Commit graph

615 commits

Author SHA1 Message Date
Mariano Cano
2e98febcd9 Add envoy hello mTLS example.
Fixes smallstep/ca-component#144
2019-02-07 15:30:37 -08:00
Mariano Cano
23c60d5f3f Remove unnecessary sleep. 2019-02-07 12:05:38 -08:00
Mariano Cano
b18e3638bc Revert "Remove unnecessary sleep"
This reverts commit 082eee63f1.
2019-02-07 12:05:13 -08:00
Mariano Cano
082eee63f1 Remove unnecessary sleep 2019-02-07 10:53:25 -08:00
max furman
cedf8784b6 dep update cli 2019-02-06 18:59:36 -08:00
Mariano Cano
262a9d0978
Merge pull request #27 from smallstep/mariano/renew-pool
SDK should update certificate pools safely
2019-02-06 16:56:38 -08:00
Mariano Cano
e0fff4d80b Fix typo. 2019-02-06 16:52:44 -08:00
Mariano Cano
f1f6c548ad Fix typo. 2019-02-06 16:48:20 -08:00
Mariano Cano
14fcf58903 Add client implementation of hello-mTLS using nodejs
Fixes smallstep/ca-component#138
2019-02-06 16:42:29 -08:00
Mariano Cano
8022ed80bc Add node to README.md 2019-02-06 16:42:29 -08:00
Mariano Cano
1197753f35 Add hello-mTLS server example using nodejs.
Fixes smallstep/ca-component#138
2019-02-06 16:42:29 -08:00
max furman
7e43402575 bug fix: don't add common name to CSR validation claims in Sign
* added unit test for this case
2019-02-06 16:26:25 -08:00
Mike Malone
0c53b0f310 rename cluster role & binding to match other binding names 2019-02-06 13:57:29 -08:00
Mike Malone
3a516d92aa check for permissions init autocert deploy script 2019-02-06 13:56:33 -08:00
Mariano Cano
74114a6234 Add hello-mTLS for nginx 2019-02-06 11:53:10 -08:00
Mariano Cano
758d829355 Fix tests. 2019-02-05 20:27:29 -08:00
max furman
47228cd9a0 dep ensure to update cli 2019-02-05 19:50:23 -08:00
max furman
f6bfb71602 cli dep sans -> master 2019-02-05 19:46:16 -08:00
Max
91f183a62a
Merge pull request #29 from smallstep/sans
Add SANs support
2019-02-05 21:40:19 -06:00
max furman
3415a1fef8 move SplitSANs to cli 2019-02-05 19:32:01 -08:00
Mariano Cano
975cb75fbd Fix typo. 2019-02-05 17:33:16 -08:00
Mariano Cano
3c06d6f9bc Fix comment. 2019-02-05 17:30:10 -08:00
Mariano Cano
e330ac547c Fix comment. 2019-02-05 17:29:28 -08:00
Mariano Cano
cd934bbede Remove println 2019-02-05 17:27:10 -08:00
max furman
6937bfea7b claims.SANS -> claims.SANs 2019-02-04 20:22:02 -08:00
max furman
93f39c64a0 backwards compat only when SANS empty 2019-02-04 20:02:56 -08:00
Mariano Cano
4c9dccd3f6 Allow multiple certificates in the root pem. 2019-02-04 10:29:52 -08:00
max furman
ab78534b08 add test for SAN backwards compatibility with CLI
* new provisioner tokens always contain the crt.Subject.CommonName
in the SANS attribute of the token claims. added tests that verifies
backwards compatibility still works in cases where the token does not
contain the subject as a SAN claim.
2019-02-01 12:24:21 -06:00
max furman
fe8c8614b2 SANS backwards compat when token missing sujbect SAN 2019-02-01 12:18:10 -06:00
max furman
e6e8443f3c allow multiple identical SANs in cert 2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Sebastian Tiedtke
55155d1207 Change readme formatting 2019-01-28 17:36:32 -06:00
Sebastian Tiedtke
754670ad12
Add basic federation example (#26)
Add basic federation example
2019-01-28 17:31:06 -06:00
Mariano Cano
025e36bf10
Merge pull request #28 from pallas/fix-overflow
authority/provisioners: fix overflow on 32-bit systems
2019-01-28 08:32:35 -08:00
Derrick Lyndon Pallas
7a5c4a1112 authority/provisioners: fix overflow on 32-bit systems
In Go, len returns signed ints, not unsigned ints; consequently, this code
comparison overflows on 32-bit systems, like ARM.
2019-01-28 00:54:15 +00:00
Mike Malone
e70a5dae7d updated README.md 2019-01-25 21:31:03 -08:00
Mike Malone
32c7be6f9d fixed mtls handshake diagram 2019-01-25 21:04:57 -08:00
Mike Malone
1f68bfe7ad mtls handshake diagram 2019-01-25 20:58:06 -08:00
Mike Malone
f58000c28f hello-mtls examples 2019-01-24 17:22:36 -08:00
Mike Malone
8e1505d03f new diagrams 2019-01-23 20:43:19 -08:00
Mike Malone
0fabc06fbb new demo gif 2019-01-23 18:33:56 -08:00
Mariano Cano
d394dd233a Initiate default RootCAs/ClientCAs when no options are passed. 2019-01-23 14:33:16 -08:00
Mike Malone
2c2f390e66 logo 2019-01-23 11:32:14 -08:00
Mariano Cano
25eba1a96c WIP on the safely rotate of root and federated certificates.
Fixes #23
2019-01-22 19:54:12 -08:00
Mike Malone
0bab651a52 architecture diagram rev'd 2019-01-22 16:08:57 -08:00
Mike Malone
c8ebacb8b7 architecture diagram 2019-01-22 15:59:41 -08:00
Max
88a3c4cf83
Merge pull request #25 from smallstep/Duration
make Duration wrapper publicly accessible
2019-01-20 21:40:45 -08:00
max furman
2c72ada610 remove dead code 2019-01-20 21:37:12 -08:00
max furman
6dc89f46d8 make Duration public 2019-01-20 21:33:14 -08:00
Michael Malone
45fb8de26f
Link to the right blog post in README.md 2019-01-18 23:45:43 -08:00