Commit graph

171 commits

Author SHA1 Message Date
max furman
6937bfea7b claims.SANS -> claims.SANs 2019-02-04 20:22:02 -08:00
max furman
93f39c64a0 backwards compat only when SANS empty 2019-02-04 20:02:56 -08:00
max furman
ab78534b08 add test for SAN backwards compatibility with CLI
* new provisioner tokens always contain the crt.Subject.CommonName
in the SANS attribute of the token claims. added tests that verifies
backwards compatibility still works in cases where the token does not
contain the subject as a SAN claim.
2019-02-01 12:24:21 -06:00
max furman
fe8c8614b2 SANS backwards compat when token missing sujbect SAN 2019-02-01 12:18:10 -06:00
max furman
e6e8443f3c allow multiple identical SANs in cert 2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Sebastian Tiedtke
55155d1207 Change readme formatting 2019-01-28 17:36:32 -06:00
Sebastian Tiedtke
754670ad12
Add basic federation example (#26)
Add basic federation example
2019-01-28 17:31:06 -06:00
Mariano Cano
025e36bf10
Merge pull request #28 from pallas/fix-overflow
authority/provisioners: fix overflow on 32-bit systems
2019-01-28 08:32:35 -08:00
Derrick Lyndon Pallas
7a5c4a1112 authority/provisioners: fix overflow on 32-bit systems
In Go, len returns signed ints, not unsigned ints; consequently, this code
comparison overflows on 32-bit systems, like ARM.
2019-01-28 00:54:15 +00:00
Max
88a3c4cf83
Merge pull request #25 from smallstep/Duration
make Duration wrapper publicly accessible
2019-01-20 21:40:45 -08:00
max furman
2c72ada610 remove dead code 2019-01-20 21:37:12 -08:00
max furman
6dc89f46d8 make Duration public 2019-01-20 21:33:14 -08:00
Michael Malone
45fb8de26f
Link to the right blog post in README.md 2019-01-18 23:45:43 -08:00
max furman
0615f7eb11 don't wrap time.Duration 2019-01-18 12:08:18 -08:00
max furman
4b742042ee make Duration wrapper publicly accessible 2019-01-18 10:39:12 -08:00
Mariano Cano
984bf8d38c Add missing file. 2019-01-16 19:06:21 -08:00
Mariano Cano
1cc5e94666 Add simple test for federation. 2019-01-16 19:03:41 -08:00
max furman
8402b06119 bump step-cli container version in step-ca Dockerfile 2019-01-16 16:40:13 -08:00
max furman
7b9b091b18 don't need to update the brew formula for certificates updates
* brew uses a tarball built by cli releases (not certificates)
2019-01-15 12:12:28 -08:00
Mariano Cano
d0e0217955
Merge pull request #22 from smallstep/mariano/multiroot
Multiple roots and federation
2019-01-14 18:15:33 -08:00
Mariano Cano
e8ac3f4888 Add comment to differentiate GetRootCertificates and GetRoots. 2019-01-14 18:11:55 -08:00
Mariano Cano
6e620073f5 Rename method Empties to HasEmpties 2019-01-14 18:11:55 -08:00
max furman
cfbb2a6f41 method documentation grammar fix 2019-01-14 17:55:01 -08:00
Mariano Cano
dbd1bf11f1 Rename variable. 2019-01-14 17:35:38 -08:00
Sebastian Tiedtke
70f0a0e182 It's 2019 2019-01-14 15:12:07 -08:00
Mariano Cano
8252608ca2 Fix mock 2019-01-14 14:33:00 -08:00
Mariano Cano
7dc61bf233 Remove deprecated code 2019-01-11 19:13:06 -08:00
Mariano Cano
518b597535 Remove mTLS client requirement in /roots and /federation 2019-01-11 19:08:08 -08:00
Mariano Cano
9adc65febf Add test for newTLSOptionCtx 2019-01-10 15:31:40 -08:00
Mariano Cano
1763ede99d Add tests for new methods. 2019-01-10 13:19:51 -08:00
Mariano Cano
6116523055 Fix random order in tests. 2019-01-10 10:57:06 -08:00
Mariano Cano
8510e25b3b Add test with bootstrap server. 2019-01-09 18:48:15 -08:00
Mariano Cano
f99ae9da93 Add root rotation test. 2019-01-09 17:55:32 -08:00
Mariano Cano
af9e6488fc Make the renew test shorter. 2019-01-09 17:35:00 -08:00
Mariano Cano
25ddbaedff Allow to customize the minimal cert duration for tests. 2019-01-09 17:24:11 -08:00
Mariano Cano
10aaece1b0 Update root certificates on renew. 2019-01-09 13:20:28 -08:00
Mariano Cano
6d3e8ed93c Add all root certificates by default on bootstrap methods. 2019-01-07 18:55:40 -08:00
Mariano Cano
d296cf95a9 Add mTLS request to get all the root CAs, not the federated ones. 2019-01-07 17:48:56 -08:00
Mariano Cano
98cc243a37 Add support for multiple roots. 2019-01-07 15:30:28 -08:00
Mariano Cano
722bcb7e7a Add initial support for federated root certificates. 2019-01-04 17:51:32 -08:00
Mariano Cano
37149ed3ea Add method to get all the certs. 2019-01-04 16:51:37 -08:00
Sebastian Tiedtke
10978630e5
Simplify steps 2018-12-28 15:48:53 -08:00
Sebastian Tiedtke
90aabb0705
Minor fixes 2018-12-28 15:45:40 -08:00
Sebastian Tiedtke
c7b5a71f12
Fixed link 2018-12-28 15:32:08 -08:00
Mariano Cano
9e2fce2f4c
Merge pull request #18 from smallstep/mariano/audience
Do not require the port in the audience check.
2018-12-21 15:33:45 -08:00
Mariano Cano
7e95fc0e45 Strip ports on audience check.
Services might have proxies behind them so we cannot rely on them.
Fixes #17
2018-12-21 15:27:22 -08:00
Mariano Cano
9b87e08faf Do not require the port in the audience check.
Fixes #17
2018-12-21 14:04:22 -08:00
Max
e5dff952de
Merge pull request #16 from nmelo/docs-fix-typos
Fix a couple typos in documentation and a formatting issue
2018-12-20 13:04:35 -08:00
Nelson Melo
d0c7ccd0db
ServetTLS => ServeTLS in function docs 2018-12-20 12:10:32 -05:00