Mariano Cano
66356cff43
Add attestation certificate validation for Apple devices
2022-07-14 17:10:03 -07:00
Brandon Weeks
274f6ccb41
iOS 16 beta 2 support
2022-06-23 05:43:24 +10:00
Brandon Weeks
7e1b0bebd9
iOS 16 beta 1 support
2022-06-23 05:19:36 +10:00
Brandon Weeks
77c6d10fd6
Verify key authorization is contained within the TPM quote extraData field
2022-06-23 05:19:36 +10:00
Brandon Weeks
e1ec31c0ed
Implement TPM attestation statement verification
2022-06-23 05:19:36 +10:00
Brandon Weeks
aacd6f4cc6
Add device-attest-01 challenge type
2022-06-23 05:19:36 +10:00
Mariano Cano
d1f75f1720
Refactor ACME api.
2022-04-28 19:15:18 -07:00
Herman Slatman
479c6d2bf5
Fix ACME IPv6 HTTP-01 challenges
...
Fixes #890
2022-04-07 12:37:34 +02:00
Herman Slatman
2d50c96d99
Merge branch 'master' into hs/acme-revocation
2021-11-19 17:00:18 +01:00
Herman Slatman
e7a988b2cd
Pin golangci-lint to v1.43.0 and fix issues
2021-11-13 01:30:03 +01:00
Herman Slatman
29f9730485
Satisfy golangci-lint
2021-11-12 17:13:10 +01:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
dc5205cc72
Extract the tls error code and fail accordingly.
2021-08-17 17:06:25 -07:00
Mariano Cano
ae58a0ee4e
Make tests compatible with Go 1.17.
...
With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
2021-08-17 16:31:53 -07:00
Herman Slatman
64c15fde7e
Add tests for canonicalize function
2021-06-25 14:07:40 +02:00
Herman Slatman
135e912ac8
Improve coverage for TLS-ALPN-01 challenge
2021-06-18 17:27:35 +02:00
Herman Slatman
523ae96749
Change identifier and challenge types to consts
2021-06-18 12:39:36 +02:00
Herman Slatman
af4803b8b8
Fix tests
2021-06-04 11:14:59 +02:00
Herman Slatman
0c79914d0d
Improve check for single IP in TLS-ALPN-01 challenge
2021-06-04 00:18:26 +02:00
Herman Slatman
a6405e98a9
Remove fmt.
2021-06-04 00:06:15 +02:00
Herman Slatman
2f40011da8
Add support for TLS-ALPN-01 challenge
2021-06-04 00:01:43 +02:00
Herman Slatman
3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers
2021-05-29 00:19:14 +02:00
max furman
6cfb9b790c
Remove check of deprecated value
...
- NegotiatedProtocolIsMutual is always true: Deprecated according to
golang docs
2021-04-13 14:53:05 -07:00
max furman
440678cb62
Add markInvalid arg to storeError for invalidating challenge
2021-03-29 22:58:26 -07:00
max furman
6b8585c702
PR review fixes / updates
2021-03-29 12:04:14 -07:00
max furman
b6ebc0fd25
more unit tests
2021-03-25 12:05:46 -07:00
max furman
206909b12e
[acme db interface] unit tests for challenge nosql db
2021-03-25 12:05:46 -07:00
max furman
20b9785d20
[acme db interface] continuing unit test work
2021-03-25 12:05:46 -07:00
max furman
80a6640103
[acme db interface] wip
2021-03-25 12:05:46 -07:00
max furman
1135ae04fc
[acme db interface] wip
2021-03-25 12:05:46 -07:00
max furman
03ba229bcb
[acme db interface] wip more errors
2021-03-25 12:05:46 -07:00
max furman
2ae43ef2dc
[acme db interface] wip errors
2021-03-25 12:05:46 -07:00
max furman
121cc34cca
[acme db interface] wip
2021-03-25 12:05:45 -07:00
max furman
461bad3fef
[acme db interface] wip
2021-03-25 12:05:45 -07:00
max furman
31ad7f2e9b
[acme] Continued work on acme db interface (wip)
2021-03-25 12:05:45 -07:00
max furman
20f8d950c4
Fix broken ValidateChallenge test
2020-12-18 11:18:42 -05:00
Mariano Cano
ba918100d0
Use go.step.sm/crypto/jose
...
Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
2020-08-24 14:44:11 -07:00
max furman
e1409349f3
Allow relative URL for all links in ACME api ...
...
* Pass the request context all the way down the ACME stack.
* Save baseURL in context and use when generating ACME urls.
2020-05-14 17:32:54 -07:00
Ivan Bertona
157686e338
Tiny finishes.
2020-02-07 19:57:29 -05:00
Ivan Bertona
6843408d42
Reject obsolete id-pe-acmeIdentifier.
2020-02-07 19:26:18 -05:00
Ivan Bertona
4b473732d9
Add support for TLS-ALPN-01 challenge.
2020-02-07 14:37:13 -05:00
max furman
967e86a48b
Simplify trimming *. prefix of domain in acme dns validation.
2019-12-20 13:32:44 -08:00
Oleksandr Kovalchuk
46832bb9b3
Remove superflurous Printf statement
...
The statement was used for debug purposes and should not be included in
the final build
2019-12-20 22:22:12 +02:00
Oleksandr Kovalchuk
a995cca418
Perform domain normalization for wildcard domains
...
Perform domain normalization for wildcard domains, so we do query
TXT records for _acme-challenge.example.domain instead of
_acme-challenge.*.example.domain when performing DNS-01 challenge. In
this way the behavior is consistent with letsencrypt and records queried
are in sync with the ones that are shown in certbot manual mode.
2019-12-20 19:17:53 +02:00
max furman
e3826dd1c3
Add ACME CA capabilities
2019-09-13 15:48:33 -07:00