Mariano Cano
6d580a69e8
Update changelog
2022-05-26 10:56:24 -07:00
Mariano Cano
de00e01f1b
Merge pull request #947 from smallstep/fix-ssh-revocation
...
Fix SSH certificate revocation
2022-05-25 17:24:45 -07:00
Mariano Cano
2adf8caac7
Fix Dependabot warning on an indirect dependency
2022-05-25 17:11:45 -07:00
Mariano Cano
9c049eec5a
Add revoke ssh unit test
2022-05-25 17:10:07 -07:00
Mariano Cano
ce9a23a0f7
Fix SSH certificate revocation
2022-05-25 16:55:22 -07:00
Herman Slatman
abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding
...
Strip base64-url padding from ACME CSR
2022-05-25 23:25:34 +02:00
Herman Slatman
fd546287ac
Strip base64-url padding from ACME CSR
...
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
2022-05-25 22:46:26 +02:00
Herman Slatman
a564b4f32e
Merge pull request #944 from smallstep/herman/tls-wasm-client
...
Set nil dial context for js/wasm runtime
2022-05-25 22:35:18 +02:00
Herman Slatman
a7dd3a986f
Set nil dial context for js/wasm runtime
2022-05-25 16:51:26 +02:00
Mariano Cano
911cec21da
Merge pull request #943 from smallstep/ssh-renew-provisioner
...
Add provisioner to SSH renewals
2022-05-23 17:21:55 -07:00
Mariano Cano
94f5b92513
Use proper context in authority package
2022-05-23 15:31:43 -07:00
Mariano Cano
1be74eca62
Merge branch 'master' into ssh-renew-provisioner
2022-05-23 14:31:15 -07:00
Mariano Cano
539bfddba5
Merge pull request #914 from smallstep/context-authority
...
Retrieve authority from the context
2022-05-23 14:12:58 -07:00
Mariano Cano
e7f4eaf6c4
Remove explicit deprecation notice
...
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
26dd97e718
Merge branch 'master' into context-authority
2022-05-23 12:36:16 -07:00
Mariano Cano
02fd0e7170
Merge pull request #913 from delamart/master
...
Vault Kubernetes Auth
2022-05-23 12:08:01 -07:00
Erik DeLamarter
07984a968f
better error messages
...
Co-authored-by: Mariano Cano <mariano.cano@gmail.com>
2022-05-21 21:11:52 +02:00
Erik De Lamarter
9ec154aab0
rewrite and improve secret-id config
2022-05-21 21:06:15 +02:00
Erik De Lamarter
6989c7f146
vault auth unit tests
2022-05-21 21:06:15 +02:00
Erik De Lamarter
6c44291d8d
refactor vault auth
2022-05-21 21:06:15 +02:00
Erik De Lamarter
dec1067add
vault kubernetes auth
2022-05-21 21:06:14 +02:00
Mariano Cano
6b3a8f22f3
Add provisioner to SSH renewals
...
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
3c4d0412ef
Merge pull request #941 from smallstep/ssh-provisioner
...
Report SSH provisioner
2022-05-20 12:24:30 -07:00
Mariano Cano
eebbd65dd5
Fix linter error
2022-05-20 12:03:36 -07:00
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
...
exposing authority configuration for provisioner cli commands
2022-05-19 22:53:59 -07:00
max furman
5443aa073a
gofmt -s
2022-05-19 22:46:25 -07:00
max furman
8ca9442fe9
Add -s to make fmt and bump golangci-lint to 1.45.2
2022-05-19 22:40:47 -07:00
Max
586e4fd3b5
Update authority/options.go
...
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2022-05-19 22:26:20 -07:00
Mariano Cano
1ad75a3bdb
Skip failing test for now
...
This test fails randomly on VMs, there's an issue to fix this so
skipping it for now
2022-05-19 18:51:51 -07:00
Mariano Cano
dd985ce154
Clarify errors when sending renewed certificates
2022-05-19 18:41:13 -07:00
Mariano Cano
a627f21440
Fix AuthorizeSSHSign tests with extra SignOption
2022-05-18 18:51:36 -07:00
Mariano Cano
e7d7eb1a94
Add provisioner as a signOption for SSH
2022-05-18 18:42:42 -07:00
Mariano Cano
293586079a
Store provisioner with SignSSH
...
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
2022-05-18 18:33:53 -07:00
Mariano Cano
c8d7ad7ab9
Fix store certificates methods with new interface
2022-05-18 18:33:22 -07:00
Mariano Cano
de99c3cac0
Report provisioner and parent on linkedca
2022-05-18 18:30:53 -07:00
Mariano Cano
20b2c6a201
Extract cert storer methods from AuthDB
...
To be able to extend the AuthDB with methods that also extend the
provisioner we need to either create a new method or to split the
interface. This change splits the interface so we can have a cleaner
implementation.
2022-05-18 18:27:37 -07:00
Herman Slatman
9e05cc4d51
Merge pull request #940 from smallstep/herman/improve-renew-expired-cert-error
...
Improve error message when client renews with expired certificate
2022-05-19 01:46:01 +02:00
Herman Slatman
479eda7339
Improve error message when client renews with expired certificate
...
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.
This commit returns a slightly more informational message to the
client in this specific situation.
2022-05-19 01:25:30 +02:00
max furman
fff00aca78
Updates to issue templates
2022-05-18 15:56:40 -07:00
max furman
bfb406bf70
Fixes for PR review
2022-05-18 09:43:32 -07:00
Herman Slatman
14524d7916
Merge pull request #938 from smallstep/herman/update-crypto-0.16.2
...
Update go.step.sm/crypto to v0.16.2
2022-05-18 09:15:18 +02:00
Herman Slatman
d1ab1d5431
Merge branch 'master' into herman/update-crypto-0.16.2
2022-05-18 09:11:38 +02:00
Herman Slatman
984e4fcff8
Merge pull request #932 from smallstep/herman/pkcs7-patches
...
Use github.com/smallstep/pkcs7 fork with (selected) patches applied
2022-05-18 09:10:48 +02:00
Herman Slatman
b75ce3acbd
Update to go.step.sm/crypto v0.16.2
...
This patch release of go.step.sm/crypto fixes an issue with
not all `Subject` names being available for usage in a template
as `ExtraNames`.
2022-05-17 23:39:01 +02:00
Mariano Cano
400b1ece0b
Remove scep handler after merge.
2022-05-12 17:39:36 -07:00
Mariano Cano
898ca41268
Merge branch 'master' into context-authority
2022-05-12 17:14:46 -07:00
Herman Slatman
ea084d71fb
Merge pull request #933 from smallstep/herman/allow-deny
...
Fix check for admin not belonging to provisioner that policy applies to
2022-05-12 16:42:26 +02:00
Herman Slatman
c695b23e24
Fix check for admin not belonging to policy
2022-05-12 16:33:32 +02:00
max furman
25b8d196d8
Couple changes in response to PR
...
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
admins when not using Admin API
2022-05-11 17:04:43 -07:00
Mariano Cano
d0c0733691
Merge pull request #924 from vijayjt/vijayt/helmchart-kms
...
Allow KMS type to be specified in the helm chart values YAML
2022-05-11 14:14:25 -07:00