Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,262 Commits
45 Branches
214 Tags
90 MiB
mariano/err-not-found
master
dependabot/go_modules/cloud.google.com/go/longrunning-0.5.7
dependabot/go_modules/github.com/newrelic/go-agent/v3-3.33.0
dependabot/go_modules/golang.org/x/crypto-0.23.0
dependabot/go_modules/cloud.google.com/go/security-1.16.1
wire-acme-extensions
mariano/init-provisioners
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.8.2
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

150 Commits (master)

Author SHA1 Message Date
Herman Slatman 113a6dd8ab
Remove reporting the CA mode from startup logs 2 weeks ago
Herman Slatman 6bc0a86207
Fix CA startup with Vault RA configuration 3 weeks ago
Mariano Cano 0ac9023590
Fix typo in error message and comment 2 months ago
Mariano Cano 10f6a901ec
Let the CA determine the RA lifetime 
When the RA mode with StepCAS is used, let the CA decide which lifetime
the RA should get instead of requiring always 24h.

This commit also fixes linter warnings.

Related to #1094
 2 months ago
Venky Gopal fbc1e895c2 Allow x509 Service CA implementation to be injected through ca and authority options 4 months ago
Mariano Cano b20af51f32
Upgrade go.step.sm/crypto to use go-jose/v3 5 months ago
Mariano Cano 6705b7dde4
Build RA token using SANs from the template 
This commit updates the RA token to use the SANs coming from the
template instead of the CSR.

Note that this PR might break some admin tokens.
 6 months ago
Theron 9d7dff6995 Add namespace field to VaultCAS JSON config 11 months ago
max furman 8b256f0351
address linter warning for go 1.19 1 year ago
Mariano Cano afd5d46a90
Use vaultcas ttl as a duration string 
According to docs at thttps://developer.hashicorp.com/vault/api-docs/secret/pki#ttl
the ttl can be sent as a time.Duration string.

Fixes #1375
 1 year ago
Herman Slatman b5961beba9
Fix and/or ignore linting issues 1 year ago
max furman 57c1c2071d
Correct bad comment on NotImplementedError.Error() 2 years ago
Mariano Cano e8726d24fa
Merge pull request #1156 from smallstep/ra-renew 
Add support for renew when using stepcas
 2 years ago
max furman e351bd90dc
Run make generate with mockgen@v1.6.0 2 years ago
max furman 8f7fae585c
Add mockgen commands for cloudcas_test 2 years ago
max furman d4e81723ee
Updates for deprecated google cloud security APIs 2 years ago
Mariano Cano c7f226bcec
Add support for renew when using stepcas 
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.

The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.

Fixes #1021 for stepcas
 2 years ago
Mariano Cano 8200d19894
Improve CRL implementation 
This commit adds some changes to PR #731, some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL

This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
 2 years ago
Raal Goff d0e81af524 Merge branch 'master' into crl-support 2 years ago
max furman 7c5e5b2b87
Even more linter fixes 2 years ago
max furman 6af9437875
Rebase over master and a few more linter fixes 2 years ago
max furman 18a648cffa
Fix linter warning about bad error name 2 years ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano b0d24fb801 Fix test with gcloud local credentialss 2 years ago
Raal Goff 924082bb49 fix linter errors 2 years ago
Raal Goff d2483f3a70 Merge branch 'master' into crl-support 
# Conflicts:
#	authority/config/config.go
 2 years ago
Mariano Cano a7fcfe0e4e Verify with roots and intermediates 2 years ago
Mariano Cano ea8579f3df Fix bad signature algorithm on EC+RSA PKI 
When the root certificate has an EC key and he intermediate has an
RSA key, the signature algorithm of the leafs should be the default
one, SHA256WithRSA, instead of the one that the intermediate has.

Fixes #1033
 2 years ago
Mariano Cano 8bd0174251 Rename field to IsCAServerCert 2 years ago
Mariano Cano 5df1694250 Add endpoint id for the RA certificate 
In a linked RA mode, send an endpoint id to group the server
certificates.
 2 years ago
Mariano Cano eb091aec54 Simplify field names for ProvisionerInfo 2 years ago
Mariano Cano 369b8f81c3 Use go.step.sm/crypto/kms 
Fixes #975
 2 years ago
Mariano Cano f1aabaa99c Use functions from os instead of io/ioutil 2 years ago
Mariano Cano c5c7c30cc2 Fix typo in ProvisionerInfo 2 years ago
Mariano Cano 64744562c6 Send RA provisioner to linkedca. 2 years ago
Mariano Cano 6b5d3dca95 Add provisioner name to RA info 2 years ago
Mariano Cano 9648fe6b4c Remove debug statement 2 years ago
Mariano Cano 7a1e6a0e1f Fix and extend stepcas unit tests 2 years ago
Mariano Cano 9408d0f24b Send RA provisioner information to the CA 2 years ago
Raal Goff 60671b07d7 Merge branch 'master' into crl-support 
# Conflicts:
#	api/api.go
#	authority/config/config.go
#	cas/softcas/softcas.go
#	db/db.go
 2 years ago
Mariano Cano f140874e42
Merge pull request #958 from smallstep/rsa-signature-algorithm 
Sign certificates with the issuer signature algorithm
 2 years ago
Mariano Cano 31af1efa48 Sign certificates with the issuer signature algorithm 
An RSA key can sign another certificates using the RSA PKCS#1
and the RSA-PSS scheme, this change will keep the signature
algorithm used in the issuer in the signed certificates instead
of using PKCS#1 by default.
 2 years ago
Mariano Cano 34f926804d
Merge pull request #954 from shuLhan/shulhan-gofmt 
all: reformat all go files with the next gofmt (Go 1.19)
 2 years ago
Shulhan ee53530d1f
cas/cloudcas: update test on createPublicKey for the next Go release 
The next Go release call panic on elliptic.Marshal [1][2], which
affect the test case fail_ec_marshal on createPublicKey.

This changes fix this by initializing the P and B in test case
PublicKey CurveParams to prevent panic.

[1] https://github.com/golang/go/issues/50975
[2] a218b3520a
 2 years ago
Shulhan fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19) 
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
 2 years ago
Erik DeLamarter 07984a968f
better error messages 
Co-authored-by: Mariano Cano <mariano.cano@gmail.com>
 2 years ago
Erik De Lamarter 9ec154aab0
rewrite and improve secret-id config 2 years ago
Erik De Lamarter 6989c7f146
vault auth unit tests 2 years ago
Erik De Lamarter 6c44291d8d
refactor vault auth 2 years ago
Erik De Lamarter dec1067add
vault kubernetes auth 2 years ago