mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
2916 commits 33 branches 197 tags 41 MiB
Commit graph

2916 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mariano Cano
2db15e4eb5 Remove unnecessary log entries 
These log entries add CodeQL warnings and are not necessary because
our default http.ResponseWriter allows adding log entries.
 2022-08-11 18:14:36 -07:00
Mariano Cano
759aa26a57 Fix linter warning 2022-08-11 17:47:58 -07:00
Mariano Cano
90d2785776 Sanitize log entries in logging package 2022-08-11 17:44:31 -07:00
Mariano Cano
b62f4d1000 Add lgtm comments on some security warnings 2022-08-11 17:32:57 -07:00
Mariano Cano
a5439c43cd Remove ciphersuites without Lucky13 countermeasures 
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
 2022-08-11 17:11:04 -07:00
Mariano Cano
d6baad443b
Merge pull request #1008 from smallstep/endpoint-id 
Endpoint ID
 2022-08-11 15:18:47 -07:00
Mariano Cano
8bd0174251 Rename field to IsCAServerCert 2022-08-11 15:14:26 -07:00
Mariano Cano
5df1694250 Add endpoint id for the RA certificate 
In a linked RA mode, send an endpoint id to group the server
certificates.
 2022-08-11 14:47:11 -07:00
Max
20784c7a00
Merge pull request #1006 from smallstep/max/revoke-serial-validation 
Validate revocation serial number
 2022-08-11 09:45:26 -07:00
max furman
1dd0d7d0ee Update bad serial error to be more specific 2022-08-11 09:34:04 -07:00
max furman
73ba411e1d [action] parameterize golangci-lint version 2022-08-10 21:45:10 -07:00
Mariano Cano
eb091aec54 Simplify field names for ProvisionerInfo 2022-08-10 17:44:14 -07:00
Mariano Cano
a65adc032b
Merge pull request #1005 from smallstep/crypto-kms 
Use go.step.sm/crypto/kms
 2022-08-10 09:57:26 -07:00
max furman
7052a32c2c Validate revocation serial number 2022-08-09 11:04:00 -07:00
Mariano Cano
4985ab1d62 Remove kms package 2022-08-08 18:01:10 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms 
Fixes #975
 2022-08-08 17:58:18 -07:00
Max
3e2729e391
Merge pull request #989 from smallstep/max/disable-ssh-hosts 
Add attribute to disable SSH Hosts list API
 2022-08-08 14:15:35 -07:00
Mariano Cano
9f67a808cd
Merge pull request #1004 from smallstep/go-1.19 
Change actions to build using Go 1.19
 2022-08-08 12:35:49 -07:00
Mariano Cano
f1aabaa99c Use functions from os instead of io/ioutil 2022-08-08 12:12:53 -07:00
Mariano Cano
8445c29db6 Change actions to build using Go 1.19 
Fixes #998
 2022-08-08 12:01:18 -07:00
max furman
99c9155467 disableSSHHostsListAPI -> disableGetSSHHosts 2022-08-04 18:44:44 -07:00
Mariano Cano
38fb92452f
Merge pull request #993 from smallstep/ra-ids 
RA provisioner IDs
 2022-08-04 11:26:59 -07:00
Mariano Cano
22337da18c
Merge pull request #990 from qbit/master 
Update deps to bring in support for OpenBSD
 2022-08-04 11:26:37 -07:00
Mariano Cano
821743f71e Upgrade newrelic to v3 2022-08-04 11:16:11 -07:00
Aaron Bieber
135c481893 Update deps to bring in support for OpenBSD 
OpenBSD support was added to the following deps:
 - github.com/go-piv/piv-go in https://github.com/go-piv/piv-go/pull/101
 - github.com/newrelic/go-agent in https://github.com/newrelic/go-agent/pull/455
 - github.com/miekg/pkcs11 in https://github.com/miekg/pkcs11/pull/140

With these deps bumped, tests all pass on OpenBSD amd64.
 2022-08-04 11:38:15 -06:00
Mariano Cano
a2f7766943 Use released version of linkedca 2022-08-04 10:31:57 -07:00
Mariano Cano
c5c7c30cc2 Fix typo in ProvisionerInfo 2022-08-04 10:07:20 -07:00
Mariano Cano
64744562c6 Send RA provisioner to linkedca. 2022-08-03 18:44:25 -07:00
Mariano Cano
6b5d3dca95 Add provisioner name to RA info 2022-08-03 18:44:04 -07:00
Mariano Cano
9648fe6b4c Remove debug statement 2022-08-03 15:32:39 -07:00
Mariano Cano
a1f54921d2 Rename internal field 2022-08-03 12:07:45 -07:00
Mariano Cano
f9df8ac05f Remove unused interface 2022-08-03 12:03:49 -07:00
Mariano Cano
7a1e6a0e1f Fix and extend stepcas unit tests 2022-08-03 11:57:42 -07:00
Mariano Cano
9408d0f24b Send RA provisioner information to the CA 2022-08-02 19:28:49 -07:00
Mariano Cano
a8819376d3 Remove empty lines on debug information 
At the start of step-ca some information about the CA is displayed,
this change remove extra lines when displaying the ssh public keys.
 2022-08-02 16:05:04 -07:00
Max
87f28a7ec9
Create codeql-analysis.yml 2022-08-01 11:16:08 -07:00
Max
0efaf514d7
Create SECURITY.md 2022-07-29 15:17:05 -07:00
max furman
fb7f57a8df Add attribute to disable SSH Hosts list API 2022-07-27 23:30:00 -07:00
max furman
01423e36c9 [action] combine label and triage project add in one workflow 2022-07-24 22:38:34 -07:00
max furman
ffe7c00a10 Add changelog template 2022-07-06 15:04:55 -07:00
Carl Tashian
6814b7f5dd
Update README.md 2022-06-30 11:27:05 -06:00
Mariano Cano
f140874e42
Merge pull request #958 from smallstep/rsa-signature-algorithm 
Sign certificates with the issuer signature algorithm
 2022-06-16 15:08:10 -07:00
Mariano Cano
7ecb8c32aa
Update CHANGELOG.md 
Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
 2022-06-16 14:41:55 -07:00
Mariano Cano
dab2f7918d
Merge pull request #960 from smallstep/uri-1.19 
Split Go 1.19 problematic with build tags
 2022-06-16 11:22:23 -07:00
Mariano Cano
68a89fbb02 Split Go 1.19 problematic with build tags 2022-06-16 10:58:45 -07:00
Mariano Cano
ed778b7fc1
Merge pull request #956 from shuLhan/kms-uri-test-go119 
kms/uri: fix test on Parse for the next Go release
 2022-06-16 10:45:27 -07:00
Shulhan
0e7257a236
kms/uri: fix test on Parse for the next Go release 
The next Go release add field OmitHost to url.URL [1] which cause the
TestParse fail.
Since the CI supports two consecutive Go versions at the same times, we
copy the uri_test.go to uri_119_test.go for testing with Go 1.19.

While at it, print the got and want object using the same format
(%#v) and type (*URL) for consistency.

[1] https://go-review.googlesource.com/c/go/+/391294
 2022-06-17 00:32:08 +07:00
Mariano Cano
31af1efa48 Sign certificates with the issuer signature algorithm 
An RSA key can sign another certificates using the RSA PKCS#1
and the RSA-PSS scheme, this change will keep the signature
algorithm used in the issuer in the signed certificates instead
of using PKCS#1 by default.
 2022-06-15 19:10:58 -07:00
Mariano Cano
34f926804d
Merge pull request #954 from shuLhan/shulhan-gofmt 
all: reformat all go files with the next gofmt (Go 1.19)
 2022-06-15 18:11:51 -07:00
Mariano Cano
0b748f2d03
Merge pull request #955 from shuLhan/cas-cloudcas-test-go119 
cas/cloudcas: update test on createPublicKey for the next Go release
 2022-06-15 17:17:04 -07:00