Oleksandr Kovalchuk
893a53793a
Modify existing tests to accept forceCNOption modifier
...
Modify existing tests to pass with changes introduced in commit
322200b7db
. This is safe to do as
tests assert exact length of modifiers, which has changed.
2020-05-17 20:27:09 +03:00
Oleksandr Kovalchuk
322200b7db
Implement modifier to set CommonName
...
Implement modifier which sets CommonName to the certificate if
CommonName is empty and forceCN is set in the config. Replace previous
implementation introduced in 0218018cee
with new modifier.
Closes https://github.com/smallstep/certificates/issues/259
Ref: https://github.com/smallstep/certificates/pull/260#issuecomment-628961322
2020-05-17 20:23:13 +03:00
Oleksandr Kovalchuk
0218018cee
Generate Subject if forceCN
and Subject is empty
...
When `forceCN` is set in provisioner configuration and
Subject.CommonName is empty, set Subject.CommonName to the first SAN
from the CSR to follow the letsencrypt's boulder behavior. This is done
in order to support system which require certificate's Subject field to
be non-empty.
N.B. certbot does not send Subject in its certificate request and relies
on similar behavior of letsencrypt.
Closes https://github.com/smallstep/certificates/issues/259
2020-05-14 13:23:42 +03:00
Oleksandr Kovalchuk
503c9f6101
Add config option to force CN
...
Add configuration option `forceCN` to ACME provisioner. When this option
is set to `true`, provisioner should generate Subject.CommonName for
certificate if it was not present in the request. Default value of
`false` should keep the existing behavior (do not modify CSR and
certificate).
Ref: https://github.com/smallstep/certificates/issues/259
2020-05-14 13:20:55 +03:00
Max
f126962f3f
Merge pull request #257 from smallstep/max/accUpd
...
ACME accountUpdate ignore fields not recognized by the server.
2020-05-11 14:18:08 -07:00
max furman
4cb777bdc1
ACME accountUpdate ignore fields not recognized by the server.
2020-05-08 11:52:30 -07:00
Mariano Cano
e855707dc2
Merge pull request #248 from smallstep/embedded-config-init
...
Initialize the required config fields on embedded authorities
2020-05-06 14:29:53 -07:00
Mariano Cano
4e544344f9
Initialize the required config fields on embedded authorities.
...
This change is to make easier the use of embedded authorities. It
can be difficult for third parties to know what fields are required.
The new init methods will define the minimum usable configuration.
2020-05-06 13:00:42 -07:00
Mariano Cano
9499aed6d1
Merge pull request #247 from smallstep/embedded-authority
...
Create a method to initialize the authority without a config file
2020-05-05 18:17:37 -07:00
Mariano Cano
b5eab009b2
Rename method to NewEmbedded
2020-05-05 17:46:22 -07:00
Mariano Cano
824374bde0
Create a method to initialize the authority without a config file.
...
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.
Fixes #218
2020-05-04 18:52:18 -07:00
max furman
ca0861bf17
Add documentation for running HA
2020-05-04 16:44:55 -07:00
max furman
083abf5150
Fix a bit of getting started doc syntax
2020-05-04 16:09:36 -07:00
max furman
8227449746
Add docs for ssh cert duration for authority config.
...
Fixes #238 .
2020-05-01 14:48:14 -07:00
max furman
c1a84c1405
go mod tidy
2020-04-30 18:59:41 -07:00
max furman
1b6bf38b52
Bump cli to v0.14.3
2020-04-30 17:48:58 -07:00
max furman
d40c029582
Fix docs database link.
2020-04-28 10:42:05 -07:00
max furman
30e38dc501
Bumpt the version of cli for a certificates RC.
2020-04-28 09:34:10 -07:00
Mariano Cano
df3b9f637e
Use a tagged version of nosql.
2020-04-27 18:13:54 -07:00
Mariano Cano
18869323f4
Merge pull request #234 from smallstep/oidc-multinenant
...
Add support for multi-tenant OIDC provisioners
2020-04-27 15:21:55 -07:00
Mariano Cano
4e9bff0986
Add support for OIDC multitoken tenants for azure.
2020-04-24 14:36:32 -07:00
Mariano Cano
c7907a4626
Merge pull request #233 from smallstep/oidc-add-user-cert
...
Add support for user provisioner certificates on OIDC provisioners.
2020-04-24 10:54:25 -07:00
Mariano Cano
8bc3b05232
Add new extra test case.
2020-04-24 10:27:44 -07:00
Mariano Cano
b0ff731d18
Add support for user provisioner certificates on OIDC provisioners.
...
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.
Fixes smallstep/cli#268
2020-04-23 19:42:55 -07:00
Max
59a57d487b
Merge pull request #232 from wishdev/fingerprint
...
Add root fingerprint to pki if certificate given
2020-04-23 14:49:06 -07:00
John W Higgins
d1f78cf6d2
Add root fingerprint to pki if certificate given
...
If a root certificate is provided to init an authority the fingerprint
is not currently stored in the default.json file. This patch simply
stores the fingerprint of the supplied certificate.
2020-04-23 13:47:41 -07:00
Max
00998d053d
Merge pull request #231 from smallstep/badgerV1+V2
...
Simultaneous support for Badger V1+V2 and ...
2020-04-21 10:16:22 -07:00
max furman
95b931bb52
Increase linter timeout limit ...
...
* Breaking in Travis
2020-04-21 10:10:33 -07:00
max furman
1a34e64c65
Try old method of installing golang linter ...
...
* Method from docs is broken in travis.
2020-04-21 09:59:54 -07:00
max furman
a179a72342
Update installer location of golangci-lint.
2020-04-21 09:39:48 -07:00
max furman
3c0970c28a
Bump golangci-lint to v1.24.0
2020-04-21 09:35:57 -07:00
max furman
3be95a82d0
Update version of nosql.
2020-04-21 09:27:42 -07:00
Mariano Cano
7861069018
Fix command in distribution.md.
2020-04-20 17:42:29 -07:00
max furman
d51f254ee4
ValueLogLoadingMode -> FileLoading Mode badger
2020-04-20 16:09:07 -07:00
Mariano Cano
2993ccf16d
Merge pull request #230 from smallstep/empty-common-names
...
Remove the requirement for CSR to have a common name
2020-04-20 15:53:14 -07:00
Mariano Cano
a2dfa6faa8
Fix unit tests.
2020-04-20 12:29:23 -07:00
max furman
0573c00bd3
Simultaneous support for Badger V1+V2 and ...
...
* valueLogLoadingMode config for low RAM badger environments
2020-04-20 11:46:47 -07:00
Mariano Cano
13507efb35
Remove the requirement for CSR to have a common name.
...
Fixes #226
2020-04-20 10:43:33 -07:00
Mariano Cano
bcc5a91d17
Merge pull request #227 from smallstep/disable-forward-agent
...
Do not enable by default ForwardAgent
2020-04-15 17:27:18 -07:00
Mariano Cano
02ed784a9b
Do not enable by default ForwardAgent.
2020-04-15 11:17:24 -07:00
max furman
348cf9b4e6
Small helm-chart distribuion update
2020-04-10 09:24:17 -07:00
max furman
fc50523779
go mod tidy
2020-04-09 20:57:04 -07:00
max furman
9679299a89
Fix version and travis_tag vars in build pipeline
2020-04-09 20:46:01 -07:00
max furman
4b8e2f5948
Tag v0.14.2
2020-04-09 18:14:24 -07:00
max furman
e03ce33cd9
go mod tidy and verify
2020-04-09 11:21:03 -07:00
max furman
17097eb9f0
Bump cli to v0.14.1 to break dependency cycle.
2020-04-09 11:04:28 -07:00
max furman
344e7b99fb
bump cli dependency
2020-04-09 09:34:20 -07:00
max furman
aecddecf22
Simplify make bundling and generate ARM tarballs.
2020-04-08 14:20:58 -07:00
David Cowden
eb42ea90db
ssh/api: Use host tags instead of groups
...
Tags are more flexible and what we use in the managed offering.
2020-04-03 12:11:19 -07:00
Mariano Cano
1d9edcd48f
Merge pull request #220 from smallstep/identity-cert-duration
...
Enforce a duration for identity certificates
2020-03-31 13:02:23 -07:00