Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,794 Commits 37 Branches 223 Tags 44 MiB
e074b77243
Commit Graph

3794 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
e074b77243
Bump golang.org/x/net from 0.13.0 to 0.14.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-07 16:01:34 +00:00
Herman Slatman
6de964f13a
Merge pull request #1495 from smallstep/herman/acme-attestation-errors 
Return more detailed errors to ACME clients using `device-attest-01`
 2023-08-04 21:01:32 +02:00
Mariano Cano
bdc7b1b691
Merge pull request #1501 from smallstep/safe-save 
Write configuration only if encoding succeeds
 2023-08-04 10:02:26 -07:00
Herman Slatman
cbc1be310d
Merge branch 'master' into herman/acme-attestation-errors 2023-08-04 11:24:59 +02:00
Herman Slatman
c952e9fc9d
Use NewDetailedError instead 2023-08-04 11:24:22 +02:00
Mariano Cano
30ce9e65f7
Write configuration only if encoding succeeds 
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.

Related to smallstep/cli#994
 2023-08-03 17:54:49 -07:00
Mariano Cano
47d820561f
Merge pull request #1500 from smallstep/upgrade-crypto 
Fix adding certificate templates with ASN.1 functions
 2023-08-03 16:02:29 -07:00
Mariano Cano
4667060df8
Upgrade golang.org/x/net 
This commit fixes the vulnerability GO-2023-1988, improper rendering of
text nodes in golang.org/x/net/html.

More info: https://pkg.go.dev/vuln/GO-2023-1988
 2023-08-03 15:30:04 -07:00
Mariano Cano
103b4e1cf1
Fix adding certificate templates with ASN.1 functions 
This commit upgrades go.step.sm/crypto with a fix to validate the
templates that use custom functions.
 2023-08-03 15:30:04 -07:00
Herman Slatman
afdd8d3786
Upgrade golang.org/x/net to v0.13.0 2023-08-03 14:48:26 +02:00
Herman Slatman
f3c24fe875
Change how multiple identifiers are printed in errors 2023-08-03 14:45:00 +02:00
Herman Slatman
4496830859
Merge branch 'master' into herman/acme-attestation-errors 2023-08-02 21:45:15 +02:00
github-actions[bot]
c07124e374
Merge pull request #1499 from smallstep/dependabot/go_modules/google.golang.org/api-0.134.0 
Bump google.golang.org/api from 0.132.0 to 0.134.0
 2023-07-31 10:20:37 -07:00
dependabot[bot]
74240092e9
Bump google.golang.org/api from 0.132.0 to 0.134.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.132.0 to 0.134.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.132.0...v0.134.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-31 17:12:25 +00:00
github-actions[bot]
edd718d89e
Merge pull request #1498 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.57.0 
Bump google.golang.org/grpc from 1.56.2 to 1.57.0
 2023-07-31 10:10:53 -07:00
dependabot[bot]
a8b67cd9e6
Bump google.golang.org/grpc from 1.56.2 to 1.57.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-31 15:12:12 +00:00
Herman Slatman
a0cdad335d
Add test for WithAdditionalErrorDetail 2023-07-31 13:22:00 +02:00
Herman Slatman
9a52675865
Return descriptive error when using unsupported format 2023-07-31 12:29:07 +02:00
Herman Slatman
0d3338ff3a
Return consistent ACME error types for specific cases 2023-07-31 12:11:50 +02:00
Herman Slatman
df22b8a303
Cleanup some leftover TODOs 2023-07-31 11:59:26 +02:00
Mariano Cano
d8a9c69eaa
Merge pull request #1484 from smallstep/fix-620 
Add support for the disableSmallstepExtensions claim
 2023-07-28 08:30:13 -07:00
Herman Slatman
dd9bf1e915
Add error details for the step format 2023-07-28 16:59:34 +02:00
Herman Slatman
9cbbd1d575
Add error details to ACME tpm format validation errors 2023-07-28 16:28:47 +02:00
Herman Slatman
d5dd8feccd
Prevent internal errors from being returned to ACME clients 2023-07-28 14:39:35 +02:00
Herman Slatman
979e0f8f51
Add error details to select error cases for apple format 2023-07-28 14:25:17 +02:00
Mariano Cano
d0fd9ebe42
Update Makefile preparing for a new release 2023-07-27 15:05:04 -07:00
Mariano Cano
cce7d9e839
Address comments from code review 2023-07-27 15:05:04 -07:00
Mariano Cano
c7c7decd5e
Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 2023-07-27 15:05:01 -07:00
Mariano Cano
d7efceadb1
Merge pull request #1493 from smallstep/steppath 
Remove automatic initialization of the STEPPATH
 2023-07-27 12:33:35 -07:00
Mariano Cano
7429008599
Use tagged versions of crypto and cli-utils 2023-07-27 12:24:17 -07:00
Mariano Cano
7061147885
Use step.Abs to load the certificate templates 
step.Abs has been removed from crypto and they need to be set when those
methods are used
 2023-07-26 15:44:02 -07:00
Mariano Cano
40a2f53589
Remove automatic initialization of the STEPPATH 
This commit upgrades cli-utils and crypto packages that remove the
automatic initialization of the STEPPATH.
 2023-07-26 15:34:05 -07:00
Mariano Cano
95887ebf40
Merge pull request #1481 from smallstep/remove-user-regex 
Remove OIDC user regexp check
 2023-07-25 10:56:13 -07:00
Josh Drake
a1350b14fb
Merge pull request #1489 from smallstep/josh/authorization-principal-in-webhook 
Include authorization principal in provisioner webhooks.
 2023-07-24 21:22:46 -05:00
Mariano Cano
c9df65ebae
Merge pull request #1490 from smallstep/dry-run-migration 
Add option to dry-run the migration
 2023-07-24 16:39:39 -07:00
Mariano Cano
d9d7c52997
Add option to dry-run the migration 
This commit adds an option that runs the migration on a virtual database
that doesn't do anything. This option can be used to see how many rows
there are.
 2023-07-24 16:35:22 -07:00
Josh Drake
ff424fa944
Fix tests. 2023-07-24 15:27:49 -05:00
github-actions[bot]
7282245e88
Merge pull request #1488 from smallstep/dependabot/go_modules/go.step.sm/linkedca-0.20.0 
Bump go.step.sm/linkedca from 0.19.1 to 0.20.0
 2023-07-24 18:21:34 +02:00
github-actions[bot]
9a7582d1d3
Merge pull request #1487 from smallstep/dependabot/go_modules/google.golang.org/api-0.132.0 
Bump google.golang.org/api from 0.131.0 to 0.132.0
 2023-07-24 18:20:32 +02:00
dependabot[bot]
7796ad8f90
Bump go.step.sm/linkedca from 0.19.1 to 0.20.0 
Bumps [go.step.sm/linkedca](https://github.com/smallstep/linkedca) from 0.19.1 to 0.20.0.
- [Release notes](https://github.com/smallstep/linkedca/releases)
- [Commits](https://github.com/smallstep/linkedca/compare/v0.19.1...v0.20.0)

---
updated-dependencies:
- dependency-name: go.step.sm/linkedca
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-24 15:30:23 +00:00
dependabot[bot]
2d666cfc4f
Bump google.golang.org/api from 0.131.0 to 0.132.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.131.0 to 0.132.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.131.0...v0.132.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-24 15:30:12 +00:00
Josh Drake
904f416d20
Include authorization principal in provisioner webhooks. 2023-07-24 00:30:05 -05:00
Mariano Cano
d89c3a942e
Merge pull request #1486 from smallstep/migrate-admindb 
Add to the migration script the admin tables
 2023-07-20 20:55:35 -07:00
Mariano Cano
aa30c2c73c
Add to the migration script the admin tables 2023-07-20 18:07:28 -07:00
Mariano Cano
31533c4a15
Merge pull request #1485 from smallstep/webhooks-x5c 
Send X5C leaf certificate to webhooks
 2023-07-20 14:02:59 -07:00
Mariano Cano
5bfe96d8c7
Send X5C leaf certificate to webhooks 
This commit adds a new property that will be sent to authorizing and
enriching webhooks when signing certificates using the X5C provisioner.
 2023-07-20 13:03:45 -07:00
Mariano Cano
d604a900ed
Merge pull request #1482 from smallstep/fix-reload-tests 
Wait for Accept in TestBootstrapClientServerRotation
 2023-07-19 15:03:52 -07:00
Mariano Cano
0c3a1aea38
Wait for Accept in TestBootstrapClientServerRotation 
The TestBootstrapClientServerRotation often fails because the reload
returns once the Server loop gets the new listener, but the server
hasn't really started yet. This commit makes the test pass, adding a
small sleep after the reload.

A proper fix might require a wrapper over the listener and an ACK
callback on a sync.Once on a custom Accept.
 2023-07-19 14:56:09 -07:00
Mariano Cano
7fa97bedec
Remove OIDC user regexp check 
This commit removes the regular expression check on OIDC usernames.
Although it is not recommended to use any character in a username,
it is possible to create and use them. The tool useradd has the flag
--badname and adduser has --allow-badname and --allow-all-names to
create new users with any character.

Moreover, it is possible to create any username with the rest of
provisioners.

Fixes #1436
 2023-07-19 11:05:01 -07:00
Mariano Cano
cbc46d11e5
Merge pull request #1477 from smallstep/badger-migration 
Add tool to migrate data from badger to mysql or postgresql
 2023-07-18 14:36:06 -07:00