Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,207 Commits
37 Branches
221 Tags
44 MiB
master
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.4-rc1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '94f8e58bea'
${ noResults }
Commit Graph

152 Commits (94f8e58bea175de1d6c76a2980d97a0c47f5346b)

Author SHA1 Message Date
Herman Slatman e0b495e4c8
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman c26041f835
Add ACME EAB nosql tests 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Herman Slatman 0afea2e957
Improve tests for already bound EAB keys 3 years ago
Herman Slatman c2bc1351c6
Add provisioner to remove endpoint and clear reference index on delete 3 years ago
Herman Slatman 746c5c9fd9
Disallow creation of EAB keys with non-unique references 3 years ago
Herman Slatman 9c0020352b
Add lookup by reference and make reference optional 3 years ago
Herman Slatman 02cd3b6b3b
Fix PR comments 3 years ago
Herman Slatman f11c0cdc0c
Add endpoint for listing ACME EAB keys 3 years ago
Herman Slatman a1afbce50c
Check EAB key exists before deleting it 3 years ago
Herman Slatman 9d09f5e575
Add support for deleting ACME EAB keys 3 years ago
Herman Slatman a98fe03e80
Merge branch 'master' into hs/acme-eab 3 years ago
Herman Slatman 1dba8698e3
Use LinkedCA.EABKey type in ACME EAB API 3 years ago
Mariano Cano 470b546d59
Merge pull request #557 from joejulian/http01-isv 
use InsecureSkipVerify for validation
 3 years ago
max furman a3028bbc0e Add test for updateAddOrderIDs 3 years ago
Mariano Cano dc5205cc72 Extract the tls error code and fail accordingly. 3 years ago
Mariano Cano ae58a0ee4e Make tests compatible with Go 1.17. 
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
 3 years ago
Herman Slatman f31ca4f6a4
Add tests for validateExternalAccountBinding 3 years ago
Herman Slatman 492256f2d7
Add first test cases for EAB and make provisioner unique per EAB 
Before this commit, EAB keys could be used CA-wide, meaning that
an EAB credential could be used at any ACME provisioner. This
commit changes that behavior, so that EAB credentials are now
intended to be used with a specific ACME provisioner. I think
that makes sense, because from the perspective of an ACME client
the provisioner is like a distinct CA.

Besides that this commit also includes the first tests for EAB.
The logic for creating the EAB JWS as a client has been taken
from github.com/mholt/acmez. This logic may be moved or otherwise
sourced (i.e. from a vendor) as soon as the step client also
(needs to) support(s) EAB with ACME.
 3 years ago
Herman Slatman c6bfc6eac2
Fix PR comments 3 years ago
Herman Slatman d669f3cb14
Fix misspelling 3 years ago
Herman Slatman 540d5fbbdc
Fix marshaling -> marshalling 3 years ago
Herman Slatman 2110c7722f
Fix JWK payload key equality check 3 years ago
Herman Slatman d44cd18b96
Add External Accounting Binding key "BoundAt" marking 3 years ago
Herman Slatman f81d49d963
Add first working version of External Account Binding 3 years ago
max furman 857a50434c Merge branch 'master' into max/cert-mgr-crud 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
Herman Slatman 8e4a4ecc1f
Refactor tests for sans 3 years ago
Herman Slatman 87b72afa25
Fix IP equality check and add more tests 3 years ago
Herman Slatman a6d33b7d06
Add tests for sans() 3 years ago
Herman Slatman 64c15fde7e
Add tests for canonicalize function 3 years ago
Herman Slatman c514a187b2
Fix Fail() -_-b 3 years ago
Herman Slatman 135e912ac8
Improve coverage for TLS-ALPN-01 challenge 3 years ago
Herman Slatman 218a2adb9f
Add tests for IP Order validations 3 years ago
Herman Slatman 523ae96749
Change identifier and challenge types to consts 3 years ago
Herman Slatman 84ea8bd67a
Fix PR comments 3 years ago
Herman Slatman af4803b8b8
Fix tests 3 years ago
Herman Slatman 0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge 3 years ago
Herman Slatman a6405e98a9
Remove fmt. 3 years ago
Herman Slatman 2f40011da8
Add support for TLS-ALPN-01 challenge 3 years ago
Herman Slatman 76dcf542d4
Fix mixed DNS and IP SANs in Order 3 years ago
Herman Slatman af615db6b5
Support DNS and IPs as SANs in single Order 3 years ago
Herman Slatman a0e92f8e99
Verify IP identifier contains valid IP 3 years ago
Herman Slatman 6486e6016b
Make logic for which challenge types to use clearer 3 years ago
Herman Slatman 3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers 3 years ago
Herman Slatman 6d9710c88d
Add initial support for ACME IP validation 3 years ago
max furman 7b5d6968a5 first commit 3 years ago
Joe Julian 0369151bfa
use InsecureSkipVerify for validation 
The server will not yet have a valid certificate so we need to disable
certificate validation in the HTTPGetter.
 3 years ago
Mariano Cano 2e1524ec2f Remove the creation on nonce on get acme directory. 
According to RFC 8555, the replay nonces are only required in POST
requests. And of course in the new-nonce request.
 4 years ago
max furman 93c3c2bf2e Error handle non existent provisioner downstream and disable debug route logging 4 years ago