Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,308 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

58 Commits (master)

Author SHA1 Message Date
max furman 99ce13a4ea
Fix linter warnings 1 week ago
max furman 8b256f0351
address linter warning for go 1.19 1 year ago
Mariano Cano ac35f3489c
Remove unused certificate validators and modifiers 
With the introduction of certificate templates some certificate
validators and modifiers are not used anymore. This commit deletes the
ones that are not used.
 1 year ago
Herman Slatman 6e1f8dd7ab
Refactor policy engines into container 2 years ago
Herman Slatman 571b21abbc
Fix (most) PR comments 2 years ago
Herman Slatman 7c541888ad
Refactor configuration of allow/deny on authority level 2 years ago
Herman Slatman 88c7b63c9d
Split SSH user and cert policy configuration and execution 2 years ago
Herman Slatman 512b8d6730
Refactor instantiation of policy engines 
Instead of using the `base` struct, the x509 and SSH policy
engines are now added to each provisioner directly.
 2 years ago
Herman Slatman 066bf32086
Fix part of PR comments 2 years ago
Herman Slatman 1e808b61e5
Merge logic for X509 and SSH policy 2 years ago
Herman Slatman 9539729bd9
Add initial implementation of x509 and SSH allow/deny policy engine 2 years ago
Mariano Cano e0fee84694 Add comment about public key validator. 3 years ago
Mariano Cano c3f98fd04d Change some bad requests to forbidded. 
Change in the sign options bad requests to forbidded if is the
provisioner the one adding a restriction, e.g. list of dns names,
validity, ...
 3 years ago
Mariano Cano a33709ce8d Fix sign ssh options tests. 3 years ago
Mariano Cano 1da7ea6646 Return always http errors in sign ssh options. 3 years ago
Mariano Cano b6ebd118fc Update temporal solution for sending message to users 3 years ago
Mariano Cano 668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 3 years ago
Mariano Cano 1aadd63cef Use always badRequest on duration errors. 3 years ago
Mariano Cano 41fec1577d Report duration errors directly to the cli. 3 years ago
Mariano Cano 141c519171 Simplify check of principals in a case insensitive way 
Fixes #679
 3 years ago
Fearghal O Floinn 7a94b0c157 Converts group and subgroup to lowercase for comparison. 
Fixes #679
 3 years ago
Mariano Cano d30a95236d Use always go.step.sm/crypto 4 years ago
Mariano Cano 8d89bbd62f Remove unused code. 4 years ago
Mariano Cano c4bbc81d9f Fix authority tests. 4 years ago
Mariano Cano 413af88aad Fix provisioning tests. 4 years ago
Mariano Cano 9822305bb6 Use only the IID template on IID provisioners. 
Use always sshutil.DefaultIIDCertificate and require at least one
principal on IID provisioners.
 4 years ago
Mariano Cano a78f7e8913 Add template support on k8ssa provisioner. 4 years ago
Mariano Cano e0dce54338 Add missing argument. 4 years ago
Mariano Cano c1fc45c872 Simplify SSH modifiers with options. 
It also changes the behavior of the request options to modify only
the validity of the certificate.
 4 years ago
Mariano Cano 570ede45e7 Do not enforce number of principals or extensions. 4 years ago
Mariano Cano 631f1612a1 Add TemplateData to SignSSHOptions. 4 years ago
Mariano Cano 6c64fb3ed2 Rename provisioner options structs: 
* provisioner.ProvisionerOptions => provisioner.Options
* provisioner.Options => provisioner.SignOptions
* provisioner.SSHOptions => provisioner.SingSSHOptions
 4 years ago
max furman 397a181d10 Add backdate validation to sshCertValidityValidator. 4 years ago
max furman 1cb8bb3ae1 Simplify statuscoder error generators. 4 years ago
max furman dccbdf3a90 Introduce generalized statusCoder errors and loads of ssh unit tests. 
* StatusCoder api errors that have friendly user messages.
* Unit tests for SSH sign/renew/rekey/revoke across all provisioners.
 4 years ago
Mariano Cano 144acb9ee3 Remove debug statement. 4 years ago
Mariano Cano 84ff172093 Add support for backdate to SSH certificates. 4 years ago
max furman 414a94b210 Instrument getIdentity func for OIDC ssh provisioner 4 years ago
Mariano Cano 7db7b1ee4c Fix some provisioner tests 4 years ago
max furman 54e3cf7322 Add multiuse capability to k8ssa provisioners 4 years ago
max furman d368791606 Add x5c provisioner capabilities 5 years ago
Mariano Cano d59a5b222f Truncate to seconds to avoid rounding up times. 
It can cause that certs are not valid yet, if they are used right away.
 5 years ago
Mariano Cano adc1d54b0d Define valid after as 1m before now. 
It avoids errors with immediate use of cert.
 5 years ago
max furman e3826dd1c3 Add ACME CA capabilities 5 years ago
max furman d204469280 Add a few more validity checks to default ssh cert validator 5 years ago
Mariano Cano 396b4222aa Implement validator for ssh keys. 
Fixes #100
 5 years ago
max furman 61d52a8510 Small fixes associated with PR review 
* additions and grammar edits to documentation
* clarification of error msgs
 5 years ago
Mariano Cano 34e1e3380a Fix lint errors. 5 years ago
Mariano Cano e71072d389 Add experimental support for provisioning users. 5 years ago
Mariano Cano a8f4ad1b8e Set default SSH options if no user options are given. 5 years ago