Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,670 Commits
41 Branches
214 Tags
91 MiB
master
mariano/signer
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4cb74e7d8b'
${ noResults }
Commit Graph

2670 Commits (4cb74e7d8ba5a70b2b5c6c00f3907ad0899524fe)
 

Author SHA1 Message Date
Ahmet DEMIR a9550a746f
fix: add back commented tests 2 years ago
Ahmet DEMIR ab5197500c
fix: a certificat must excldue the root and you should use verified chained intermediate 2 years ago
Chris Crook 11637b5793 Add descriptive provisioner JWK decryption error messages 
Wrap other errors in decryption process with more helpful messaging.  This should help users troubleshoot misconfiguration more easily.

Fixes #816
 2 years ago
max furman 039d2455d9 changelog update 2 years ago
max furman 5f4ac5beff Fix broken test due to linter fix 2 years ago
max furman 62690ab52e Fix linting errors and pin linter version in release action 2 years ago
Mariano Cano d384b534c7
Merge pull request #814 from smallstep/x509-enforcer 
Authority enforcer option
 2 years ago
Herman Slatman bfa2245abb
Merge branch 'master' into herman/normalize-ipv6-dns-names 2 years ago
Herman Slatman e887ccaa07
Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert 
If an IPv6 domain name (i.e. [::1]) is provided manually in the `ca.json`,
this commit will ensure that it's represented as an IP SAN in the TLS
certificate. Before this change, the IPv6 would become a DNS SAN.
 2 years ago
Herman Slatman 1fe7362bee
Normalize IPv6 addresses in ACME linker 2 years ago
Mariano Cano 300c19f8b9 Add a custom enforcer that can be used to modify a cert. 2 years ago
J. Hunter Hawke 808f039b09
Added some example ansible configs (#813) 2 years ago
Herman Slatman 4a0cfd24e5
Merge pull request #797 from smallstep/herman/scep-macos-renewal-fixes 
Fix macOS SCEP client issues
 2 years ago
Herman Slatman c7c5c3c94e
Merge branch 'master' into herman/scep-macos-renewal-fixes 2 years ago
Herman Slatman c57dfeec2d
Merge pull request #650 from hslatman/hs/acme-eab 
ACME External Account Binding
 2 years ago
Herman Slatman bf21319e76
Fix PR comments and issue with empty string slices 2 years ago
Mariano Cano 09a9b3e1c8 Upgrade go.step.sm/crypto 2 years ago
Herman Slatman 5f42ae0bce
Remove unused function LoadProvisionerByID from SCEP 2 years ago
Ahmet DEMIR 782ff76963
fix: apply suggestion to use cr only 2 years ago
Ahmet DEMIR b49ac2501b
feat: enhance options and fix revoke plus more tests 2 years ago
Ahmet DEMIR 8ef3abf6d9
fix: minus d on Ed 2 years ago
Herman Slatman fd9845e9c7
Add cursor and limit to ACME EAB DB interface 2 years ago
Herman Slatman ad041d6bb7
Fix deprecation of grpc.WithInsecure option 
With the update of go.step.sm/linkedca grpc.WithInsecure was
deprecated. This commit fixes this by setting up the (insecure)
connection using the new method.
 2 years ago
Herman Slatman 3b72d241e0
Add LinkedCA integration for improved SCEP provisioner 2 years ago
Herman Slatman c3f2fd8ef0
Add RW locks to prevent concurrent updates to the DB 
Although this may slow certain API calls down and may not be, strictly
necessary, I think it's best to put all the ACME EAB operations behind
RW locks to prevent concurrent updates to the DB and guarantee
consistent result sets.
 2 years ago
Herman Slatman 868cc4ad7f
Increase test coverage for additional indexes 2 years ago
Herman Slatman 8838961b68
Merge branch 'master' into hs/acme-eab 2 years ago
Herman Slatman c0eb420806
Remove special case for empty slices 2 years ago
Ahmet DEMIR d957a57e24
fix: apply mariano suggestions and fixes 
* use json.RawMessage to remote mapstructure in options
* use vault secretid structure to support multiple source aka string, file and env
* remove log prefix
* return raw cert on error on newline for cert and csr
* clean sans, commonName in createCertificate (bad copy/paste from StepCAS)
* verify authority fingerprint
* convert serial on revoke to bigint, bytes and vault dashed representation
 2 years ago
Herman Slatman 716b946e7a
Normalize IPv6 hostname addresses 2 years ago
Herman Slatman 64680bb16d
Fix PR comments 2 years ago
Carl Tashian 262375577a
Merge pull request #794 from smallstep/create-db-folder 
Create the db directory on step ca init
 2 years ago
Herman Slatman 3612eefc31
Cleanup 2 years ago
Ahmet DEMIR 16390694e1
feat(vault): adding hashicorp vault cas 2 years ago
Herman Slatman 9c6580ccd2
Fix macOS SCEP client issues 
Fixes #746
 2 years ago
Ahmet DEMIR 26d7b70957
feat(cas): add generic Config parameter to allow more flexible configuration on CAS 2 years ago
Ahmet DEMIR 68b980d689
feat(authority): avoid hardcoded cn in authority csr 2 years ago
Herman Slatman 988efc8cd4
Merge pull request #792 from smallstep/herman/improve-template-errors 
Improve errors related to template execution failures
 2 years ago
Carl Tashian 9848caf49f Create the db directory on step ca init 2 years ago
Herman Slatman 50c3bce98d
Change if/if to if/else-if when checking the type of JSON error 2 years ago
max furman 4afcdd55ff Update doc line on WithSSHGetHosts 2 years ago
Herman Slatman a3cf6bac36
Add special handling for *json.UnmarshalTypeError 2 years ago
Herman Slatman 0475a4d26f
Refactor extraction of JSON template syntax errors 2 years ago
Mariano Cano 57f9e54151
Merge pull request #785 from smallstep/nebulous 
Add initial implementation of a nebula provisioner
 2 years ago
Herman Slatman a5455d3572
Improve errors related to template execution failures (slightly) 2 years ago
Mariano Cano de549adf2d Do not add extra new lines when creating nebula provisioners 2 years ago
Mariano Cano 0920224816 Fix error message. 2 years ago
Herman Slatman ef16febf40
Refactor ACME EAB queries 
The ACME EAB keys are now also indexed by the provisioner. This
solves part of the issue in which too many EAB keys may be in
memory at a given time.
 2 years ago
Mariano Cano 01a76445ea Upgrade go.step.sm/crypto 2 years ago
Mariano Cano 98044cf08d Use a tagged version of linkedca 2 years ago