Commit graph

2883 commits

Author SHA1 Message Date
Brandon Weeks
274f6ccb41 iOS 16 beta 2 support 2022-06-23 05:43:24 +10:00
Brandon Weeks
7e1b0bebd9 iOS 16 beta 1 support 2022-06-23 05:19:36 +10:00
Brandon Weeks
77c6d10fd6 Verify key authorization is contained within the TPM quote extraData field 2022-06-23 05:19:36 +10:00
Brandon Weeks
e1ec31c0ed Implement TPM attestation statement verification 2022-06-23 05:19:36 +10:00
Brandon Weeks
2ac8b69da2 Add ACME permanent-identifier identifier type 2022-06-23 05:19:36 +10:00
Brandon Weeks
aacd6f4cc6 Add device-attest-01 challenge type 2022-06-23 05:19:36 +10:00
Brandon Weeks
09b9673a60 Run on plaintext HTTP to support Cloud Run 2022-06-23 05:19:36 +10:00
Brandon Weeks
860baeb1c5 Verbose debug logging 2022-06-23 05:19:36 +10:00
Mariano Cano
f140874e42
Merge pull request #958 from smallstep/rsa-signature-algorithm
Sign certificates with the issuer signature algorithm
2022-06-16 15:08:10 -07:00
Mariano Cano
7ecb8c32aa
Update CHANGELOG.md
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
2022-06-16 14:41:55 -07:00
Mariano Cano
dab2f7918d
Merge pull request #960 from smallstep/uri-1.19
Split Go 1.19 problematic with build tags
2022-06-16 11:22:23 -07:00
Mariano Cano
68a89fbb02 Split Go 1.19 problematic with build tags 2022-06-16 10:58:45 -07:00
Mariano Cano
ed778b7fc1
Merge pull request #956 from shuLhan/kms-uri-test-go119
kms/uri: fix test on Parse for the next Go release
2022-06-16 10:45:27 -07:00
Shulhan
0e7257a236
kms/uri: fix test on Parse for the next Go release
The next Go release add field OmitHost to url.URL [1] which cause the
TestParse fail.
Since the CI supports two consecutive Go versions at the same times, we
copy the uri_test.go to uri_119_test.go for testing with Go 1.19.

While at it, print the got and want object using the same format
(%#v) and type (*URL) for consistency.

[1] https://go-review.googlesource.com/c/go/+/391294
2022-06-17 00:32:08 +07:00
Mariano Cano
31af1efa48 Sign certificates with the issuer signature algorithm
An RSA key can sign another certificates using the RSA PKCS#1
and the RSA-PSS scheme, this change will keep the signature
algorithm used in the issuer in the signed certificates instead
of using PKCS#1 by default.
2022-06-15 19:10:58 -07:00
Mariano Cano
34f926804d
Merge pull request #954 from shuLhan/shulhan-gofmt
all: reformat all go files with the next gofmt (Go 1.19)
2022-06-15 18:11:51 -07:00
Mariano Cano
0b748f2d03
Merge pull request #955 from shuLhan/cas-cloudcas-test-go119
cas/cloudcas: update test on createPublicKey for the next Go release
2022-06-15 17:17:04 -07:00
Shulhan
ee53530d1f
cas/cloudcas: update test on createPublicKey for the next Go release
The next Go release call panic on elliptic.Marshal [1][2], which
affect the test case fail_ec_marshal on createPublicKey.

This changes fix this by initializing the P and B in test case
PublicKey CurveParams to prevent panic.

[1] https://github.com/golang/go/issues/50975
[2] a218b3520a
2022-06-16 03:01:38 +07:00
Shulhan
fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19)
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
2022-06-16 01:28:59 +07:00
Mariano Cano
304cc5a70f
Merge pull request #950 from gdbelvin/pinsrc
step-pkcs11-init pin-file support
2022-06-09 14:41:11 -07:00
Gary Belvin
fed09047f9 pinfile 2022-06-09 13:51:14 -04:00
Max
34d141e4d5
Merge pull request #945 from smallstep/changelog-update
Update changelog
2022-05-26 11:06:30 -07:00
max furman
5e56a7b4ec Changelog update for 0.20.0
- added line for new WithOptions on authority Init
2022-05-26 10:57:05 -07:00
Herman Slatman
b4b9893fcd Update changelog 2022-05-26 10:57:03 -07:00
Mariano Cano
6d580a69e8 Update changelog 2022-05-26 10:56:24 -07:00
Mariano Cano
de00e01f1b
Merge pull request #947 from smallstep/fix-ssh-revocation
Fix SSH certificate revocation
2022-05-25 17:24:45 -07:00
Mariano Cano
2adf8caac7 Fix Dependabot warning on an indirect dependency 2022-05-25 17:11:45 -07:00
Mariano Cano
9c049eec5a Add revoke ssh unit test 2022-05-25 17:10:07 -07:00
Mariano Cano
ce9a23a0f7 Fix SSH certificate revocation 2022-05-25 16:55:22 -07:00
Herman Slatman
abfbbc8d49
Merge pull request #946 from smallstep/herman/acme-csr-padding
Strip base64-url padding from ACME CSR
2022-05-25 23:25:34 +02:00
Herman Slatman
fd546287ac
Strip base64-url padding from ACME CSR
This commit strips the padding from a base64-url encoded CSR
submitted by a client that doesn't use raw base64-url encoding.
2022-05-25 22:46:26 +02:00
Herman Slatman
a564b4f32e
Merge pull request #944 from smallstep/herman/tls-wasm-client
Set nil dial context for js/wasm runtime
2022-05-25 22:35:18 +02:00
Herman Slatman
a7dd3a986f
Set nil dial context for js/wasm runtime 2022-05-25 16:51:26 +02:00
Mariano Cano
911cec21da
Merge pull request #943 from smallstep/ssh-renew-provisioner
Add provisioner to SSH renewals
2022-05-23 17:21:55 -07:00
Mariano Cano
94f5b92513 Use proper context in authority package 2022-05-23 15:31:43 -07:00
Mariano Cano
1be74eca62 Merge branch 'master' into ssh-renew-provisioner 2022-05-23 14:31:15 -07:00
Mariano Cano
539bfddba5
Merge pull request #914 from smallstep/context-authority
Retrieve authority from the context
2022-05-23 14:12:58 -07:00
Mariano Cano
e7f4eaf6c4 Remove explicit deprecation notice
This will avoid linter errors on other projects for now.
2022-05-23 14:04:31 -07:00
Mariano Cano
26dd97e718 Merge branch 'master' into context-authority 2022-05-23 12:36:16 -07:00
Mariano Cano
02fd0e7170
Merge pull request #913 from delamart/master
Vault Kubernetes Auth
2022-05-23 12:08:01 -07:00
Erik DeLamarter
07984a968f
better error messages
Co-authored-by: Mariano Cano <mariano.cano@gmail.com>
2022-05-21 21:11:52 +02:00
Erik De Lamarter
9ec154aab0
rewrite and improve secret-id config 2022-05-21 21:06:15 +02:00
Erik De Lamarter
6989c7f146
vault auth unit tests 2022-05-21 21:06:15 +02:00
Erik De Lamarter
6c44291d8d
refactor vault auth 2022-05-21 21:06:15 +02:00
Erik De Lamarter
dec1067add
vault kubernetes auth 2022-05-21 21:06:14 +02:00
Mariano Cano
6b3a8f22f3 Add provisioner to SSH renewals
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
2022-05-20 14:41:44 -07:00
Mariano Cano
3c4d0412ef
Merge pull request #941 from smallstep/ssh-provisioner
Report SSH provisioner
2022-05-20 12:24:30 -07:00
Mariano Cano
eebbd65dd5 Fix linter error 2022-05-20 12:03:36 -07:00
Max
f8148071fb
Merge pull request #915 from smallstep/max/removing-beta
exposing authority configuration for provisioner cli commands
2022-05-19 22:53:59 -07:00
max furman
5443aa073a gofmt -s 2022-05-19 22:46:25 -07:00