Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,010 Commits
41 Branches
215 Tags
44 MiB
master
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd34f0f6a97'
${ noResults }
Commit Graph

4010 Commits (d34f0f6a973adf989f7d24322ed112d51dc00cc7)
 

Author SHA1 Message Date
Herman Slatman c952e9fc9d
Use `NewDetailedError` instead 11 months ago
Mariano Cano 30ce9e65f7
Write configuration only if encoding succeeds 
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.

Related to smallstep/cli#994
 11 months ago
Herman Slatman e2e9bf5494
Clarify some SCEP properties 11 months ago
Herman Slatman 70626b157d
Merge branch 'master' into herman/scep-provisioner-decrypter 11 months ago
Mariano Cano 47d820561f
Merge pull request #1500 from smallstep/upgrade-crypto 
Fix adding certificate templates with ASN.1 functions
 11 months ago
Mariano Cano 4667060df8
Upgrade golang.org/x/net 
This commit fixes the vulnerability GO-2023-1988, improper rendering of
text nodes in golang.org/x/net/html.

More info: https://pkg.go.dev/vuln/GO-2023-1988
 11 months ago
Mariano Cano 103b4e1cf1
Fix adding certificate templates with ASN.1 functions 
This commit upgrades go.step.sm/crypto with a fix to validate the
templates that use custom functions.
 11 months ago
Herman Slatman 4186b2c2d0
Change JSON marshaling for SCEP provisioners 
Instead of the old method that redacted sensitive information
by overriding the value of the property and changing it back
to the original, the API now uses a model specifically meant
for API responses. This prevents potential race conditions.

This may be iterated on a bit so that we don't need to rely
on the [provisioner.Interface] interface, which requires the
API model to implement unnecessary methods.
 11 months ago
Herman Slatman d754000a68
Fix SCEP provisioner API test 11 months ago
Herman Slatman c0a1837cd9
Verify full decrypter/signer configuration at usage time 
When changing the SCEP configuration it is possible that one
or both of the decrypter configurations required are not available
or have been provided in a way that's not usable for actual SCEP
requests.

Instead of failing hard when provisioners are loaded,
which could result in the CA not starting properly, this type of
problematic configuration errors will now be handled at usage
time instead.
 11 months ago
Herman Slatman 88ed900dc3
Rely on the latest linkedca 11 months ago
Herman Slatman 0f35bb1af5
Defer missing decrypter/signer configuration errors to SCEP authority 11 months ago
Herman Slatman afdd8d3786
Upgrade `golang.org/x/net` to `v0.13.0` 11 months ago
Herman Slatman f3c24fe875
Change how multiple identifiers are printed in errors 11 months ago
Herman Slatman 4496830859
Merge branch 'master' into herman/acme-attestation-errors 11 months ago
Herman Slatman fc1fb51854
Improve SCEP authority initialization and reload 11 months ago
Herman Slatman 7163c4f95f
Add helper for getting the appropriate SCEP response signer 11 months ago
Herman Slatman 59b7419dcf
Rely on latest `linkedca` commit with `SCEPDecrypter` support 11 months ago
Herman Slatman 569a1be12c
Merge branch 'master' into herman/scep-provisioner-decrypter 11 months ago
github-actions[bot] c07124e374
Merge pull request #1499 from smallstep/dependabot/go_modules/google.golang.org/api-0.134.0 
Bump google.golang.org/api from 0.132.0 to 0.134.0
 11 months ago
dependabot[bot] 74240092e9
Bump google.golang.org/api from 0.132.0 to 0.134.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.132.0 to 0.134.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.132.0...v0.134.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 11 months ago
github-actions[bot] edd718d89e
Merge pull request #1498 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.57.0 
Bump google.golang.org/grpc from 1.56.2 to 1.57.0
 11 months ago
dependabot[bot] a8b67cd9e6
Bump google.golang.org/grpc from 1.56.2 to 1.57.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 11 months ago
Herman Slatman a0cdad335d
Add test for `WithAdditionalErrorDetail` 11 months ago
Herman Slatman 9a52675865
Return descriptive error when using unsupported format 11 months ago
Herman Slatman 0d3338ff3a
Return consistent ACME error types for specific cases 11 months ago
Herman Slatman df22b8a303
Cleanup some leftover TODOs 11 months ago
Mariano Cano d8a9c69eaa
Merge pull request #1484 from smallstep/fix-620 
Add support for the disableSmallstepExtensions claim
 11 months ago
Herman Slatman dd9bf1e915
Add error details for the `step` format 11 months ago
Herman Slatman 9cbbd1d575
Add error details to ACME `tpm` format validation errors 11 months ago
Herman Slatman d5dd8feccd
Prevent internal errors from being returned to ACME clients 11 months ago
Herman Slatman 979e0f8f51
Add error details to select error cases for `apple` format 11 months ago
Mariano Cano d0fd9ebe42
Update Makefile preparing for a new release 11 months ago
Mariano Cano cce7d9e839
Address comments from code review 11 months ago
Mariano Cano c7c7decd5e
Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 11 months ago
Mariano Cano d7efceadb1
Merge pull request #1493 from smallstep/steppath 
Remove automatic initialization of the STEPPATH
 11 months ago
Mariano Cano 7429008599
Use tagged versions of crypto and cli-utils 11 months ago
Herman Slatman 1ce80cf740
Merge branch 'master' into herman/scep-provisioner-decrypter 11 months ago
Herman Slatman 567fc25404
Use the RSA decryption configuration for signing responses too 11 months ago
Mariano Cano 7061147885
Use step.Abs to load the certificate templates 
step.Abs has been removed from crypto and they need to be set when those
methods are used
 11 months ago
Mariano Cano 40a2f53589
Remove automatic initialization of the STEPPATH 
This commit upgrades cli-utils and crypto packages that remove the
automatic initialization of the STEPPATH.
 11 months ago
Herman Slatman 557672bb4b
Add some notes for SCEP provisioners 11 months ago
Mariano Cano 95887ebf40
Merge pull request #1481 from smallstep/remove-user-regex 
Remove OIDC user regexp check
 11 months ago
Josh Drake a1350b14fb
Merge pull request #1489 from smallstep/josh/authorization-principal-in-webhook 
Include authorization principal in provisioner webhooks.
 11 months ago
Mariano Cano c9df65ebae
Merge pull request #1490 from smallstep/dry-run-migration 
Add option to dry-run the migration
 11 months ago
Mariano Cano d9d7c52997
Add option to dry-run the migration 
This commit adds an option that runs the migration on a virtual database
that doesn't do anything. This option can be used to see how many rows
there are.
 11 months ago
Josh Drake ff424fa944
Fix tests. 11 months ago
github-actions[bot] 7282245e88
Merge pull request #1488 from smallstep/dependabot/go_modules/go.step.sm/linkedca-0.20.0 
Bump go.step.sm/linkedca from 0.19.1 to 0.20.0
 11 months ago
github-actions[bot] 9a7582d1d3
Merge pull request #1487 from smallstep/dependabot/go_modules/google.golang.org/api-0.132.0 
Bump google.golang.org/api from 0.131.0 to 0.132.0
 11 months ago
dependabot[bot] 7796ad8f90
Bump go.step.sm/linkedca from 0.19.1 to 0.20.0 
Bumps [go.step.sm/linkedca](https://github.com/smallstep/linkedca) from 0.19.1 to 0.20.0.
- [Release notes](https://github.com/smallstep/linkedca/releases)
- [Commits](https://github.com/smallstep/linkedca/compare/v0.19.1...v0.20.0)

---
updated-dependencies:
- dependency-name: go.step.sm/linkedca
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 11 months ago