github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 18:18:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,155 Commits 1 Branch 0 Tags
bbb80cde166eea205853835264bdcb3fe9a4e1df
Commit Graph

29 Commits

Author SHA1 Message Date
max furman
8b256f0351 address linter warning for go 1.19 2023-05-09 23:47:28 -07:00
Mariano Cano
72e2c4eb2e Render proper policy and constrains errors 2022-09-21 18:35:18 -07:00
max furman
75bb196193 Add concurrency workflow config | fix broken test due to golang ver 2022-09-21 12:26:45 -07:00
max furman
ab0d2503ae Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Herman Slatman
cc26a0b394 Explicitly disable wildcard Common Name constraint 2022-05-06 13:58:48 +02:00
Herman Slatman
d82e51b748 Update AllowWildcardNames configuration name 2022-04-29 15:08:19 +02:00
Herman Slatman
2b7f6931f3 Change Subject Common Name verification 
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
 2022-04-28 14:49:23 +02:00
Herman Slatman
6e1f8dd7ab Refactor policy engines into container 2022-04-26 13:12:16 +02:00
Herman Slatman
76112c2da1 Improve error creation and testing for core policy engine 2022-04-26 01:47:07 +02:00
Herman Slatman
a2cfbe3d54 Fix (part of) PR comments 2022-04-21 12:14:03 +02:00
Herman Slatman
82e0033428 Remove Adder options 2022-04-18 21:47:39 +02:00
Herman Slatman
679e2945f2 Disallow name constraint wildcard notation 2022-04-04 15:35:49 +02:00
Herman Slatman
96f4c49b0c Improve how policy errors are returned and used 2022-04-04 13:58:16 +02:00
Herman Slatman
d8776d8f7f Add K8sSA SSH user policy back 
According to the docs, the K8sSA provisioner can be configured
to issue SSH user certs.
 2022-04-01 15:37:48 +02:00
Herman Slatman
5f0dc42b1e Fix tests on Go 1.18 due to IDNA deviations 
In Go 1.18 the behavior for looking up domains with non-ASCII
characters was changed to be in accordance with UTS#46
(https://unicode.org/reports/tr46/). There's a slight difference
in how IDNA2003 and IDNA2008 process these. Go 1.18 handles
the deviations in accordance with IDNA2008 now.
 2022-03-31 17:16:11 +02:00
Herman Slatman
571b21abbc Fix (most) PR comments 2022-03-31 16:12:29 +02:00
Herman Slatman
613c99f00f Fix linting issues 2022-03-24 13:10:49 +01:00
Herman Slatman
6b620c8e9c Improve protobuf unmarshaling error handling 2022-03-24 10:54:45 +01:00
Herman Slatman
101ca6a2d3 Check admin subjects before changing policy 2022-03-21 15:53:59 +01:00
Herman Slatman
88c7b63c9d Split SSH user and cert policy configuration and execution 2022-02-01 15:18:39 +01:00
Herman Slatman
a7eb27d309 Fix URI domains IDNA support 2022-01-31 15:34:02 +01:00
Herman Slatman
9617edf0c2 Improve internationalized domain name handling 
This PR improves internationalized domain name handling according
to rules of IDNA and based on the description in RFC 5280, section 7:
https://datatracker.ietf.org/doc/html/rfc5280#section-7.

Support for internationalized URI(s), so-called IRIs, still needs to
be done.
 2022-01-27 17:18:33 +01:00
Herman Slatman
066bf32086 Fix part of PR comments 2022-01-25 15:00:07 +01:00
Herman Slatman
ff08b5055e Fix linting issues 2022-01-18 14:42:56 +01:00
Herman Slatman
6440870a80 Clean up, improve test cases and coverage 2022-01-18 14:39:21 +01:00
Herman Slatman
1e808b61e5 Merge logic for X509 and SSH policy 2022-01-17 23:36:13 +01:00
Herman Slatman
6bc301339f Improve test case and code coverage 2022-01-17 22:55:28 +01:00
Herman Slatman
6bc0513468 Add more tests 2022-01-04 15:41:40 +01:00
Herman Slatman
9539729bd9 Add initial implementation of x509 and SSH allow/deny policy engine 2022-01-03 12:25:24 +01:00