Mariano Cano
|
45af68b244
|
Upgrade go.step.sm/crypto
|
2022-08-31 11:36:07 -07:00 |
|
Mariano Cano
|
59b7603d1e
|
Use a clientAuth only cert for device-attest-01
|
2022-08-30 16:09:44 -07:00 |
|
Mariano Cano
|
6db631df51
|
Upgrade go.step.sm/crypto@attest
|
2022-08-30 15:49:10 -07:00 |
|
Mariano Cano
|
ca412e77cc
|
Return error on attestation validation
The method storeError returns a nil error
|
2022-08-29 20:03:34 -07:00 |
|
Mariano Cano
|
ab5f916bd3
|
Define ErrorBadAttestationStatement
|
2022-08-29 20:02:43 -07:00 |
|
Mariano Cano
|
735c9d49b0
|
Add support for yubikey attestation
|
2022-08-29 19:37:30 -07:00 |
|
Mariano Cano
|
ebce40e9b6
|
Add new method ACMEClient.ValidateWithPayload
This new method will be used to validate to validate the device
attestation payload.
|
2022-08-29 19:35:52 -07:00 |
|
Mariano Cano
|
f1c63bc38d
|
Fix challenge mapping
|
2022-08-24 19:30:28 -07:00 |
|
Mariano Cano
|
2a44972830
|
Run go mod tidy
|
2022-08-24 19:23:31 -07:00 |
|
Mariano Cano
|
df96b126dc
|
Add AuthorizeChallenge unit tests
|
2022-08-24 12:31:09 -07:00 |
|
Mariano Cano
|
bca311b05e
|
Add acme property to enable challenges
Fixes #1027
|
2022-08-23 17:11:40 -07:00 |
|
Mariano Cano
|
ae8d4d8757
|
Fix unit test
|
2022-08-23 17:01:15 -07:00 |
|
Mariano Cano
|
693dc39481
|
Merge branch 'master' into device-attestation
|
2022-08-22 17:59:17 -07:00 |
|
Mariano Cano
|
b1e9d5ee86
|
Revert "Run on plaintext HTTP to support Cloud Run"
This reverts commit 09b9673a60 .
|
2022-08-22 17:50:14 -07:00 |
|
Mariano Cano
|
dd6f59b538
|
Merge pull request #1024 from smallstep/gosec
Address gosec warnings
|
2022-08-22 14:19:50 -07:00 |
|
Mariano Cano
|
23b8f45b37
|
Address gosec warnings
Most if not all false positives
|
2022-08-18 17:46:20 -07:00 |
|
Mariano Cano
|
713dfad884
|
Merge pull request #1019 from smallstep/head-middleware
Add a middleware to automatically route HEAD requests to GET
|
2022-08-16 16:21:19 -07:00 |
|
Max
|
8f88740a5a
|
Merge pull request #1014 from smallstep/max/dns-id
Check for DNS name validity
|
2022-08-16 16:20:12 -07:00 |
|
Mariano Cano
|
6cab4d328e
|
Add a middleware to automatically route HEAD requests to GET
Fixes #992
|
2022-08-16 16:10:29 -07:00 |
|
max furman
|
c040e4b459
|
Add unit tests
|
2022-08-16 15:48:23 -07:00 |
|
Mariano Cano
|
85fc837dc3
|
Merge pull request #1018 from smallstep/ra-config
Ra config
|
2022-08-16 15:24:01 -07:00 |
|
Mariano Cano
|
3c88a9ccc2
|
Fixed changelog
|
2022-08-16 15:11:49 -07:00 |
|
Mariano Cano
|
8e08f0dea3
|
Add entries to changelog
|
2022-08-16 14:48:03 -07:00 |
|
Mariano Cano
|
0c7467ceb2
|
Allow to automatically configure and linked RA
|
2022-08-16 14:39:02 -07:00 |
|
Mariano Cano
|
5e0be92273
|
Allow option to skip the validation of config
|
2022-08-16 14:04:04 -07:00 |
|
max furman
|
b7c2f6c482
|
Check for DNS name validity
|
2022-08-16 00:12:31 -07:00 |
|
Mariano Cano
|
ae76d943c9
|
Merge pull request #1009 from smallstep/code-ql
Code QL
|
2022-08-11 18:53:30 -07:00 |
|
Mariano Cano
|
2db15e4eb5
|
Remove unnecessary log entries
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
|
2022-08-11 18:14:36 -07:00 |
|
Mariano Cano
|
759aa26a57
|
Fix linter warning
|
2022-08-11 17:47:58 -07:00 |
|
Mariano Cano
|
90d2785776
|
Sanitize log entries in logging package
|
2022-08-11 17:44:31 -07:00 |
|
Mariano Cano
|
b62f4d1000
|
Add lgtm comments on some security warnings
|
2022-08-11 17:32:57 -07:00 |
|
Mariano Cano
|
a5439c43cd
|
Remove ciphersuites without Lucky13 countermeasures
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
|
2022-08-11 17:11:04 -07:00 |
|
Mariano Cano
|
d6baad443b
|
Merge pull request #1008 from smallstep/endpoint-id
Endpoint ID
|
2022-08-11 15:18:47 -07:00 |
|
Mariano Cano
|
8bd0174251
|
Rename field to IsCAServerCert
|
2022-08-11 15:14:26 -07:00 |
|
Mariano Cano
|
5df1694250
|
Add endpoint id for the RA certificate
In a linked RA mode, send an endpoint id to group the server
certificates.
|
2022-08-11 14:47:11 -07:00 |
|
Max
|
20784c7a00
|
Merge pull request #1006 from smallstep/max/revoke-serial-validation
Validate revocation serial number
|
2022-08-11 09:45:26 -07:00 |
|
max furman
|
1dd0d7d0ee
|
Update bad serial error to be more specific
|
2022-08-11 09:34:04 -07:00 |
|
max furman
|
73ba411e1d
|
[action] parameterize golangci-lint version
|
2022-08-10 21:45:10 -07:00 |
|
Mariano Cano
|
eb091aec54
|
Simplify field names for ProvisionerInfo
|
2022-08-10 17:44:14 -07:00 |
|
Mariano Cano
|
2f7cb9225f
|
Use go.step.sm/crypto to set the permanent identifier
|
2022-08-10 17:38:18 -07:00 |
|
Mariano Cano
|
a65adc032b
|
Merge pull request #1005 from smallstep/crypto-kms
Use go.step.sm/crypto/kms
|
2022-08-10 09:57:26 -07:00 |
|
Mariano Cano
|
21427d5d65
|
Replace instead of prepend provisioner extension
With non standard SANs this will generate the SAN and provisioner
extension in the same order.
|
2022-08-09 16:48:00 -07:00 |
|
Mariano Cano
|
2ab1e6658e
|
Fix nonce validation
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
|
2022-08-09 15:06:52 -07:00 |
|
max furman
|
7052a32c2c
|
Validate revocation serial number
|
2022-08-09 11:04:00 -07:00 |
|
Mariano Cano
|
4985ab1d62
|
Remove kms package
|
2022-08-08 18:01:10 -07:00 |
|
Mariano Cano
|
369b8f81c3
|
Use go.step.sm/crypto/kms
Fixes #975
|
2022-08-08 17:58:18 -07:00 |
|
Mariano Cano
|
e02a190fa7
|
Merge branch 'master' into device-attestation
|
2022-08-08 17:29:59 -07:00 |
|
Max
|
3e2729e391
|
Merge pull request #989 from smallstep/max/disable-ssh-hosts
Add attribute to disable SSH Hosts list API
|
2022-08-08 14:15:35 -07:00 |
|
Mariano Cano
|
9f67a808cd
|
Merge pull request #1004 from smallstep/go-1.19
Change actions to build using Go 1.19
|
2022-08-08 12:35:49 -07:00 |
|
Mariano Cano
|
f1aabaa99c
|
Use functions from os instead of io/ioutil
|
2022-08-08 12:12:53 -07:00 |
|