Mariano Cano
db416a45ae
Fix path for labeler.
2021-06-18 13:02:53 +02:00
Herman Slatman
f33bdee5e0
Fix linter issue S1025
2021-06-18 12:55:50 +02:00
Herman Slatman
8780409020
Merge branch 'master' into hs/ip-verification
2021-06-18 12:45:12 +02:00
Herman Slatman
523ae96749
Change identifier and challenge types to consts
2021-06-18 12:39:36 +02:00
Herman Slatman
84ea8bd67a
Fix PR comments
2021-06-18 12:03:46 +02:00
Mariano Cano
a0633a6efb
Merge pull request #612 from gdbelvin/kmspin
...
Allow reading pin from kms string
2021-06-15 12:05:34 -07:00
Gary Belvin
1fb4406801
minimize diff
2021-06-15 18:19:42 +01:00
Gary Belvin
c6bb7aa199
Add back UI check, but don't read file
2021-06-15 18:18:29 +01:00
Gary Belvin
a63a1d6482
Don't double read from u.Pin()
2021-06-15 18:13:08 +01:00
Gary Belvin
063a09a521
Allow reading pin from kms string
2021-06-15 13:16:54 +01:00
Mariano Cano
c4d0c8a18e
Fix credentials file parameter on awskms
2021-06-11 21:40:04 -07:00
Mariano Cano
16e0cffd8b
Fix path for labeler.
2021-06-08 18:02:54 -07:00
Mariano Cano
dce1b290bd
Remove debug statements.
2021-06-08 17:57:24 -07:00
Mariano Cano
2a97389f1b
Upgrade dependencies.
2021-06-08 17:47:26 -07:00
Mariano Cano
ac3c754a6d
Use known CA and add tier and gcs bucket options.
2021-06-08 17:43:52 -07:00
Kevin Chen
2ac53f7c69
update gitter to discord
2021-06-08 09:42:20 -07:00
Mariano Cano
529eb4bae9
Rename CAPool to CaPool.
2021-06-07 19:20:23 -07:00
Mariano Cano
9db68db509
Add tests with cloudCAS EnableCertificateAuthority.
2021-06-07 19:17:30 -07:00
Mariano Cano
48bc4e549d
Fix cloudcas tests.
2021-06-07 15:53:29 -07:00
Herman Slatman
af4803b8b8
Fix tests
2021-06-04 11:14:59 +02:00
Mariano Cano
072bd0dcf4
Add support for Google CAS v1
2021-06-03 19:31:19 -07:00
Herman Slatman
0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge
2021-06-04 00:18:26 +02:00
Herman Slatman
a6405e98a9
Remove fmt.
2021-06-04 00:06:15 +02:00
Herman Slatman
2f40011da8
Add support for TLS-ALPN-01 challenge
2021-06-04 00:01:43 +02:00
Herman Slatman
76dcf542d4
Fix mixed DNS and IP SANs in Order
2021-06-03 22:45:24 +02:00
Herman Slatman
af615db6b5
Support DNS and IPs as SANs in single Order
2021-06-03 22:03:21 +02:00
Herman Slatman
a0e92f8e99
Verify IP identifier contains valid IP
2021-06-03 22:02:13 +02:00
Mariano Cano
35ede74ea7
Merge pull request #596 from gdbelvin/name
...
Allow configuration of PKCS11 subject name
2021-06-01 10:32:37 -07:00
Mariano Cano
595f12505c
Merge branch 'master' into name
2021-06-01 10:29:40 -07:00
Mariano Cano
e17fc4346d
Merge pull request #597 from gdbelvin/path
...
Configurable pkcs11-init output paths
2021-06-01 09:58:40 -07:00
Gary Belvin
c264e8f580
Configurable pkcs11-init output paths
2021-06-01 17:46:00 +01:00
Gary Belvin
623e387fb0
Allow configuration of PKCS11 subject name
2021-06-01 17:35:36 +01:00
Herman Slatman
6486e6016b
Make logic for which challenge types to use clearer
2021-05-29 00:37:22 +02:00
Herman Slatman
3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers
2021-05-29 00:19:14 +02:00
Herman Slatman
848b5202a5
Merge branch 'master' into hs/ip-verification
2021-05-28 16:42:05 +02:00
Herman Slatman
6d9710c88d
Add initial support for ACME IP validation
2021-05-28 16:40:46 +02:00
Herman Slatman
7e82bd6ef3
Add setup for Authority tests
2021-05-26 16:15:26 -07:00
Herman Slatman
74d8bdc298
Add tests for CreateDecrypter
2021-05-26 16:15:26 -07:00
Herman Slatman
a64974c179
Fix small typo in divisible
2021-05-26 16:15:26 -07:00
Herman Slatman
382b6f977c
Improve error logging
2021-05-26 16:15:26 -07:00
Herman Slatman
d46a4eaca4
Change fmt to errors package for formatting errors
2021-05-26 16:15:26 -07:00
Herman Slatman
2beea1aa89
Add configuration option for specifying the minimum public key length
...
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.
It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-26 16:15:26 -07:00
Herman Slatman
4168449935
Fix typo
2021-05-26 16:15:26 -07:00
Herman Slatman
fa100a5138
Mask challenge password after it has been read
2021-05-26 16:15:26 -07:00
Herman Slatman
66a67ed691
Update to v2.0.0 of github.com/micromdm/scep
2021-05-26 16:15:24 -07:00
Herman Slatman
03c472359c
Add sync.WaitGroup for proper error handling in Run()
2021-05-26 16:14:57 -07:00
Herman Slatman
1cd0cb99f6
Add more template data
2021-05-26 16:13:58 -07:00
Herman Slatman
13fe7a0121
Make serving SCEP endpoints optional
...
Only when a SCEP provisioner is enabled, the SCEP endpoints
will now be available.
The SCEP endpoints will be served on an "insecure" server,
without TLS, only when an additional "insecureAddress" and a
SCEP provisioner are configured for the CA.
2021-05-26 16:13:57 -07:00
Herman Slatman
bcacd2f4da
Fix typo
2021-05-26 16:13:38 -07:00
Herman Slatman
a0242ad6ce
Add validation to SCEP Options
2021-05-26 16:13:38 -07:00