Roman Vynar
9cdf9f55da
Fix cipher preferred order
2017-01-24 09:29:57 +02:00
Jeff Mitchell
dc7e1cc98c
Remove comments destined to be outdated
2017-01-23 13:49:15 -05:00
Roman Vynar
51bb8bc544
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
joe miller
90e32515ea
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
Chris Hoffman
43bae79d01
Adding support for exportable transit keys ( #2133 )
2017-01-23 11:04:43 -05:00
vishalnayak
a247b959ea
Don't sanitize disallowed_policies on token role
2017-01-17 21:34:14 -05:00
Félix Cantournet
0d6d4211b8
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
Brian Nuszkowski
fed61f6c12
Add Duo pushinfo capabilities ( #2118 )
2016-12-19 15:37:44 -05:00
Vishal Nayak
b4011f7129
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
Jeff Mitchell
24d2f39a7f
Don't say mlock is supported on OSX when it isn't. ( #2120 )
...
Fixes #2119
2016-11-22 12:56:36 -05:00
Jeff Mitchell
7579c50ac9
Bump proto files after update
2016-11-17 10:06:26 -05:00
vishalnayak
484f8993c5
Remove the methods introduced to make the tests work from its older package
2016-10-26 20:03:51 -04:00
vishalnayak
2ac019a9c5
Move policy test to keysutil package
2016-10-26 19:57:28 -04:00
vishalnayak
b30d5f5c57
Pulled out transit's lock manager and policy structs into a helper
2016-10-26 19:52:31 -04:00
vishalnayak
05dace618d
Added a few checks to the CIDR Subset checking util
2016-09-28 14:04:02 -04:00
Chris Hoffman
10c8024fa3
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
Vishal Nayak
92cb781be9
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell
721d103f68
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
vishalnayak
9dd1a3ce95
Fix zeroAddr check
2016-09-23 12:50:26 -04:00
vishalnayak
7b8683585b
Address review feedback
2016-09-22 18:07:35 -04:00
vishalnayak
47771e7da3
Use net.IPv4zero to check for zero address
2016-09-21 20:29:33 -04:00
vishalnayak
8ce3fa75ba
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
vishalnayak
c93bded97b
Added cidrutil helper
2016-09-21 13:58:32 -04:00
Jeff Mitchell
8482118ac6
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
Jeff Mitchell
6f6d1f7237
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
Jeff Mitchell
5c27f11c05
Update logging formatting
2016-09-01 16:14:21 -04:00
vishalnayak
7c743ecd0a
Address review feedback
2016-08-30 16:36:58 -04:00
Jeff Mitchell
9f0226eaa3
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
Jeff Mitchell
68345eb770
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
357ecb4dfe
gofmt
2016-08-19 16:48:32 -04:00
Jeff Mitchell
edd6379466
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
Jeff Mitchell
86ac08ba8b
Protobuf for forwarding ( #1743 )
2016-08-17 16:15:15 -04:00
Jeff Mitchell
09491388f4
Don't serialize the full connection state, instead just the peer certificates, and parse them on the other side
2016-08-17 10:29:53 -04:00
Jeff Mitchell
645540012f
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
James Nugent
2e7a3aae7d
build: Add support for building on Illumos
...
This commit adds support for building for Illumos-derived operating
systems. Regrettably, the cyrpto/ssh/terminal package does not include
implementations of the functions IsTerminal, MakeRaw or Restore for the
solaris OS. Consequently this commit implements them in Vault.
makeRaw(fd int) is based on the Illumos implementation of the getpass
function [1] for the correct flags. isTerminal(fd int) is based on the
Illumos libc implementation [2] of isatty.
[1] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
[2] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
2016-08-13 00:20:15 -04:00
Jeff Mitchell
3eba24de39
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00
vishalnayak
f39495f0c2
Address review feedback
2016-08-09 11:13:48 -04:00
vishalnayak
f07e71beee
Address review feedback from @jefferai
2016-08-09 10:47:55 -04:00
vishalnayak
b786b25785
Refactoring and test fixes
2016-08-09 03:43:03 -04:00
vishalnayak
d9dd2941e3
Added compressutil tests
2016-08-09 02:26:38 -04:00
vishalnayak
700ad7f875
Tests for (de)compression in jsonutil
2016-08-09 00:50:19 -04:00
vishalnayak
0a9f229c2d
Make generic utility for compression and decompression
2016-08-09 00:50:19 -04:00
vishalnayak
ab875c4d92
Pull out compression code into compressutil
2016-08-09 00:50:19 -04:00
vishalnayak
4ba0f1e7f7
Added utilities to compress the data
2016-08-09 00:50:19 -04:00
Jeff Mitchell
347cd93b2a
Fix bugs and add test case for arbitrary string slice
2016-08-03 14:57:36 -04:00
Jeff Mitchell
7d1f0facb8
Add arbitrary string slice parsing.
...
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.
Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
Jeff Mitchell
3329d38959
Cleanup
2016-08-03 13:09:12 -04:00
vishalnayak
ddb6ae18a0
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
vishalnayak
59930fda8f
AppRole authentication backend
2016-07-26 09:32:41 -04:00
Jeff Mitchell
2767858507
Remove manual selection of nextprotos from tls config coming from certutil; it's really not up to us to dictate third party requirements
2016-07-22 11:12:46 -04:00
