github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-28 02:18:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,310 Commits 1 Branch 0 Tags
master
Commit Graph

62 Commits

Author SHA1 Message Date
Herman Slatman
f4736325fa Use github.com/smallstep/linkedca @ v0.23.0 2025-01-03 18:24:19 +01:00
Panagiotis Siatras
dd1ff9c15b Implementation of the Prometheus endpoint (#1669) 
Implementation of the http://{metricsAddress}/metrics Prometheus endpoint.
 2024-01-25 23:47:27 -08:00
Mariano Cano
30ce9e65f7 Write configuration only if encoding succeeds 
This commit fixes a problem when the ca.json is truncated if the
encoding of the configuration fails. This can happen by adding a new
provisioner with bad template data.

Related to smallstep/cli#994
 2023-08-03 17:54:49 -07:00
Mariano Cano
cce7d9e839 Address comments from code review 2023-07-27 15:05:04 -07:00
Mariano Cano
c7c7decd5e Add support for the disableSmallstepExtensions claim 
This commit adds a new claim to exclude the Smallstep provisioner
extension from the generated certificates.

Fixes #620
 2023-07-27 15:05:01 -07:00
max furman
8b256f0351 address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Mariano Cano
002a058807 Use idpURL in json 2022-11-30 11:07:07 -08:00
Mariano Cano
be4cd17b40 Add omit empty to IDPurl 2022-11-29 12:23:02 -08:00
foleyjohnm
d6f9b3336d Update config.go 2022-11-11 11:52:29 -05:00
foleyjohnm
c79d4e9316 adding CRLIDP config 2022-11-11 11:50:20 -05:00
Mariano Cano
59775fff0c Merge branch 'master' into crl-support 2022-10-27 10:13:19 -07:00
Mariano Cano
8200d19894 Improve CRL implementation 
This commit adds some changes to PR #731, some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL

This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
 2022-10-26 18:55:24 -07:00
Herman Slatman
54c560f620 Improve configuration file initialization log output 2022-10-24 15:22:37 +02:00
Herman Slatman
674206320c Write updated CA configuration after migrating provisioners 2022-10-11 14:12:06 +02:00
Raal Goff
f7df865687 refactor crl config, add some tests 2022-10-07 10:30:00 +08:00
Raal Goff
d0e81af524 Merge branch 'master' into crl-support 2022-09-30 08:45:48 +08:00
Mariano Cano
567d96c771 Revert "Run on plaintext HTTP to support Cloud Run" 
This reverts commit 09b9673a60.
 2022-09-20 18:57:46 -07:00
Brandon Weeks
f3d2bd7a19 Run on plaintext HTTP to support Cloud Run 2022-09-20 16:43:30 -07:00
max furman
ab0d2503ae Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
4e19aa4c52 Add cache duration if crl is set 2022-09-14 12:21:52 -07:00
Mariano Cano
0829f37fe8 Define a default crl cache duration 2022-09-14 11:43:58 -07:00
Raal Goff
d2483f3a70 Merge branch 'master' into crl-support 
# Conflicts:
#	authority/config/config.go
 2022-09-08 09:45:04 +08:00
Mariano Cano
23b8f45b37 Address gosec warnings 
Most if not all false positives
 2022-08-18 17:46:20 -07:00
Mariano Cano
5e0be92273 Allow option to skip the validation of config 2022-08-16 14:04:04 -07:00
Mariano Cano
b62f4d1000 Add lgtm comments on some security warnings 2022-08-11 17:32:57 -07:00
Mariano Cano
a5439c43cd Remove ciphersuites without Lucky13 countermeasures 
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
 2022-08-11 17:11:04 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms 
Fixes #975
 2022-08-08 17:58:18 -07:00
max furman
99c9155467 disableSSHHostsListAPI -> disableGetSSHHosts 2022-08-04 18:44:44 -07:00
max furman
fb7f57a8df Add attribute to disable SSH Hosts list API 2022-07-27 23:30:00 -07:00
Raal Goff
60671b07d7 Merge branch 'master' into crl-support 
# Conflicts:
#	api/api.go
#	authority/config/config.go
#	cas/softcas/softcas.go
#	db/db.go
 2022-07-13 08:52:58 +08:00
Herman Slatman
ad2de16299 Merge branch 'master' into herman/allow-deny 2022-04-19 10:26:31 +02:00
Mariano Cano
fe9c3cf753 Merge branch 'master' into ahmet2mir-feat/vault 2022-04-18 15:35:26 -07:00
Herman Slatman
abcad679ff Merge branch 'master' into herman/allow-deny 2022-04-18 21:54:55 +02:00
Herman Slatman
d6be9450be Merge branch 'master' into herman/allow-deny 2022-04-15 11:57:05 +02:00
Mariano Cano
d3b6bc3c75 Merge branch 'master' into fix/adminra 2022-04-13 17:44:23 -07:00
Mariano Cano
674dc3c844 Rename unreleased claim to allowRenewalAfterExpiry for consistency. 2022-04-13 15:11:54 -07:00
Mariano Cano
37b521ec6c Merge branch 'master' into feat/vault 2022-04-11 14:57:45 -07:00
Mariano Cano
c55b27a2fc Refactor admin token to use with RAs. 2022-04-07 18:14:43 -07:00
Raal Goff
d417ce3232 implement changes from review 2022-04-06 08:23:53 +08:00
Herman Slatman
571b21abbc Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Herman Slatman
dc23fd23bf Merge branch 'master' into herman/allow-deny-next 2022-03-24 12:36:12 +01:00
Mariano Cano
c903f00cd4 Rename claim to allowRenewAfterExpiry. 2022-03-14 15:40:01 -07:00
Mariano Cano
616490a9c6 Refactor renew after expiry token authorization 
This changes adds a new authority method that authorizes the
renew after expiry tokens.
 2022-03-10 20:21:01 -08:00
Mariano Cano
fd6a2eeb9c Add provisioner controller 
The provisioner controller has the implementation of the identity
function as well as the renew methods with renew after expiry
support.
 2022-03-09 18:39:09 -08:00
Herman Slatman
7c541888ad Refactor configuration of allow/deny on authority level 2022-03-08 13:26:07 +01:00
Mariano Cano
c0525381eb Merge branch 'master' into feat/vault 2022-02-16 18:19:23 -08:00
Herman Slatman
716b946e7a Normalize IPv6 hostname addresses 2022-01-19 17:14:45 +01:00
Ahmet DEMIR
68b980d689 feat(authority): avoid hardcoded cn in authority csr 2022-01-13 20:30:54 +01:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
da2802504b Use Default min version if not specified. 2021-08-11 15:33:45 -07:00