Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,029 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f3d1863ec6'
${ noResults }
Commit Graph

129 Commits (f3d1863ec6d835955eca079519c4839ecfcfe0ee)

Author SHA1 Message Date
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano 34c6c65671 Pass attestation information to the Sign method 
Attestation information might be useful in authorizing webhooks
 2 years ago
Mariano Cano 8bd0174251 Rename field to IsCAServerCert 2 years ago
Mariano Cano 5df1694250 Add endpoint id for the RA certificate 
In a linked RA mode, send an endpoint id to group the server
certificates.
 2 years ago
Mariano Cano eb091aec54 Simplify field names for ProvisionerInfo 2 years ago
Mariano Cano 6b5d3dca95 Add provisioner name to RA info 2 years ago
Mariano Cano f9df8ac05f Remove unused interface 2 years ago
Mariano Cano 9408d0f24b Send RA provisioner information to the CA 2 years ago
Mariano Cano ce9a23a0f7 Fix SSH certificate revocation 2 years ago
Mariano Cano c8d7ad7ab9 Fix store certificates methods with new interface 2 years ago
Herman Slatman 6e1f8dd7ab
Refactor policy engines into container 2 years ago
Herman Slatman 76112c2da1
Improve error creation and testing for core policy engine 2 years ago
Herman Slatman 3fa96ebf13
Improve policy errors returned to client 2 years ago
Herman Slatman ad2de16299
Merge branch 'master' into herman/allow-deny 2 years ago
Mariano Cano fe9c3cf753
Merge branch 'master' into ahmet2mir-feat/vault 2 years ago
Herman Slatman abcad679ff
Merge branch 'master' into herman/allow-deny 2 years ago
Mariano Cano ea5f7f2acc
Fix SANs for step-ca certificate 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2 years ago
Mariano Cano 37b521ec6c
Merge branch 'master' into feat/vault 2 years ago
Herman Slatman 9797b3350e
Merge branch 'master' into herman/allow-deny 2 years ago
Mariano Cano db337debcd Load provisioner from the database instead of the extension. 2 years ago
Herman Slatman 571b21abbc
Fix (most) PR comments 2 years ago
Herman Slatman b49307f326
Fix ACME order tests with mock ACME CA 2 years ago
Herman Slatman 9e0edc7b50
Add early authority policy evaluation to ACME order API 2 years ago
Herman Slatman 613c99f00f
Fix linting issues 2 years ago
Mariano Cano 9d027c17d0 Send current provisioner on PostCertificate 2 years ago
Herman Slatman 101ca6a2d3
Check admin subjects before changing policy 2 years ago
Herman Slatman 81b0c6c37c
Add API implementation for authority and provisioner policy 2 years ago
Herman Slatman 7c541888ad
Refactor configuration of allow/deny on authority level 2 years ago
Mariano Cano c0525381eb Merge branch 'master' into feat/vault 2 years ago
Herman Slatman 5cb23c6029
Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names 
Normalize IPv6 hostname addresses
 2 years ago
Herman Slatman e887ccaa07
Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert 
If an IPv6 domain name (i.e. [::1]) is provided manually in the `ca.json`,
this commit will ensure that it's represented as an IP SAN in the TLS
certificate. Before this change, the IPv6 would become a DNS SAN.
 2 years ago
Mariano Cano 300c19f8b9 Add a custom enforcer that can be used to modify a cert. 2 years ago
Ahmet DEMIR 68b980d689
feat(authority): avoid hardcoded cn in authority csr 2 years ago
Herman Slatman 50c3bce98d
Change if/if to if/else-if when checking the type of JSON error 2 years ago
Herman Slatman a3cf6bac36
Add special handling for *json.UnmarshalTypeError 2 years ago
Herman Slatman 0475a4d26f
Refactor extraction of JSON template syntax errors 2 years ago
Herman Slatman a5455d3572
Improve errors related to template execution failures (slightly) 2 years ago
Herman Slatman 3bc3957b06
Merge branch 'master' into hs/acme-revocation 3 years ago
Herman Slatman 47a8a3c463
Add test case for ACME Revoke to Authority 3 years ago
Herman Slatman c9cd876a7d
Merge branch 'master' into hs/acme-revocation 3 years ago
Mariano Cano ff04873a2a Change the default error type to forbidden in Sign. 
The errors will also be propagated from sign options.
 3 years ago
Mariano Cano 668d3ea6c7 Modify errs.Wrap() with bad request to send messages to users. 3 years ago
Mariano Cano 8ce807a6cb Modify errs.BadRequest() calls to always send an error to the client. 3 years ago
Herman Slatman 3151255a25
Merge branch 'master' into hs/acme-revocation 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano 42fde8ba28
Merge branch 'master' into linkedca 3 years ago
Mariano Cano 9e5762fe06 Allow the reuse of azure token if DisableTrustOnFirstUse is true 
Azure caches tokens for 24h and we cannot issue a new certificate
for the same instance in that period of time.

The meaning of this parameter is to allow the signing of multiple
certificate in one instance. This is possible in GCP, because we
get a new token, and is possible in AWS because we can generate
a new one. On Azure there was no other way to do it unless you
wait for 24h.

Fixes #656
 3 years ago
Mariano Cano d72fa953ac Remove debug statements. 3 years ago
Mariano Cano 3f07eb597a Implement revocation using linkedca. 3 years ago
Mariano Cano 0730a165fd Add collection of files and authority template. 3 years ago