 years ago
Mariano Cano	ba42aaf865	Add attestationFormat property in the ACME provisioner	2 years ago
Mariano Cano	b2119e9f2c	Merge pull request #977 from smallstep/device-attestation Device attestation	2 years ago
Mariano Cano	fd4e96d1f4	Rename method to IsChallengeEnabled	2 years ago
Mariano Cano	c77b4ff9c5	Fix linter errors	2 years ago
Mariano Cano	59c5219a07	Use a type for acme challenges	2 years ago
Raal Goff	924082bb49	fix linter errors	2 years ago
Raal Goff	d2483f3a70	Merge branch 'master' into crl-support # Conflicts: # authority/config/config.go	2 years ago
Raal Goff	b89f210469	remove fail-email test and add ok-empty-email test	2 years ago
Mariano Cano	a2749ca8ed	Merge branch 'master' into device-attestation	2 years ago
Raal Goff	7a03c43fe2	allow missing Email claim in OIDC tokens, use subject when its missing	2 years ago
Mariano Cano	1938b1bb34	Merge branch 'master' into herman/fix-template-validation	2 years ago
Mariano Cano	1d1e024b84	Upgrade to go.step.sm/crypto v0.18.0	2 years ago
Mariano Cano	f1c63bc38d	Fix challenge mapping	2 years ago
Mariano Cano	df96b126dc	Add AuthorizeChallenge unit tests	2 years ago
Mariano Cano	bca311b05e	Add acme property to enable challenges Fixes #1027	2 years ago
Herman Slatman	6b7b989988	Add provisioner template validation Fixes #1012	2 years ago
Mariano Cano	693dc39481	Merge branch 'master' into device-attestation	2 years ago
Mariano Cano	b1e9d5ee86	Revert "Run on plaintext HTTP to support Cloud Run" This reverts commit `09b9673a60`.	2 years ago
Mariano Cano	23b8f45b37	Address gosec warnings Most if not all false positives	2 years ago
Mariano Cano	0c7467ceb2	Allow to automatically configure and linked RA	2 years ago
Mariano Cano	5e0be92273	Allow option to skip the validation of config	2 years ago
Mariano Cano	b62f4d1000	Add lgtm comments on some security warnings	2 years ago
Mariano Cano	a5439c43cd	Remove ciphersuites without Lucky13 countermeasures SHA-256 variants of the CBC ciphersuites don't implement any Lucky13 countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and https://www.imperialviolet.org/2013/02/04/luckythirteen.html.	2 years ago
Mariano Cano	8bd0174251	Rename field to IsCAServerCert	2 years ago
Mariano Cano	5df1694250	Add endpoint id for the RA certificate In a linked RA mode, send an endpoint id to group the server certificates.	2 years ago
Mariano Cano	eb091aec54	Simplify field names for ProvisionerInfo	2 years ago
Mariano Cano	21427d5d65	Replace instead of prepend provisioner extension With non standard SANs this will generate the SAN and provisioner extension in the same order.	2 years ago
Mariano Cano	369b8f81c3	Use go.step.sm/crypto/kms Fixes #975	2 years ago
Mariano Cano	e02a190fa7	Merge branch 'master' into device-attestation	2 years ago
Max	3e2729e391	Merge pull request #989 from smallstep/max/disable-ssh-hosts Add attribute to disable SSH Hosts list API	2 years ago
max furman	99c9155467	disableSSHHostsListAPI -> disableGetSSHHosts	2 years ago
Mariano Cano	64744562c6	Send RA provisioner to linkedca.	2 years ago
Mariano Cano	6b5d3dca95	Add provisioner name to RA info	2 years ago
Mariano Cano	a1f54921d2	Rename internal field	2 years ago
Mariano Cano	f9df8ac05f	Remove unused interface	2 years ago
Mariano Cano	9408d0f24b	Send RA provisioner information to the CA	2 years ago
max furman	fb7f57a8df	Add attribute to disable SSH Hosts list API	2 years ago
Raal Goff	60671b07d7	Merge branch 'master' into crl-support # Conflicts: # api/api.go # authority/config/config.go # cas/softcas/softcas.go # db/db.go	2 years ago
Brandon Weeks	09b9673a60	Run on plaintext HTTP to support Cloud Run	2 years ago
Shulhan	fe04f93d7f	all: reformat all go files with the next gofmt (Go 1.19) There are some changes that manually edited, for example using '-' as default list and grouping imports.	2 years ago
Mariano Cano	9c049eec5a	Add revoke ssh unit test	2 years ago
Mariano Cano	ce9a23a0f7	Fix SSH certificate revocation	2 years ago
Mariano Cano	911cec21da	Merge pull request #943 from smallstep/ssh-renew-provisioner Add provisioner to SSH renewals	2 years ago
Mariano Cano	94f5b92513	Use proper context in authority package	2 years ago
Mariano Cano	1be74eca62	Merge branch 'master' into ssh-renew-provisioner	2 years ago
Mariano Cano	26dd97e718	Merge branch 'master' into context-authority	2 years ago
Mariano Cano	6b3a8f22f3	Add provisioner to SSH renewals This commit allows to report the provisioner to the linkedca when a SSH certificate is renewed.	2 years ago
Mariano Cano	3c4d0412ef	Merge pull request #941 from smallstep/ssh-provisioner Report SSH provisioner	2 years ago
Max	f8148071fb	Merge pull request #915 from smallstep/max/removing-beta exposing authority configuration for provisioner cli commands	2 years ago
max furman	5443aa073a	gofmt -s	2 years ago
Max	586e4fd3b5	Update authority/options.go Co-authored-by: Mariano Cano <mariano@smallstep.com>	2 years ago
Mariano Cano	dd985ce154	Clarify errors when sending renewed certificates	2 years ago
Mariano Cano	a627f21440	Fix AuthorizeSSHSign tests with extra SignOption	2 years ago
Mariano Cano	e7d7eb1a94	Add provisioner as a signOption for SSH	2 years ago
Mariano Cano	293586079a	Store provisioner with SignSSH This change also allows to store the old certificate on renewal on linkedca or if the db interface supports it.	2 years ago
Mariano Cano	c8d7ad7ab9	Fix store certificates methods with new interface	2 years ago
Mariano Cano	de99c3cac0	Report provisioner and parent on linkedca	2 years ago
Herman Slatman	479eda7339	Improve error message when client renews with expired certificate When a client provides an expired certificate and `AllowAfterExpiry` is not enabled, the client would get a rather generic error with instructions to view the CA logs. Viewing the CA logs can be done when running `step-ca`, but they can't be accessed easily in the hosted solution. This commit returns a slightly more informational message to the client in this specific situation.	2 years ago

1 2 3 4 5 ...

1106 Commits (9007e2ef75f2be9dc3b7f74a4725a972b6705e9d)