Commit graph

1236 commits

Author SHA1 Message Date
Mariano Cano
8a10c5032f
Merge pull request #150 from smallstep/backdate
Add backdate support to the x509 and SSH certificates.
2020-01-08 12:52:31 -08:00
Mariano Cano
77af30bfa3 Remove debug statement. 2020-01-08 11:46:33 -08:00
Mariano Cano
f46dc03111 Add tests of profileLimitDuration with backdate. 2020-01-06 14:34:59 -08:00
Mariano Cano
165a91858e Add tests for backdate and sshDefaultDuration 2020-01-06 14:21:13 -08:00
Mariano Cano
7e33aeb8d3 Add unit test for profileDefaultDuration. 2020-01-06 12:19:00 -08:00
Mariano Cano
f06db4099e Add backdate support on ssh rekey. 2020-01-03 18:30:17 -08:00
Mariano Cano
935d0d4542 Add support for backdate to SSH certificates. 2020-01-03 18:22:52 -08:00
Mariano Cano
64e0a2ca6f Disable backdata on ca tests. 2020-01-03 18:16:45 -08:00
Mariano Cano
76c14560b0 Use errs package for HTTP errors. 2020-01-03 17:41:16 -08:00
Mariano Cano
50717b3ffa Update assert package. 2020-01-03 13:27:45 -08:00
Mariano Cano
e67ccd9e3d Add fault tolerance against clock skew accross system on TLS certificates. 2020-01-02 17:48:28 -08:00
max furman
967e86a48b Simplify trimming *. prefix of domain in acme dns validation. 2019-12-20 13:32:44 -08:00
Max
37d33968f1
Merge pull request #146 from anxolerd/normalize-wildcard
Perform domain normalization for wildcard domains
2019-12-20 13:29:24 -08:00
Oleksandr Kovalchuk
ec8ff0bced
Add testcase which ensures we pass correct domain to lookupTxt
Make sure we do not pass domains with asterisk (wildcard) in the middle,
like _acme-challenge.*.example.com to lookupTxt function, but preprocess
domain and remove leading wildcard so we lookup for
_acme-challenge.example.com.
2019-12-20 22:54:41 +02:00
Oleksandr Kovalchuk
46832bb9b3
Remove superflurous Printf statement
The statement was used for debug purposes and should not be included in
the final build
2019-12-20 22:22:12 +02:00
Oleksandr Kovalchuk
a995cca418
Perform domain normalization for wildcard domains
Perform domain normalization for wildcard domains, so we do query
TXT records for _acme-challenge.example.domain instead of
_acme-challenge.*.example.domain when performing DNS-01 challenge. In
this way the behavior is consistent with letsencrypt and records queried
are in sync with the ones that are shown in certbot manual mode.
2019-12-20 19:17:53 +02:00
Mariano Cano
1fa35491ea Update cli dependency. 2019-12-18 14:44:59 -08:00
Mariano Cano
eeabf5ba4c Fix tests. 2019-12-18 14:44:08 -08:00
Mariano Cano
a6deea7d8d Renew identity certificate in /ssh/rekey and /ssh/renew 2019-12-18 14:43:38 -08:00
Mariano Cano
0b5d37b284 Add method to just write the identity certificate. 2019-12-18 14:39:01 -08:00
Mariano Cano
839fe6b952 Add method to renew the identity. 2019-12-18 12:46:46 -08:00
max furman
aa58940582 Should be returning nil from applyIdentity if cert expired. 2019-12-17 15:53:37 -08:00
max furman
6200aeaad0 cli dep update 2019-12-17 14:39:08 -08:00
Max
bd6eca6342
Merge pull request #145 from smallstep/err 2019-12-17 14:33:48 -08:00
max furman
e5a8629a21 updating dependencies 2019-12-17 14:31:22 -08:00
max furman
cb78a087d5 Update cli dep 2019-12-17 14:30:18 -08:00
max furman
f9ef5070f9 Move api errors to their own package and modify the typedef 2019-12-17 14:26:02 -08:00
Mariano Cano
6d6f496331 Allow no provisioners. 2019-12-16 11:22:24 -08:00
Mariano Cano
ba11f6acb7 Update dependencies. 2019-12-13 13:59:11 -08:00
Mariano Cano
d210082113 Use new version of nosql. 2019-12-13 13:56:56 -08:00
Mariano Cano
7ecb831e07 Add wrappers to identity methods in the ca package. 2019-12-12 13:16:17 -08:00
Mariano Cano
3f71b8debd Add mTLS test for identity client. 2019-12-12 12:48:34 -08:00
Mariano Cano
3717c7a8d3 Improve identity tests. 2019-12-12 12:23:53 -08:00
Mariano Cano
0d9a9e083e Add identity client and move identity to a new package. 2019-12-11 20:23:44 -08:00
Mariano Cano
89b216c21e Fix test. 2019-12-11 18:24:32 -08:00
Mariano Cano
96b6989658 Addapt test to api change. 2019-12-11 18:21:20 -08:00
Mariano Cano
bde29b1bbd Addapt tests to the api change. 2019-12-11 18:18:13 -08:00
Mariano Cano
28b08ef46b Fail silently if the identity fails. 2019-12-11 16:27:37 -08:00
Mariano Cano
401fc20e96 Re-enable profiler. 2019-12-11 16:27:37 -08:00
max furman
623be4ef09 update cli dep 2019-12-11 14:56:50 -08:00
Max
1f42637ba1
Merge pull request #143 from smallstep/expired-cert
Expired cert
2019-12-11 14:55:21 -08:00
max furman
1e17ec7d33 Use x5cInsecure token for /ssh/check-host endpoint 2019-12-11 14:54:29 -08:00
Mariano Cano
7fe1eb8686 Add GetTransport to client. 2019-12-10 16:34:24 -08:00
Mariano Cano
e841a86b48 Make sure to define the KeyID from the token if available. 2019-12-10 16:34:01 -08:00
Mariano Cano
014d2c7ccd Go mod tidy. 2019-12-10 13:41:06 -08:00
Mariano Cano
40ec0b435a Add method to create an ssh token. 2019-12-10 13:40:14 -08:00
Mariano Cano
8eeb82d0ce Store renew certificate in the database. 2019-12-10 13:10:45 -08:00
Mariano Cano
50152391a3 Add leeway in identity not before. 2019-12-09 16:55:25 -08:00
max furman
2676d525c4 redundant variable type def 2019-12-09 12:54:32 -08:00
Mariano Cano
83129fd59f Add quotes in configuration paths. 2019-12-04 12:04:46 -08:00