Herman Slatman
76dcf542d4
Fix mixed DNS and IP SANs in Order
2021-06-03 22:45:24 +02:00
Herman Slatman
af615db6b5
Support DNS and IPs as SANs in single Order
2021-06-03 22:03:21 +02:00
Herman Slatman
a0e92f8e99
Verify IP identifier contains valid IP
2021-06-03 22:02:13 +02:00
Herman Slatman
6486e6016b
Make logic for which challenge types to use clearer
2021-05-29 00:37:22 +02:00
Herman Slatman
3e36522329
Add preliminary support for TLS-ALPN-01 challenge for IP identifiers
2021-05-29 00:19:14 +02:00
Herman Slatman
848b5202a5
Merge branch 'master' into hs/ip-verification
2021-05-28 16:42:05 +02:00
Herman Slatman
6d9710c88d
Add initial support for ACME IP validation
2021-05-28 16:40:46 +02:00
Mariano Cano
8d7c3d2f08
Merge pull request #506 from hslatman/hs/scep
...
Add SCEP support
2021-05-26 11:12:32 -07:00
max furman
781e0c4b86
[action] forgot to add default labeler config file
2021-05-25 12:49:03 -07:00
max furman
1be1ed1236
[action] labeler to v3 and use default config path location
2021-05-25 12:45:40 -07:00
Herman Slatman
bc2bb53009
Merge branch 'master' into hs/scep
2021-05-20 21:35:44 +02:00
Herman Slatman
375687cd1b
Add setup for Authority tests
2021-05-20 21:31:52 +02:00
Mariano Cano
f84c8f846a
Upgrade x/crypto
...
Although this does not affects us the old version had the vulnerability
CVE-2020-29652
2021-05-18 19:16:13 -07:00
Carl Tashian
850b15932d
Merge pull request #571 from smallstep/carl/makefile-clean
...
Remove binary-* recipes from Makefile
2021-05-18 09:39:59 -07:00
max furman
b205f50412
bump crypto to 0.8.3 and go mod tidy
2021-05-13 12:14:11 -07:00
Carl Tashian
07cf037d6e
Remove binary-* recipes from Makefile
2021-05-11 07:54:36 -07:00
Carl Tashian
f83ccc31d1
Merge pull request #570 from smallstep/carl/arm6
...
Add arm6 to goreleaser
2021-05-11 07:17:27 -07:00
Carl Tashian
fc31df34cf
Zip the windows release
2021-05-10 16:58:20 -07:00
Carl Tashian
2a70ac2d0e
Take 2 on arm6
2021-05-10 16:36:02 -07:00
Carl Tashian
e305940448
Small docs cleanup
2021-05-10 15:14:29 -07:00
Carl Tashian
6f0f023d2c
Small docs cleanup
2021-05-10 14:43:05 -07:00
Carl Tashian
08f9bc0031
Merge pull request #567 from FibreFoX/master
...
Added missing hints for running step-ca on Raspberry Pi
2021-05-10 13:04:32 -07:00
Carl Tashian
8e1343224c
Add arm6 to goreleaser
2021-05-10 09:59:33 -07:00
FibreFoX
9607691f9c
Added missing hints for running step-ca on Raspberry Pi
...
See #351 , #344 , #279
2021-05-08 22:28:22 +02:00
Mariano Cano
1788d09b44
Merge pull request #566 from smallstep/ed25519-improvements
...
Ed25519 improvements
2021-05-07 10:05:46 -07:00
Herman Slatman
877fc9ae8c
Add tests for CreateDecrypter
2021-05-07 15:32:07 +02:00
Mariano Cano
26e7cc6177
Allow to use the SDK with ed25519 keys.
2021-05-06 18:10:12 -07:00
Mariano Cano
c1c986922b
Show Ed25519 in the public-key log field.
2021-05-06 18:09:40 -07:00
Herman Slatman
a3ec890e71
Fix small typo in divisible
2021-05-07 00:31:34 +02:00
Herman Slatman
54610e890b
Improve error logging
2021-05-07 00:23:09 +02:00
Herman Slatman
d0a9cbc797
Change fmt to errors package for formatting errors
2021-05-07 00:22:06 +02:00
Herman Slatman
ff1b46c95d
Add configuration option for specifying the minimum public key length
...
Instead of using the defaultPublicKeyValidator a new validator called
publicKeyMinimumLengthValidator has been implemented that uses a
configurable minimum length for public keys in CSRs.
It's also an option to alter the defaultPublicKeyValidator to also
take a parameter, but that would touch quite some lines of code. This
might be a viable option after merging SCEP support.
2021-05-06 22:56:28 +02:00
Herman Slatman
c04f556dc2
Merge branch 'master' into hs/scep
2021-05-06 22:00:29 +02:00
Mariano Cano
5a6517ca5b
Merge pull request #561 from LecrisUT/master
...
Check admin privileges from group membership
2021-05-05 16:57:13 -07:00
Cristian Le
d7eec869c2
Fix the previous tests
2021-05-05 10:37:30 +09:00
Cristian Le
c2d30f7260
gofmt everything
2021-05-05 10:29:47 +09:00
Cristian Le
f38a72a62b
Leftover from previous commit
2021-05-05 10:17:08 +09:00
Cristian Le
1d2445e1d8
Removed the variadic username
...
Could be useful later on, but for the current PR changes should be minimized
2021-05-05 10:12:38 +09:00
Cristian Le
9e00b82bdf
Revert oidc_test.go
...
Moving the `preferred_username` to a separate PR
2021-05-05 08:49:03 +09:00
Cristian Le
cd67d64eec
Merge remote-tracking branch 'origin/master'
2021-05-05 08:16:14 +09:00
Cristian Le
decf0fc8ce
Revert using preferred_username
...
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:15:26 +09:00
Cristian Le
21732f213b
Fix shadow issue in CI
2021-05-05 08:15:26 +09:00
Mariano Cano
08e5ec6ad1
Fix IsAdminGroup comment.
2021-05-05 08:15:26 +09:00
Mariano Cano
46c1dc80fb
Use map[string]struct{} instead of map[string]bool
2021-05-05 08:15:26 +09:00
Mariano Cano
aafac179a5
Add test for oidc with preferred usernames.
2021-05-05 08:15:26 +09:00
Cristian Le
f730c0bec4
Sanitize usernames
2021-05-05 08:15:26 +09:00
Cristian Le
48666792c7
Draft: adding usernames to GetIdentityFunc
2021-05-05 08:15:26 +09:00
Cristian Le
79eec83f3e
Rename and reformat to PreferredUsername
2021-05-05 08:15:26 +09:00
Cristian Le
09a21fef26
Implement #550
...
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-05-05 08:15:26 +09:00
Cristian Le
bb1e051b27
Revert using preferred_username
...
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:12:17 +09:00