Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,026 Commits
40 Branches
214 Tags
91 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b20af51f32'
${ noResults }
Commit Graph

4026 Commits (b20af51f322cb67e9b3d9cc09cc48f0f34524c1f)
 

Author SHA1 Message Date
Mariano Cano b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 5 months ago
github-actions[bot] 2c42907b4e
Merge pull request #1645 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.39.0 
Bump go.step.sm/crypto from 0.38.0 to 0.39.0
 5 months ago
github-actions[bot] ecc47c8e18
Merge pull request #1646 from smallstep/dependabot/go_modules/google.golang.org/api-0.153.0 
Bump google.golang.org/api from 0.152.0 to 0.153.0
 5 months ago
Carl Tashian 4d0c684e88
Merge pull request #1640 from smallstep/carl/debian-bookworm 
Update Dockerfile.hsm to use Debian bookworm
 5 months ago
dependabot[bot] 6fcfb7a737
Bump google.golang.org/api from 0.152.0 to 0.153.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.152.0 to 0.153.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.152.0...v0.153.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 5 months ago
dependabot[bot] 9aee8fde06
Bump go.step.sm/crypto from 0.38.0 to 0.39.0 
Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.38.0 to 0.39.0.
- [Release notes](https://github.com/smallstep/crypto/releases)
- [Commits](https://github.com/smallstep/crypto/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: go.step.sm/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 5 months ago
Carl Tashian bd46d94238
Merge branch 'master' into carl/debian-bookworm 6 months ago
github-actions[bot] c25273d7a7
Merge pull request #1638 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.28.1 
Bump github.com/newrelic/go-agent/v3 from 3.28.0 to 3.28.1
 6 months ago
Carl Tashian 38140c5765
Update Dockerfile.hsm to use Debian bookworm 6 months ago
dependabot[bot] 439ace3086
Bump github.com/newrelic/go-agent/v3 from 3.28.0 to 3.28.1 
Bumps [github.com/newrelic/go-agent/v3](https://github.com/newrelic/go-agent) from 3.28.0 to 3.28.1.
- [Release notes](https://github.com/newrelic/go-agent/releases)
- [Changelog](https://github.com/newrelic/go-agent/blob/master/CHANGELOG.md)
- [Commits](https://github.com/newrelic/go-agent/compare/v3.28.0...v3.28.1)

---
updated-dependencies:
- dependency-name: github.com/newrelic/go-agent/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
Herman Slatman f453323ba9
Merge pull request #1631 from smallstep/herman/fix-apple-acmeclient-invalid-signatures 6 months ago
Herman Slatman 405aae798c
Simplify the `copy` logic used when patching JWS signature 6 months ago
Max 7bfe11c687
Bump go.step.sm/crypto (#1635) 6 months ago
Max d34f0f6a97
Fix linter warnings (#1634) 6 months ago
Herman Slatman 26a3bb3c11
Make the Apple JWS fix more robust and catch more cases. 6 months ago
Herman Slatman 31ba1b33fb
Merge pull request #1633 from smallstep/update-changelog-20231122 
Set `v0.25.1` release date
 6 months ago
Herman Slatman 528aad86dd
Set `v0.25.1` release date 6 months ago
Herman Slatman 3bb469274d
Merge pull request #1632 from smallstep/update-changelog-20231122 
Update changelog for `v0.25.1` release
 6 months ago
Herman Slatman f01b48fdcd
Update changelog for `v0.25.1` release 6 months ago
Herman Slatman 113491e7af
Remove TODO for patching other algorithms for Apple ACME client 6 months ago
Herman Slatman 06f4cbbcda
Add (temporary) fix for missing null bytes in Apple JWS signatures 
Apparently the Apple macOS (and iOS?) ACME client seems to omit
leading null bytes from JWS signatures. The base64-url encoded
bytes decode to a shorter byte slice than what the JOSE library
expects (e.g. 63 bytes instead of 64 bytes for ES256), and then
results in a `jose.ErrCryptoFailure`.

This commit retries verification of the JWS in case the first
verification fails with `jose.ErrCryptoFailure`. The signatures are
checked to be of the correct length, and if not, null bytes are
prepended to the signature. Then verification is retried, which
might fail again, but for other reasons. On success, the payload
is returned.

Apple should fix this in their ACME client, but in the meantime
this commit prevents some "bad request" error cases from happening.
 6 months ago
github-actions[bot] cf6e189d7c
Merge pull request #1629 from smallstep/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.1 
Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1
 6 months ago
dependabot[bot] 350ad9006c
Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
github-actions[bot] 1dacf50776
Merge pull request #1626 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.37.0 
Bump go.step.sm/crypto from 0.36.1 to 0.37.0
 6 months ago
dependabot[bot] 66df354f2f
Bump go.step.sm/crypto from 0.36.1 to 0.37.0 
Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.36.1 to 0.37.0.
- [Release notes](https://github.com/smallstep/crypto/releases)
- [Commits](https://github.com/smallstep/crypto/compare/v0.36.1...v0.37.0)

---
updated-dependencies:
- dependency-name: go.step.sm/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
github-actions[bot] c6db7673bf
Merge pull request #1628 from smallstep/dependabot/go_modules/google.golang.org/api-0.151.0 
Bump google.golang.org/api from 0.150.0 to 0.151.0
 6 months ago
github-actions[bot] a36cf81d6a
Merge pull request #1627 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.28.0 
Bump github.com/newrelic/go-agent/v3 from 3.27.0 to 3.28.0
 6 months ago
dependabot[bot] 5b07ae7f52
Bump google.golang.org/api from 0.150.0 to 0.151.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.150.0 to 0.151.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.150.0...v0.151.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
dependabot[bot] 74597e6fbb
Bump github.com/newrelic/go-agent/v3 from 3.27.0 to 3.28.0 
Bumps [github.com/newrelic/go-agent/v3](https://github.com/newrelic/go-agent) from 3.27.0 to 3.28.0.
- [Release notes](https://github.com/newrelic/go-agent/releases)
- [Changelog](https://github.com/newrelic/go-agent/blob/master/CHANGELOG.md)
- [Commits](https://github.com/newrelic/go-agent/compare/v3.27.0...v3.28.0)

---
updated-dependencies:
- dependency-name: github.com/newrelic/go-agent/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
github-actions[bot] 8308e1ac54
Merge pull request #1619 from smallstep/dependabot/go_modules/golang.org/x/net-0.18.0 
Bump golang.org/x/net from 0.17.0 to 0.18.0
 6 months ago
dependabot[bot] 6826ca9ebb
Bump golang.org/x/net from 0.17.0 to 0.18.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
github-actions[bot] 4f6ca083aa
Merge pull request #1620 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.15.0 
Bump golang.org/x/crypto from 0.14.0 to 0.15.0
 6 months ago
dependabot[bot] 2eefd2ce63
Bump golang.org/x/crypto from 0.14.0 to 0.15.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
github-actions[bot] 6ebd5264ec
Merge pull request #1621 from smallstep/dependabot/go_modules/google.golang.org/api-0.150.0 
Bump google.golang.org/api from 0.149.0 to 0.150.0
 6 months ago
dependabot[bot] 48d9ea188b
Bump google.golang.org/api from 0.149.0 to 0.150.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.149.0 to 0.150.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.149.0...v0.150.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
Herman Slatman a4b7bbf2d9
Merge pull request #1617 from smallstep/herman/scep-webhook-provisioner-name 
Add `provisionerName` to SCEP webhook request body
 7 months ago
Herman Slatman f082cbc421
Denormalize provisioner name in SCEP webhook 7 months ago
Herman Slatman 9ebc8779f5
Normalize SCEP provisioner name in webhook body 7 months ago
Herman Slatman e815864ed8
Add verification of `provisionerName` in test 7 months ago
Herman Slatman de45d66cdb
Add `provisionerName` to webhook request body 7 months ago
Mariano Cano a7ed79bb21
Merge pull request #1616 from smallstep/fix-1611 
Use the same version for building and running
 7 months ago
Mariano Cano 875512c79e
Use the same version for building and running 
This commit makes sure to use the same version for building step-ca with
CGO and running it.

Fixes #1611
 7 months ago
Mariano Cano 1697dc63a7
Merge pull request #1608 from smallstep/mariano/ra-template 
Build RA token using SANs from the template
 7 months ago
Mariano Cano 690d1c3c50
Merge pull request #1609 from smallstep/mariano/jwk-commonname 
Change CommonName validator in JWK
 7 months ago
github-actions[bot] 111bc1d789
Merge pull request #1613 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.5.4 
Bump cloud.google.com/go/longrunning from 0.5.3 to 0.5.4
 7 months ago
dependabot[bot] 8c5d26e1c5
Bump cloud.google.com/go/longrunning from 0.5.3 to 0.5.4 
Bumps [cloud.google.com/go/longrunning](https://github.com/googleapis/google-cloud-go) from 0.5.3 to 0.5.4.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/longrunning/v0.5.3...longrunning/v0.5.4)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/longrunning
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 7 months ago
github-actions[bot] 444cfe2fcd
Merge pull request #1614 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.15.4 
Bump cloud.google.com/go/security from 1.15.3 to 1.15.4
 7 months ago
dependabot[bot] 8406f75806
Bump cloud.google.com/go/security from 1.15.3 to 1.15.4 
Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) from 1.15.3 to 1.15.4.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.15.3...kms/v1.15.4)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 7 months ago
Herman Slatman 132e888f36
Merge pull request #1610 from abelgvidal/fixcontrib 
Amend link to Contribution Guide in README
 7 months ago
Abel Gonzalez 807c7562f5 Amend wrong link to Contribution Guide in README 7 months ago