Commit graph

2175 commits

Author SHA1 Message Date
Mariano Cano
db416a45ae
Fix path for labeler. 2021-06-18 13:02:53 +02:00
Herman Slatman
f33bdee5e0
Fix linter issue S1025 2021-06-18 12:55:50 +02:00
Herman Slatman
8780409020
Merge branch 'master' into hs/ip-verification 2021-06-18 12:45:12 +02:00
Herman Slatman
523ae96749
Change identifier and challenge types to consts 2021-06-18 12:39:36 +02:00
Herman Slatman
84ea8bd67a
Fix PR comments 2021-06-18 12:03:46 +02:00
Mariano Cano
a0633a6efb
Merge pull request #612 from gdbelvin/kmspin
Allow reading pin from kms string
2021-06-15 12:05:34 -07:00
Gary Belvin
1fb4406801 minimize diff 2021-06-15 18:19:42 +01:00
Gary Belvin
c6bb7aa199 Add back UI check, but don't read file 2021-06-15 18:18:29 +01:00
Gary Belvin
a63a1d6482 Don't double read from u.Pin() 2021-06-15 18:13:08 +01:00
Gary Belvin
063a09a521 Allow reading pin from kms string 2021-06-15 13:16:54 +01:00
Mariano Cano
c4d0c8a18e Fix credentials file parameter on awskms 2021-06-11 21:40:04 -07:00
Mariano Cano
16e0cffd8b Fix path for labeler. 2021-06-08 18:02:54 -07:00
Mariano Cano
dce1b290bd Remove debug statements. 2021-06-08 17:57:24 -07:00
Mariano Cano
2a97389f1b Upgrade dependencies. 2021-06-08 17:47:26 -07:00
Mariano Cano
ac3c754a6d Use known CA and add tier and gcs bucket options. 2021-06-08 17:43:52 -07:00
Kevin Chen
2ac53f7c69 update gitter to discord 2021-06-08 09:42:20 -07:00
Mariano Cano
529eb4bae9 Rename CAPool to CaPool. 2021-06-07 19:20:23 -07:00
Mariano Cano
9db68db509 Add tests with cloudCAS EnableCertificateAuthority. 2021-06-07 19:17:30 -07:00
Mariano Cano
48bc4e549d Fix cloudcas tests. 2021-06-07 15:53:29 -07:00
Herman Slatman
af4803b8b8
Fix tests 2021-06-04 11:14:59 +02:00
Mariano Cano
072bd0dcf4 Add support for Google CAS v1 2021-06-03 19:31:19 -07:00
Herman Slatman
0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge 2021-06-04 00:18:26 +02:00
Herman Slatman
a6405e98a9
Remove fmt. 2021-06-04 00:06:15 +02:00
Herman Slatman
2f40011da8
Add support for TLS-ALPN-01 challenge 2021-06-04 00:01:43 +02:00
Herman Slatman
76dcf542d4
Fix mixed DNS and IP SANs in Order 2021-06-03 22:45:24 +02:00
Herman Slatman
af615db6b5
Support DNS and IPs as SANs in single Order 2021-06-03 22:03:21 +02:00
Herman Slatman
a0e92f8e99
Verify IP identifier contains valid IP 2021-06-03 22:02:13 +02:00
Mariano Cano
35ede74ea7
Merge pull request #596 from gdbelvin/name
Allow configuration of PKCS11 subject name
2021-06-01 10:32:37 -07:00
Mariano Cano
595f12505c
Merge branch 'master' into name 2021-06-01 10:29:40 -07:00
Mariano Cano
e17fc4346d
Merge pull request #597 from gdbelvin/path
Configurable pkcs11-init output paths
2021-06-01 09:58:40 -07:00
Gary Belvin
c264e8f580 Configurable pkcs11-init output paths 2021-06-01 17:46:00 +01:00
Gary Belvin
623e387fb0 Allow configuration of PKCS11 subject name 2021-06-01 17:35:36 +01:00
Herman Slatman
6486e6016b
Make logic for which challenge types to use clearer 2021-05-29 00:37:22 +02:00
Herman Slatman
3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers 2021-05-29 00:19:14 +02:00
Herman Slatman
848b5202a5
Merge branch 'master' into hs/ip-verification 2021-05-28 16:42:05 +02:00
Herman Slatman
6d9710c88d
Add initial support for ACME IP validation 2021-05-28 16:40:46 +02:00
Herman Slatman
7e82bd6ef3 Add setup for Authority tests 2021-05-26 16:15:26 -07:00
Herman Slatman
74d8bdc298 Add tests for CreateDecrypter 2021-05-26 16:15:26 -07:00
Herman Slatman
a64974c179 Fix small typo in divisible 2021-05-26 16:15:26 -07:00
Herman Slatman
382b6f977c Improve error logging 2021-05-26 16:15:26 -07:00
Herman Slatman
d46a4eaca4 Change fmt to errors package for formatting errors 2021-05-26 16:15:26 -07:00
Herman Slatman
2beea1aa89 Add configuration option for specifying the minimum public key length
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.

It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-26 16:15:26 -07:00
Herman Slatman
4168449935 Fix typo 2021-05-26 16:15:26 -07:00
Herman Slatman
fa100a5138 Mask challenge password after it has been read 2021-05-26 16:15:26 -07:00
Herman Slatman
66a67ed691 Update to v2.0.0 of github.com/micromdm/scep 2021-05-26 16:15:24 -07:00
Herman Slatman
03c472359c Add sync.WaitGroup for proper error handling in Run() 2021-05-26 16:14:57 -07:00
Herman Slatman
1cd0cb99f6 Add more template data 2021-05-26 16:13:58 -07:00
Herman Slatman
13fe7a0121 Make serving SCEP endpoints optional
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.

The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
2021-05-26 16:13:57 -07:00
Herman Slatman
bcacd2f4da Fix typo 2021-05-26 16:13:38 -07:00
Herman Slatman
a0242ad6ce Add validation to SCEP Options 2021-05-26 16:13:38 -07:00