Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,411 Commits
41 Branches
215 Tags
93 MiB
master
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.9.3
dependabot/go_modules/github.com/google/go-tpm-0.9.1
wire-acme-extensions
mariano/init-provisioners
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.26.2
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f2dd5c48cc'
${ noResults }
Commit Graph

58 Commits (f2dd5c48cc2a90fe955dff0c99c8ee864922bd6b)

Author SHA1 Message Date
Mariano Cano bd8dd9da41 Do not read issuer and signer twice. 4 years ago
Mariano Cano aad8f9e582 Pass issuer and signer to softCAS options. 
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
 4 years ago
Mariano Cano 1b1f73dec6 Early attempt to develop a CAS interface. 4 years ago
Mariano Cano d30a95236d Use always go.step.sm/crypto 4 years ago
Mariano Cano e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 4 years ago
Mariano Cano fcfc4e9b2b Fix ssh federated template variables. 4 years ago
Mariano Cano e3ae751b57 Use templates from authority instead of config. 4 years ago
Mariano Cano 6c844a0618 Load default templates if no templates are configured. 4 years ago
Mariano Cano c02fe77998 Close the key manager before shutting down. 4 years ago
Mariano Cano 4e544344f9 Initialize the required config fields on embedded authorities. 
This change is to make easier the use of embedded authorities. It
can be difficult for third parties to know what fields are required.
The new init methods will define the minimum usable configuration.
 4 years ago
Mariano Cano b5eab009b2 Rename method to NewEmbedded 4 years ago
Mariano Cano 824374bde0 Create a method to initialize the authority without a config file. 
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
 4 years ago
Mariano Cano c49a9d5e33 Add context parameter to all SSH methods. 4 years ago
Mariano Cano 5c8c741fab Fix linting issues. 4 years ago
Mariano Cano 9021951f1a Fix types. 4 years ago
Mariano Cano e98d7832b9 Add options to read the roots and federated roots from a bundle. 4 years ago
Mariano Cano c62526b39f Add wip support for kms. 4 years ago
max furman 1e17ec7d33 Use x5cInsecure token for /ssh/check-host endpoint 5 years ago
max furman c2a3bcfab5 resolving merge 5 years ago
max furman 927784237d Use an actual Hosts type when returning ssh hosts 5 years ago
Mariano Cano 2f18a26d4f Add version endpoint. 5 years ago
max furman 35912cc906 change func def for getSSHHosts 
* continue to return all hosts if injection method not specified
 5 years ago
max furman c407a9319b Add getSSHHosts injection func 5 years ago
max furman 8b2105a8f9 Instrument getIdentity func for OIDC ssh provisioner 5 years ago
max furman 6ca1df5081 Add WithGetIdentityFunc option and attr to authority 
* Add Identity type to provisioner
 5 years ago
Mariano Cano 86a0558587 Add support for /ssh/bastion method. 5 years ago
Mariano Cano 43b663e0c3 Move Option type to a new file. 5 years ago
max furman a9ea292bd4 sshpop provisioner + ssh renew | revoke | rekey first pass 5 years ago
Mariano Cano e5da24f269 Fix list of user ssh public keys. 5 years ago
Mariano Cano 91ccc3802c Fix lint error. 5 years ago
Mariano Cano 38d735be6e Add support for federated keys. 5 years ago
Mariano Cano e84489775b Add support for multiple ssh roots. 
Fixes #125
 5 years ago
Mariano Cano caa2174efc Add support for user data in templates. 5 years ago
Mariano Cano 7b8bb6deb4 Add initial support for ssh config. 
Related to smallstep/cli#170
 5 years ago
Mariano Cano dc6ffb7670 Add initial implementation of ssh config. 5 years ago
max furman fe7973c060 wip 5 years ago
max furman e3826dd1c3 Add ACME CA capabilities 5 years ago
Mariano Cano 004ea12212 Allow to use custom SSH user/host key files. 5 years ago
Mariano Cano 1c8f610ca9 Add initial implementation of an SSH CA using the JWK provisioner. 
Fixes smallstep/ca-component#187
 5 years ago
Mariano Cano dbd3131068 Fix comments. 5 years ago
Mariano Cano fb6a1afd89 Fix typo. 5 years ago
Mariano Cano 3a1a4c5ea9 Do not allow reload with database configuration changes. 
Fixes #smallstep/ca-component#170
 5 years ago
max furman 81db527f12 NoopDB -> SimpleDB 5 years ago
max furman ab4d569f36 Add /revoke API with interface db backend 5 years ago
Mariano Cano 2fb77b8a4d Truncate to seconds the startTime to simplify tests. 5 years ago
Mariano Cano 2d00cd0933 Validate audiences in the default provisioner. 5 years ago
Mariano Cano c776ca3bd6 Use provisioner.Collection to store and request the provisioners. 5 years ago
Mariano Cano 98cc243a37 Add support for multiple roots. 6 years ago
Mariano Cano 722bcb7e7a Add initial support for federated root certificates. 6 years ago
Mariano Cano 7e95fc0e45 Strip ports on audience check. 
Services might have proxies behind them so we cannot rely on them.
Fixes #17
 6 years ago