TrueCloudLab/certificates
16
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions
1078 commits 34 branches 199 tags 42 MiB
Commit graph

24 commits

Author SHA1 Message Date
Oleksandr Kovalchuk
0218018cee
Generate Subject if forceCN and Subject is empty 
When `forceCN` is set in provisioner configuration and
Subject.CommonName is empty, set Subject.CommonName to the first SAN
from the CSR to follow the letsencrypt's boulder behavior. This is done
in order to support system which require certificate's Subject field to
be non-empty.

N.B. certbot does not send Subject in its certificate request and relies
on similar behavior of letsencrypt.

Closes https://github.com/smallstep/certificates/issues/259
 2020-05-14 13:23:42 +03:00
max furman
4cb777bdc1 ACME accountUpdate ignore fields not recognized by the server. 2020-05-08 11:52:30 -07:00
Ivan Bertona
cb46a8b741 Small test fixes. 2020-02-11 09:57:28 -05:00
Ivan Bertona
10bc548c6e Remove leftover file. 2020-02-10 14:58:16 -05:00
Ivan Bertona
200cfd2433 Add test for missing TLS certificates in response. 2020-02-10 14:50:13 -05:00
Ivan Bertona
157686e338 Tiny finishes. 2020-02-07 19:57:29 -05:00
Ivan Bertona
6843408d42 Reject obsolete id-pe-acmeIdentifier. 2020-02-07 19:26:18 -05:00
Ivan Bertona
6b5a2b17b5 Add challenge unmarshal test cases. 2020-02-07 15:25:27 -05:00
Ivan Bertona
b8208ec401 Add test case for failed came-tls/1 protocol negotiation. 2020-02-07 15:14:08 -05:00
Ivan Bertona
4b473732d9 Add support for TLS-ALPN-01 challenge. 2020-02-07 14:37:13 -05:00
max furman
c255274572 Should be returning status code 400 for ACME Account Not Found. 
Issue #173
 2020-02-01 17:35:41 -08:00
Mariano Cano
0a890a5c16 Add the commonName as a DNSName to match RFC. 
Normalize names and remove the use of reflection.
 2020-01-28 15:34:01 -08:00
max furman
432ed0090f Use _'s in table names. 2020-01-28 13:29:40 -08:00
max furman
967e86a48b Simplify trimming *. prefix of domain in acme dns validation. 2019-12-20 13:32:44 -08:00
Oleksandr Kovalchuk
ec8ff0bced
Add testcase which ensures we pass correct domain to lookupTxt 
Make sure we do not pass domains with asterisk (wildcard) in the middle,
like _acme-challenge.*.example.com to lookupTxt function, but preprocess
domain and remove leading wildcard so we lookup for
_acme-challenge.example.com.
 2019-12-20 22:54:41 +02:00
Oleksandr Kovalchuk
46832bb9b3
Remove superflurous Printf statement 
The statement was used for debug purposes and should not be included in
the final build
 2019-12-20 22:22:12 +02:00
Oleksandr Kovalchuk
a995cca418
Perform domain normalization for wildcard domains 
Perform domain normalization for wildcard domains, so we do query
TXT records for _acme-challenge.example.domain instead of
_acme-challenge.*.example.domain when performing DNS-01 challenge. In
this way the behavior is consistent with letsencrypt and records queried
are in sync with the ones that are shown in certbot manual mode.
 2019-12-20 19:17:53 +02:00
Max
0a96062b76
Merge pull request #128 from jkralik/returnCertChain 
Change api of functions Authority.Sign, Authority.Renew
 2019-10-18 14:00:18 -07:00
max furman
d368791606 Add x5c provisioner capabilities 2019-10-14 14:51:37 -07:00
max furman
7aec7c2612 Create ACME database tables when initializing ACME autority. 2019-10-14 14:51:03 -07:00
Jozef Kralik
bc6074f596 Change api of functions Authority.Sign, Authority.Renew 
Returns certificate chain instead of 2 members.

Implements #126
 2019-10-09 22:23:00 +02:00
max furman
e92dfb2516 Fix authz shadow declarations 2019-09-30 11:49:15 -07:00
max furman
fe7973c060 wip 2019-09-19 13:17:45 -07:00
max furman
e3826dd1c3 Add ACME CA capabilities 2019-09-13 15:48:33 -07:00