Commit Graph

2939 Commits (d718c69ad33e0a8f88f3f2348a910189c9a7365e)
 

Author SHA1 Message Date
Mariano Cano d718c69ad3 Prepare changelog for release 2 years ago
Mariano Cano b8162d5954
Merge pull request #1034 from smallstep/fix-1033
Fixes signature algorithm
2 years ago
Mariano Cano a7fcfe0e4e Verify with roots and intermediates 2 years ago
Mariano Cano 30c54a555d Add entry in changelog 2 years ago
Mariano Cano ea8579f3df Fix bad signature algorithm on EC+RSA PKI
When the root certificate has an EC key and he intermediate has an
RSA key, the signature algorithm of the leafs should be the default
one, SHA256WithRSA, instead of the one that the intermediate has.

Fixes #1033
2 years ago
Mariano Cano a893d6e7f7 Upgrade go.step.sm/cli-utils
Fixes issue with step path
2 years ago
Mariano Cano 432477aa91
Merge pull request #1030 from smallstep/herman/fix-template-validation
Add provisioner template validation
2 years ago
Mariano Cano 1938b1bb34 Merge branch 'master' into herman/fix-template-validation 2 years ago
Mariano Cano 1d1e024b84 Upgrade to go.step.sm/crypto v0.18.0 2 years ago
Herman Slatman 6b7b989988
Add provisioner template validation
Fixes #1012
2 years ago
Mariano Cano dd6f59b538
Merge pull request #1024 from smallstep/gosec
Address gosec warnings
2 years ago
Mariano Cano 23b8f45b37 Address gosec warnings
Most if not all false positives
2 years ago
Mariano Cano 713dfad884
Merge pull request #1019 from smallstep/head-middleware
Add a middleware to automatically route HEAD requests to GET
2 years ago
Max 8f88740a5a
Merge pull request #1014 from smallstep/max/dns-id
Check for DNS name validity
2 years ago
Mariano Cano 6cab4d328e Add a middleware to automatically route HEAD requests to GET
Fixes #992
2 years ago
max furman c040e4b459 Add unit tests 2 years ago
Mariano Cano 85fc837dc3
Merge pull request #1018 from smallstep/ra-config
Ra config
2 years ago
Mariano Cano 3c88a9ccc2 Fixed changelog 2 years ago
Mariano Cano 8e08f0dea3 Add entries to changelog 2 years ago
Mariano Cano 0c7467ceb2 Allow to automatically configure and linked RA 2 years ago
Mariano Cano 5e0be92273 Allow option to skip the validation of config 2 years ago
max furman b7c2f6c482 Check for DNS name validity 2 years ago
Mariano Cano ae76d943c9
Merge pull request #1009 from smallstep/code-ql
Code QL
2 years ago
Mariano Cano 2db15e4eb5 Remove unnecessary log entries
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
2 years ago
Mariano Cano 759aa26a57 Fix linter warning 2 years ago
Mariano Cano 90d2785776 Sanitize log entries in logging package 2 years ago
Mariano Cano b62f4d1000 Add lgtm comments on some security warnings 2 years ago
Mariano Cano a5439c43cd Remove ciphersuites without Lucky13 countermeasures
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
2 years ago
Mariano Cano d6baad443b
Merge pull request #1008 from smallstep/endpoint-id
Endpoint ID
2 years ago
Mariano Cano 8bd0174251 Rename field to IsCAServerCert 2 years ago
Mariano Cano 5df1694250 Add endpoint id for the RA certificate
In a linked RA mode, send an endpoint id to group the server
certificates.
2 years ago
Max 20784c7a00
Merge pull request #1006 from smallstep/max/revoke-serial-validation
Validate revocation serial number
2 years ago
max furman 1dd0d7d0ee Update bad serial error to be more specific 2 years ago
max furman 73ba411e1d [action] parameterize golangci-lint version 2 years ago
Mariano Cano eb091aec54 Simplify field names for ProvisionerInfo 2 years ago
Mariano Cano a65adc032b
Merge pull request #1005 from smallstep/crypto-kms
Use go.step.sm/crypto/kms
2 years ago
max furman 7052a32c2c Validate revocation serial number 2 years ago
Mariano Cano 4985ab1d62 Remove kms package 2 years ago
Mariano Cano 369b8f81c3 Use go.step.sm/crypto/kms
Fixes #975
2 years ago
Max 3e2729e391
Merge pull request #989 from smallstep/max/disable-ssh-hosts
Add attribute to disable SSH Hosts list API
2 years ago
Mariano Cano 9f67a808cd
Merge pull request #1004 from smallstep/go-1.19
Change actions to build using Go 1.19
2 years ago
Mariano Cano f1aabaa99c Use functions from os instead of io/ioutil 2 years ago
Mariano Cano 8445c29db6 Change actions to build using Go 1.19
Fixes #998
2 years ago
max furman 99c9155467 disableSSHHostsListAPI -> disableGetSSHHosts 2 years ago
Mariano Cano 38fb92452f
Merge pull request #993 from smallstep/ra-ids
RA provisioner IDs
2 years ago
Mariano Cano 22337da18c
Merge pull request #990 from qbit/master
Update deps to bring in support for OpenBSD
2 years ago
Mariano Cano 821743f71e Upgrade newrelic to v3 2 years ago
Aaron Bieber 135c481893 Update deps to bring in support for OpenBSD
OpenBSD support was added to the following deps:
 - github.com/go-piv/piv-go in https://github.com/go-piv/piv-go/pull/101
 - github.com/newrelic/go-agent in https://github.com/newrelic/go-agent/pull/455
 - github.com/miekg/pkcs11 in https://github.com/miekg/pkcs11/pull/140

With these deps bumped, tests all pass on OpenBSD amd64.
2 years ago
Mariano Cano a2f7766943 Use released version of linkedca 2 years ago
Mariano Cano c5c7c30cc2 Fix typo in ProvisionerInfo 2 years ago