Commit graph

2673 commits

Author SHA1 Message Date
Mike Malone
4fe55051a1 updated README and added issue templates for autocert 2019-02-11 16:59:14 -08:00
Mike Malone
bb31a1634e readme update and new connect-with-mtls.png 2019-02-11 14:52:22 -08:00
Michael Malone
6877e389fb
added step-ca.gif to readme 2019-02-11 14:22:37 -08:00
Michael Malone
6aa5e125d8
added step-ca.gif 2019-02-11 14:19:18 -08:00
Michael Malone
ea7a1f5478
dropped in animated gif real quick 2019-02-11 13:00:18 -08:00
Mike Malone
ea23f738cb connect with mtls diagram 2019-02-11 12:09:08 -08:00
Mike Malone
6cb5505026 updated docs 2019-02-08 14:21:07 -08:00
Mike Malone
d40911937f updated readme & added runbook 2019-02-08 09:42:57 -08:00
Mariano Cano
2e98febcd9 Add envoy hello mTLS example.
Fixes smallstep/ca-component#144
2019-02-07 15:30:37 -08:00
Mariano Cano
23c60d5f3f Remove unnecessary sleep. 2019-02-07 12:05:38 -08:00
Mariano Cano
b18e3638bc Revert "Remove unnecessary sleep"
This reverts commit 082eee63f1.
2019-02-07 12:05:13 -08:00
Mariano Cano
082eee63f1 Remove unnecessary sleep 2019-02-07 10:53:25 -08:00
max furman
cedf8784b6 dep update cli 2019-02-06 18:59:36 -08:00
Mariano Cano
262a9d0978
Merge pull request #27 from smallstep/mariano/renew-pool
SDK should update certificate pools safely
2019-02-06 16:56:38 -08:00
Mariano Cano
e0fff4d80b Fix typo. 2019-02-06 16:52:44 -08:00
Mariano Cano
f1f6c548ad Fix typo. 2019-02-06 16:48:20 -08:00
Mariano Cano
14fcf58903 Add client implementation of hello-mTLS using nodejs
Fixes smallstep/ca-component#138
2019-02-06 16:42:29 -08:00
Mariano Cano
8022ed80bc Add node to README.md 2019-02-06 16:42:29 -08:00
Mariano Cano
1197753f35 Add hello-mTLS server example using nodejs.
Fixes smallstep/ca-component#138
2019-02-06 16:42:29 -08:00
max furman
7e43402575 bug fix: don't add common name to CSR validation claims in Sign
* added unit test for this case
2019-02-06 16:26:25 -08:00
Mike Malone
0c53b0f310 rename cluster role & binding to match other binding names 2019-02-06 13:57:29 -08:00
Mike Malone
3a516d92aa check for permissions init autocert deploy script 2019-02-06 13:56:33 -08:00
Mariano Cano
74114a6234 Add hello-mTLS for nginx 2019-02-06 11:53:10 -08:00
Mariano Cano
758d829355 Fix tests. 2019-02-05 20:27:29 -08:00
max furman
47228cd9a0 dep ensure to update cli 2019-02-05 19:50:23 -08:00
max furman
f6bfb71602 cli dep sans -> master 2019-02-05 19:46:16 -08:00
Max
91f183a62a
Merge pull request #29 from smallstep/sans
Add SANs support
2019-02-05 21:40:19 -06:00
max furman
3415a1fef8 move SplitSANs to cli 2019-02-05 19:32:01 -08:00
Mariano Cano
975cb75fbd Fix typo. 2019-02-05 17:33:16 -08:00
Mariano Cano
3c06d6f9bc Fix comment. 2019-02-05 17:30:10 -08:00
Mariano Cano
e330ac547c Fix comment. 2019-02-05 17:29:28 -08:00
Mariano Cano
cd934bbede Remove println 2019-02-05 17:27:10 -08:00
max furman
6937bfea7b claims.SANS -> claims.SANs 2019-02-04 20:22:02 -08:00
max furman
93f39c64a0 backwards compat only when SANS empty 2019-02-04 20:02:56 -08:00
Mariano Cano
4c9dccd3f6 Allow multiple certificates in the root pem. 2019-02-04 10:29:52 -08:00
max furman
ab78534b08 add test for SAN backwards compatibility with CLI
* new provisioner tokens always contain the crt.Subject.CommonName
in the SANS attribute of the token claims. added tests that verifies
backwards compatibility still works in cases where the token does not
contain the subject as a SAN claim.
2019-02-01 12:24:21 -06:00
max furman
fe8c8614b2 SANS backwards compat when token missing sujbect SAN 2019-02-01 12:18:10 -06:00
max furman
e6e8443f3c allow multiple identical SANs in cert 2019-01-31 11:20:21 -06:00
max furman
f0683c2e0a Enable signing certificates with custom SANs
* validate against SANs in token. must be 1:1 equivalent.
2019-01-30 18:21:03 -06:00
Sebastian Tiedtke
55155d1207 Change readme formatting 2019-01-28 17:36:32 -06:00
Sebastian Tiedtke
754670ad12
Add basic federation example (#26)
Add basic federation example
2019-01-28 17:31:06 -06:00
Mariano Cano
025e36bf10
Merge pull request #28 from pallas/fix-overflow
authority/provisioners: fix overflow on 32-bit systems
2019-01-28 08:32:35 -08:00
Derrick Lyndon Pallas
7a5c4a1112 authority/provisioners: fix overflow on 32-bit systems
In Go, len returns signed ints, not unsigned ints; consequently, this code
comparison overflows on 32-bit systems, like ARM.
2019-01-28 00:54:15 +00:00
Mike Malone
e70a5dae7d updated README.md 2019-01-25 21:31:03 -08:00
Mike Malone
32c7be6f9d fixed mtls handshake diagram 2019-01-25 21:04:57 -08:00
Mike Malone
1f68bfe7ad mtls handshake diagram 2019-01-25 20:58:06 -08:00
Mike Malone
f58000c28f hello-mtls examples 2019-01-24 17:22:36 -08:00
Mike Malone
8e1505d03f new diagrams 2019-01-23 20:43:19 -08:00
Mike Malone
0fabc06fbb new demo gif 2019-01-23 18:33:56 -08:00
Mariano Cano
d394dd233a Initiate default RootCAs/ClientCAs when no options are passed. 2019-01-23 14:33:16 -08:00