Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,183 Commits
38 Branches
221 Tags
44 MiB
herman/pkcs7-windows-scep-fix
master
root-not-found-error-message
relative-paths-config
herman/wire-dpop-struct
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.4-rc1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f221232a80'
${ noResults }
Commit Graph

89 Commits (f221232a80c8616f565b8a9c6e5920c1cecc0375)

Author SHA1 Message Date
Herman Slatman 70a2f431fa
Address review remarks 9 months ago
Herman Slatman 776a839a42
Fix linter issues and improve error handling 9 months ago
Herman Slatman eb9893bd21
Refactor logic for processing `WireID` identifiers in Order 
Processing `WireID` identifiers, the Wire subject, and the Wire
DPoP and OIDC tokens is now conditional.
 9 months ago
beltram 5fdf036a4d
fix: invalid OID for display name in CSR 9 months ago
beltram 1b32957ff6
fix: verify custom display_name extension is present 9 months ago
beltram 7b5740153d
support for oidc id token 9 months ago
beltram 8888262e45
cheat by allowing also looking up for ready orders 9 months ago
beltram 0bc530c98e
log more things 9 months ago
beltram abe86002ee
try by storing everything in db 9 months ago
beltram 76dfcb00e4
try silencing template data for dichotomies 9 months ago
beltram a32bb66e47
trying to pass access token to template 9 months ago
beltram b58de27675
fix: do not convert URIs to lowercase for comparison purpose 9 months ago
beltram 3576cc30c8
forward displayName in CSR with custom OID 9 months ago
beltram 4172b69816
remove displayName validation, potentially harmful 9 months ago
beltram 79501df5a2
fix: exclude displayName from SAN DNS 9 months ago
Stefan Berthold af31a167c6
skip empty entries for uniqueSortedLowerNames 9 months ago
beltram cc5fd0a6a5
fix san validation 9 months ago
beltram 3eb0ff43c0
fix orderNames size 9 months ago
beltram c41a99ad75
(finalize) have both display name & domain in SANs 9 months ago
beltram 5ba0ab3e44
fix csr domain validation in finalize 9 months ago
beltram 73ec6c89d0
fix csr org validation in finalize 9 months ago
Stefan Berthold 8e0e35532c
Add Wire authz and challenges (OIDC+DPOP) 9 months ago
Mariano Cano 6ba20209c2
Verify CSR key fingerprint with attestation certificate key 
This commit makes sure that the attestation certificate key matches the
key used on the CSR on an ACME device attestation flow.
 2 years ago
Herman Slatman 64d9ad7b38
Validate Subject Common Name for Orders with Permanent Identifier 2 years ago
Andrew Reed 7101fbb0ee
Provisioner webhooks (#1001) 2 years ago
max furman f3d1863ec6
A few more linter errors 2 years ago
Mariano Cano f0a24bd8ca
Add acme property to enable challenges 
Fixes #1027
 2 years ago
Mariano Cano 191d9e8629
Use go.step.sm/crypto to set the permanent identifier 2 years ago
Mariano Cano 2b3b2c283a
Add attestation certificate validation for Apple devices 2 years ago
Brandon Weeks 5f5315260a
iOS 16 beta 1 support 2 years ago
Brandon Weeks 6f2b4d3042
Add ACME permanent-identifier identifier type 2 years ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano 34c6c65671 Pass attestation information to the Sign method 
Attestation information might be useful in authorizing webhooks
 2 years ago
Mariano Cano 3cd72ac72a Remove debug statements 2 years ago
Mariano Cano 54d92095ac Validate proof of possession signature 
On the step format, validate proof of possession of the private
key validating the signature in the attestation statement.
 2 years ago
Mariano Cano 59b7603d1e Use a clientAuth only cert for device-attest-01 2 years ago
Mariano Cano 2f7cb9225f Use go.step.sm/crypto to set the permanent identifier 2 years ago
Mariano Cano 66356cff43 Add attestation certificate validation for Apple devices 2 years ago
Brandon Weeks 7e1b0bebd9 iOS 16 beta 1 support 2 years ago
Brandon Weeks 2ac8b69da2 Add ACME permanent-identifier identifier type 2 years ago
Herman Slatman 80bebda69c
Fix code style issue 3 years ago
Herman Slatman bc0875bd7b
Disallow email address and URLs in the CSR 
Before this commit `step` would allow email addresses and URLs
in the CSR. This doesn't fit nicely with the rest of ACME, in which
identifiers need to be authorized before a certificate is issued.
 3 years ago
Herman Slatman 13a31fd862
Merge branch 'master' into herman/ip-sans-improvements 3 years ago
Herman Slatman ca707cbe05
Fix linting 3 years ago
Herman Slatman a2c9b5cd7e
Allow IP identifiers in subject, including authorization enforcement 
To support IPs in the subject using `step-cli`, this PR ensures that
Subject Common Names that can be parsed as an IP are also checked
to have been authorized before.

The PR for `step-cli` is here: github.com/smallstep/cli/pull/576.
 3 years ago
Herman Slatman 06bb97c91e
Add logic for Account authorizations and improve tests 3 years ago
Herman Slatman 29f9730485
Satisfy golangci-lint 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Herman Slatman 8e4a4ecc1f
Refactor tests for sans 3 years ago
Herman Slatman 87b72afa25
Fix IP equality check and add more tests 3 years ago