Raal Goff
40baf73dff
remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,
2022-09-15 15:03:42 +08:00
Mariano Cano
4e19aa4c52
Add cache duration if crl is set
2022-09-14 12:21:52 -07:00
Mariano Cano
221e756f40
Use render.Error on crl endpoint
2022-09-14 11:50:11 -07:00
Mariano Cano
0829f37fe8
Define a default crl cache duration
2022-09-14 11:43:58 -07:00
Mariano Cano
4a4f7ca9ba
Fix panic if cacheDuration is not set
2022-09-14 11:16:47 -07:00
Raal Goff
924082bb49
fix linter errors
2022-09-08 10:09:37 +08:00
Raal Goff
d2483f3a70
Merge branch 'master' into crl-support
...
# Conflicts:
# authority/config/config.go
2022-09-08 09:45:04 +08:00
Mariano Cano
55318efe13
Merge pull request #1043 from unreality/oidc-missing-email
...
Allow missing Email claim in OIDC tokens
2022-09-07 18:29:52 -07:00
Mariano Cano
1b68a9f961
Merge pull request #1045 from smallstep/deprecation-notice
...
Add deprecation notices to step-x-init binaries
2022-09-07 13:20:02 -07:00
Mariano Cano
bc61b23d91
Add deprecation notices to step-x-init binaries
...
Fixes #1044
2022-09-06 17:39:43 -07:00
Raal Goff
b89f210469
remove fail-email test and add ok-empty-email test
2022-09-07 07:45:27 +08:00
Raal Goff
7a03c43fe2
allow missing Email claim in OIDC tokens, use subject when its missing
2022-09-05 12:43:32 +08:00
Mariano Cano
d718c69ad3
Prepare changelog for release
2022-08-30 21:10:18 -07:00
Mariano Cano
b8162d5954
Merge pull request #1034 from smallstep/fix-1033
...
Fixes signature algorithm
2022-08-30 21:03:22 -07:00
Mariano Cano
a7fcfe0e4e
Verify with roots and intermediates
2022-08-30 17:11:44 -07:00
Mariano Cano
30c54a555d
Add entry in changelog
2022-08-30 16:57:31 -07:00
Mariano Cano
ea8579f3df
Fix bad signature algorithm on EC+RSA PKI
...
When the root certificate has an EC key and he intermediate has an
RSA key, the signature algorithm of the leafs should be the default
one, SHA256WithRSA, instead of the one that the intermediate has.
Fixes #1033
2022-08-30 16:49:56 -07:00
Mariano Cano
a893d6e7f7
Upgrade go.step.sm/cli-utils
...
Fixes issue with step path
2022-08-25 15:37:35 -07:00
Mariano Cano
432477aa91
Merge pull request #1030 from smallstep/herman/fix-template-validation
...
Add provisioner template validation
2022-08-25 14:51:39 -07:00
Mariano Cano
1938b1bb34
Merge branch 'master' into herman/fix-template-validation
2022-08-25 13:31:33 -07:00
Mariano Cano
1d1e024b84
Upgrade to go.step.sm/crypto v0.18.0
2022-08-25 12:40:31 -07:00
Herman Slatman
6b7b989988
Add provisioner template validation
...
Fixes #1012
2022-08-23 16:27:49 +02:00
Mariano Cano
dd6f59b538
Merge pull request #1024 from smallstep/gosec
...
Address gosec warnings
2022-08-22 14:19:50 -07:00
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2022-08-18 17:46:20 -07:00
Mariano Cano
713dfad884
Merge pull request #1019 from smallstep/head-middleware
...
Add a middleware to automatically route HEAD requests to GET
2022-08-16 16:21:19 -07:00
Max
8f88740a5a
Merge pull request #1014 from smallstep/max/dns-id
...
Check for DNS name validity
2022-08-16 16:20:12 -07:00
Mariano Cano
6cab4d328e
Add a middleware to automatically route HEAD requests to GET
...
Fixes #992
2022-08-16 16:10:29 -07:00
max furman
c040e4b459
Add unit tests
2022-08-16 15:48:23 -07:00
Mariano Cano
85fc837dc3
Merge pull request #1018 from smallstep/ra-config
...
Ra config
2022-08-16 15:24:01 -07:00
Mariano Cano
3c88a9ccc2
Fixed changelog
2022-08-16 15:11:49 -07:00
Mariano Cano
8e08f0dea3
Add entries to changelog
2022-08-16 14:48:03 -07:00
Mariano Cano
0c7467ceb2
Allow to automatically configure and linked RA
2022-08-16 14:39:02 -07:00
Mariano Cano
5e0be92273
Allow option to skip the validation of config
2022-08-16 14:04:04 -07:00
max furman
b7c2f6c482
Check for DNS name validity
2022-08-16 00:12:31 -07:00
Mariano Cano
ae76d943c9
Merge pull request #1009 from smallstep/code-ql
...
Code QL
2022-08-11 18:53:30 -07:00
Mariano Cano
2db15e4eb5
Remove unnecessary log entries
...
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
2022-08-11 18:14:36 -07:00
Mariano Cano
759aa26a57
Fix linter warning
2022-08-11 17:47:58 -07:00
Mariano Cano
90d2785776
Sanitize log entries in logging package
2022-08-11 17:44:31 -07:00
Mariano Cano
b62f4d1000
Add lgtm comments on some security warnings
2022-08-11 17:32:57 -07:00
Mariano Cano
a5439c43cd
Remove ciphersuites without Lucky13 countermeasures
...
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html .
2022-08-11 17:11:04 -07:00
Mariano Cano
d6baad443b
Merge pull request #1008 from smallstep/endpoint-id
...
Endpoint ID
2022-08-11 15:18:47 -07:00
Mariano Cano
8bd0174251
Rename field to IsCAServerCert
2022-08-11 15:14:26 -07:00
Mariano Cano
5df1694250
Add endpoint id for the RA certificate
...
In a linked RA mode, send an endpoint id to group the server
certificates.
2022-08-11 14:47:11 -07:00
Max
20784c7a00
Merge pull request #1006 from smallstep/max/revoke-serial-validation
...
Validate revocation serial number
2022-08-11 09:45:26 -07:00
max furman
1dd0d7d0ee
Update bad serial error to be more specific
2022-08-11 09:34:04 -07:00
max furman
73ba411e1d
[action] parameterize golangci-lint version
2022-08-10 21:45:10 -07:00
Mariano Cano
eb091aec54
Simplify field names for ProvisionerInfo
2022-08-10 17:44:14 -07:00
Mariano Cano
a65adc032b
Merge pull request #1005 from smallstep/crypto-kms
...
Use go.step.sm/crypto/kms
2022-08-10 09:57:26 -07:00
max furman
7052a32c2c
Validate revocation serial number
2022-08-09 11:04:00 -07:00
Mariano Cano
4985ab1d62
Remove kms package
2022-08-08 18:01:10 -07:00