Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,248 Commits
41 Branches
214 Tags
91 MiB
master
mariano/signer
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c7f226bcec'
${ noResults }
Commit Graph

3248 Commits (c7f226bcec732dda892d8755e1078559f7a0a69d)
 

Author SHA1 Message Date
Mariano Cano c7f226bcec
Add support for renew when using stepcas 
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
 2 years ago
Mariano Cano 068a2dae8e
Merge pull request #1155 from smallstep/acme-port-flags 
Use the same style of flags
 2 years ago
Mariano Cano e00781873e
Update commands/app.go 
Co-authored-by: Max <mx.furman@gmail.com>
 2 years ago
Mariano Cano bae9a0c152
Use the same style of flags 
It changes the new step-ca flags to use a standard style.
 2 years ago
Mariano Cano 6c0cb23125
Merge pull request #1153 from smallstep/acme-port 
Add support for custom acme ports
 2 years ago
Mariano Cano e27c6c529b
Add support for custom acme ports 
This change adds the flags --acme-http-port, --acme-tls-port, that
combined with --insecure can be used to set custom ports for ACME
http-01 and tls-alpn-01 challenges. These flags should only be used
for testing purposes.

Fixes #1015
 2 years ago
Max 9d90d0cef3
Merge pull request #1152 from smallstep/max/cosign-experimental 
[action] Add COSIGN_EXPERIMENTAL env var to cosign release docs
 2 years ago
max furman 3728cee02a
[action] Add COSIGN_EXPERIMENTAL env var to cosign release docs 2 years ago
Max be8c0b4531
Merge pull request #1151 from smallstep/max/gomod 
go.mod syntax
 2 years ago
max furman 4ccc9a0c32
go.mod syntax 2 years ago
Max 6136dbb196
Merge pull request #1147 from smallstep/dependabot/go_modules/cloud.google.com/go-0.105.0 
Bump cloud.google.com/go from 0.104.0 to 0.105.0
 2 years ago
dependabot[bot] bd577e7531
Bump cloud.google.com/go from 0.104.0 to 0.105.0 
Bumps [cloud.google.com/go](https://github.com/googleapis/google-cloud-go) from 0.104.0 to 0.105.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/v0.104.0...v0.105.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Max e53a4b2ed5
Merge pull request #1149 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.22.0 
Bump go.step.sm/crypto from 0.21.0 to 0.22.0
 2 years ago
dependabot[bot] 917d8dc103
Bump go.step.sm/crypto from 0.21.0 to 0.22.0 
Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/smallstep/crypto/releases)
- [Commits](https://github.com/smallstep/crypto/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: go.step.sm/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Max b85b52d7b5
Merge pull request #1148 from smallstep/dependabot/go_modules/google.golang.org/api-0.101.0 
Bump google.golang.org/api from 0.100.0 to 0.101.0
 2 years ago
Max ea3f2fee7b
Merge pull request #1150 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.8.2 
Bump github.com/hashicorp/vault/api from 1.8.1 to 1.8.2
 2 years ago
Max 9d9236c985
Merge pull request #1146 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.9.0 
Bump cloud.google.com/go/security from 1.8.0 to 1.9.0
 2 years ago
dependabot[bot] d26414a864
Bump github.com/hashicorp/vault/api from 1.8.1 to 1.8.2 
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
dependabot[bot] 22d2c1c31f
Bump google.golang.org/api from 0.100.0 to 0.101.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.100.0 to 0.101.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.100.0...v0.101.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
dependabot[bot] 4e077f997e
Bump cloud.google.com/go/security from 1.8.0 to 1.9.0 
Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.8.0...asset/v1.9.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Max 995b6d1b6c
Merge pull request #1142 from smallstep/max/keyless-cosign 
[action] keyless cosign for all release artifacts
 2 years ago
max furman c36b36f070
[action] cosign over docker image digest 2 years ago
Mariano Cano 3e0b603eb4
Merge pull request #731 from unreality/crl-support 
Support for CRL
 2 years ago
Mariano Cano 2d582e5694
Remove use of time.Duration.Abs 
time.Duration.Abs() was added in Go 1.19
 2 years ago
Mariano Cano 89c8c6d0a0
Fix package name in tls test 2 years ago
Mariano Cano f066ac3d40
Remove buggy logic on GetRevokedCertificates() 2 years ago
Mariano Cano 51c7f56030
Truncate time to the second 2 years ago
Mariano Cano 6d4fd7d016
Update changelog with CRL support 2 years ago
Mariano Cano 812fee7630
Start crl generator before setting initOnce 2 years ago
Mariano Cano 59775fff0c
Merge branch 'master' into crl-support 2 years ago
Mariano Cano 8200d19894
Improve CRL implementation 
This commit adds some changes to PR #731, some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL

This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
 2 years ago
max furman c43d59a69a
[action] keyless cosign for all release artifacts 2 years ago
Herman Slatman 0af15a0538
Merge pull request #1140 from smallstep/herman/remote-management-helm 
Add provisioner and super admin subject output to `ca init`
 2 years ago
Herman Slatman a9359522e6
Add provisioner and super admin subject output to `ca init` 
When initializing a CA with `--remote-management`, it wasn't made
clear that the default JWK provisioner is used when authenticating
for administration purposes and that a default `step` user is
created to login with. This commit adds some additional information
to the CLI output on completion of `ca init`.
 2 years ago
Herman Slatman a718359b7f
Merge pull request #1075 from smallstep/herman/remote-management-helm 
Add `enableAdmin` and `enableACME` to Helm values.yml generation
 2 years ago
Mariano Cano 2e39b6305e
Merge pull request #1139 from smallstep/update-pkcs7 
Upgrade pkcs7 to the latest patches branch
 2 years ago
Mariano Cano aed1738ad0
Upgrade pkcs7 to the latest patches branch 
smallstep/pkcs7@patches includes now support for generic Decrypter
methods, so KMS can be used instead of a key in disk with SCIM
 2 years ago
Max c407354c70
Merge pull request #1137 from smallstep/dependabot/go_modules/google.golang.org/api-0.100.0 
Bump google.golang.org/api from 0.99.0 to 0.100.0
 2 years ago
Max 25340c2bf6
Merge pull request #1138 from smallstep/dependabot/go_modules/github.com/stretchr/testify-1.8.1 
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
 2 years ago
dependabot[bot] 3e96113162
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
dependabot[bot] 016973fd2b
Bump google.golang.org/api from 0.99.0 to 0.100.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.99.0 to 0.100.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.99.0...v0.100.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Herman Slatman e90fe4bfa0
Update CHANGELOG.md with provisioner migration 2 years ago
Herman Slatman 9d04e7d1dc
Remove period in log output 2 years ago
Herman Slatman 54c560f620
Improve configuration file initialization log output 2 years ago
Herman Slatman fd38dd34f9
Fix PR comments 2 years ago
Herman Slatman 49718f1bbb
Fix some comments 2 years ago
Herman Slatman 70da534893
Merge branch 'master' into herman/remote-management-helm 2 years ago
Mariano Cano 398213af51
Merge pull request #1123 from smallstep/renew-raw-subject 
Use RawSubject on renew and rekey
 2 years ago
Mariano Cano caf0628b8c
Merge pull request #1122 from smallstep/fix-1114 
Split build and download in Dockerfiles
 2 years ago
Mariano Cano aefdfc7be7
Use RawSubject on renew and rekey 
Renew was not replicating exactly the subject because extra names
gets decoded into pkix.Name.Names, the non-default ones should be
added to pkix.Name.ExtraNames. Instead of doing that, this commit
sets the RawSubject that will also keep the order.

Fixes #1106
 2 years ago