Mariano Cano
c7f226bcec
Add support for renew when using stepcas
...
It supports renewing X.509 certificates when an RA is configured with stepcas.
This will only work when the renewal uses a token, and it won't work with mTLS.
The audience cannot be properly verified when an RA is used, to avoid this we
will get from the database if an RA was used to issue the initial certificate
and we will accept the renew token.
Fixes #1021 for stepcas
2022-11-04 16:42:07 -07:00
Mariano Cano
068a2dae8e
Merge pull request #1155 from smallstep/acme-port-flags
...
Use the same style of flags
2022-11-04 10:41:30 -07:00
Mariano Cano
e00781873e
Update commands/app.go
...
Co-authored-by: Max <mx.furman@gmail.com>
2022-11-04 10:41:06 -07:00
Mariano Cano
bae9a0c152
Use the same style of flags
...
It changes the new step-ca flags to use a standard style.
2022-11-04 10:31:11 -07:00
Mariano Cano
6c0cb23125
Merge pull request #1153 from smallstep/acme-port
...
Add support for custom acme ports
2022-11-03 20:53:48 -07:00
Mariano Cano
e27c6c529b
Add support for custom acme ports
...
This change adds the flags --acme-http-port, --acme-tls-port, that
combined with --insecure can be used to set custom ports for ACME
http-01 and tls-alpn-01 challenges. These flags should only be used
for testing purposes.
Fixes #1015
2022-11-03 16:58:25 -07:00
Max
9d90d0cef3
Merge pull request #1152 from smallstep/max/cosign-experimental
...
[action] Add COSIGN_EXPERIMENTAL env var to cosign release docs
2022-11-02 09:58:51 -07:00
max furman
3728cee02a
[action] Add COSIGN_EXPERIMENTAL env var to cosign release docs
2022-11-01 18:50:12 -07:00
Max
be8c0b4531
Merge pull request #1151 from smallstep/max/gomod
...
go.mod syntax
2022-10-31 12:04:03 -07:00
max furman
4ccc9a0c32
go.mod syntax
2022-10-31 12:01:18 -07:00
Max
6136dbb196
Merge pull request #1147 from smallstep/dependabot/go_modules/cloud.google.com/go-0.105.0
...
Bump cloud.google.com/go from 0.104.0 to 0.105.0
2022-10-31 12:00:28 -07:00
dependabot[bot]
bd577e7531
Bump cloud.google.com/go from 0.104.0 to 0.105.0
...
Bumps [cloud.google.com/go](https://github.com/googleapis/google-cloud-go ) from 0.104.0 to 0.105.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/v0.104.0...v0.105.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 18:54:46 +00:00
Max
e53a4b2ed5
Merge pull request #1149 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.22.0
...
Bump go.step.sm/crypto from 0.21.0 to 0.22.0
2022-10-31 11:53:27 -07:00
dependabot[bot]
917d8dc103
Bump go.step.sm/crypto from 0.21.0 to 0.22.0
...
Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto ) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/smallstep/crypto/releases )
- [Commits](https://github.com/smallstep/crypto/compare/v0.21.0...v0.22.0 )
---
updated-dependencies:
- dependency-name: go.step.sm/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 17:29:34 +00:00
Max
b85b52d7b5
Merge pull request #1148 from smallstep/dependabot/go_modules/google.golang.org/api-0.101.0
...
Bump google.golang.org/api from 0.100.0 to 0.101.0
2022-10-31 10:29:31 -07:00
Max
ea3f2fee7b
Merge pull request #1150 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.8.2
...
Bump github.com/hashicorp/vault/api from 1.8.1 to 1.8.2
2022-10-31 10:29:00 -07:00
Max
9d9236c985
Merge pull request #1146 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.9.0
...
Bump cloud.google.com/go/security from 1.8.0 to 1.9.0
2022-10-31 10:27:23 -07:00
dependabot[bot]
d26414a864
Bump github.com/hashicorp/vault/api from 1.8.1 to 1.8.2
...
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/hashicorp/vault/releases )
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 15:29:30 +00:00
dependabot[bot]
22d2c1c31f
Bump google.golang.org/api from 0.100.0 to 0.101.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.100.0 to 0.101.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.100.0...v0.101.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 15:28:56 +00:00
dependabot[bot]
4e077f997e
Bump cloud.google.com/go/security from 1.8.0 to 1.9.0
...
Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go ) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.8.0...asset/v1.9.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 15:28:32 +00:00
Max
995b6d1b6c
Merge pull request #1142 from smallstep/max/keyless-cosign
...
[action] keyless cosign for all release artifacts
2022-10-29 17:22:51 -07:00
max furman
c36b36f070
[action] cosign over docker image digest
2022-10-27 22:50:04 -07:00
Mariano Cano
3e0b603eb4
Merge pull request #731 from unreality/crl-support
...
Support for CRL
2022-10-27 12:35:06 -07:00
Mariano Cano
2d582e5694
Remove use of time.Duration.Abs
...
time.Duration.Abs() was added in Go 1.19
2022-10-27 12:20:13 -07:00
Mariano Cano
89c8c6d0a0
Fix package name in tls test
2022-10-27 12:06:38 -07:00
Mariano Cano
f066ac3d40
Remove buggy logic on GetRevokedCertificates()
2022-10-27 11:58:01 -07:00
Mariano Cano
51c7f56030
Truncate time to the second
2022-10-27 11:57:48 -07:00
Mariano Cano
6d4fd7d016
Update changelog with CRL support
2022-10-27 11:39:44 -07:00
Mariano Cano
812fee7630
Start crl generator before setting initOnce
2022-10-27 11:38:30 -07:00
Mariano Cano
59775fff0c
Merge branch 'master' into crl-support
2022-10-27 10:13:19 -07:00
Mariano Cano
8200d19894
Improve CRL implementation
...
This commit adds some changes to PR #731 , some of them are:
- Add distribution point to the CRL
- Properly stop the goroutine that generates the CRLs
- CRL config validation
- Remove expired certificates from the CRL
- Require enable set to true to generate a CRL
This last point is the principal change in behaviour from the previous
implementation. The CRL will not be generated if it's not enabled, and
if it is enabled it will always be regenerated at some point, not only
if there is a revocation.
2022-10-26 18:55:24 -07:00
max furman
c43d59a69a
[action] keyless cosign for all release artifacts
2022-10-25 21:52:35 -07:00
Herman Slatman
0af15a0538
Merge pull request #1140 from smallstep/herman/remote-management-helm
...
Add provisioner and super admin subject output to `ca init`
2022-10-25 22:52:12 +02:00
Herman Slatman
a9359522e6
Add provisioner and super admin subject output to ca init
...
When initializing a CA with `--remote-management`, it wasn't made
clear that the default JWK provisioner is used when authenticating
for administration purposes and that a default `step` user is
created to login with. This commit adds some additional information
to the CLI output on completion of `ca init`.
2022-10-25 11:48:17 +02:00
Herman Slatman
a718359b7f
Merge pull request #1075 from smallstep/herman/remote-management-helm
...
Add `enableAdmin` and `enableACME` to Helm values.yml generation
2022-10-25 10:19:18 +02:00
Mariano Cano
2e39b6305e
Merge pull request #1139 from smallstep/update-pkcs7
...
Upgrade pkcs7 to the latest patches branch
2022-10-24 18:49:30 -07:00
Herman Slatman
b9f238ad4d
Add additional ACME meta
properties to provisioner configuration
2022-10-24 22:37:57 +02:00
Mariano Cano
aed1738ad0
Upgrade pkcs7 to the latest patches branch
...
smallstep/pkcs7@patches includes now support for generic Decrypter
methods, so KMS can be used instead of a key in disk with SCIM
2022-10-24 11:07:28 -07:00
Max
c407354c70
Merge pull request #1137 from smallstep/dependabot/go_modules/google.golang.org/api-0.100.0
...
Bump google.golang.org/api from 0.99.0 to 0.100.0
2022-10-24 09:18:31 -07:00
Max
25340c2bf6
Merge pull request #1138 from smallstep/dependabot/go_modules/github.com/stretchr/testify-1.8.1
...
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
2022-10-24 09:14:13 -07:00
dependabot[bot]
3e96113162
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 15:45:07 +00:00
dependabot[bot]
016973fd2b
Bump google.golang.org/api from 0.99.0 to 0.100.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.99.0 to 0.100.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.99.0...v0.100.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 15:44:56 +00:00
Herman Slatman
e90fe4bfa0
Update CHANGELOG.md with provisioner migration
2022-10-24 16:34:34 +02:00
Herman Slatman
9d04e7d1dc
Remove period in log output
2022-10-24 15:33:48 +02:00
Herman Slatman
54c560f620
Improve configuration file initialization log output
2022-10-24 15:22:37 +02:00
Herman Slatman
fd38dd34f9
Fix PR comments
2022-10-24 14:51:27 +02:00
Herman Slatman
c9793561ff
Make meta
object optional in ACME directory response
...
Harware appliances from Kemp seem to validate the contents of the
`meta` object, even if none of the properties in the `meta` object
is set. According to the RFC, the `meta` object, as well as its
properties are optional, so technically this should be fixed by
the manufacturer.
This commit is to see if we validation of the `meta` object is
skipped if it's not available in the response.
2022-10-24 14:14:28 +02:00
Herman Slatman
49718f1bbb
Fix some comments
2022-10-21 11:48:59 +02:00
Herman Slatman
70da534893
Merge branch 'master' into herman/remote-management-helm
2022-10-21 11:09:57 +02:00
Mariano Cano
398213af51
Merge pull request #1123 from smallstep/renew-raw-subject
...
Use RawSubject on renew and rekey
2022-10-20 10:41:46 -07:00