Raal Goff
|
d0e81af524
|
Merge branch 'master' into crl-support
|
2022-09-30 08:45:48 +08:00 |
|
Mariano Cano
|
567d96c771
|
Revert "Run on plaintext HTTP to support Cloud Run"
This reverts commit 09b9673a60 .
|
2022-09-20 18:57:46 -07:00 |
|
Brandon Weeks
|
f3d2bd7a19
|
Run on plaintext HTTP to support Cloud Run
|
2022-09-20 16:43:30 -07:00 |
|
max furman
|
ab0d2503ae
|
Standardize linting file and fix or ignore lots of linting errors
|
2022-09-20 16:35:41 -07:00 |
|
Mariano Cano
|
4e19aa4c52
|
Add cache duration if crl is set
|
2022-09-14 12:21:52 -07:00 |
|
Mariano Cano
|
0829f37fe8
|
Define a default crl cache duration
|
2022-09-14 11:43:58 -07:00 |
|
Raal Goff
|
d2483f3a70
|
Merge branch 'master' into crl-support
# Conflicts:
# authority/config/config.go
|
2022-09-08 09:45:04 +08:00 |
|
Mariano Cano
|
23b8f45b37
|
Address gosec warnings
Most if not all false positives
|
2022-08-18 17:46:20 -07:00 |
|
Mariano Cano
|
5e0be92273
|
Allow option to skip the validation of config
|
2022-08-16 14:04:04 -07:00 |
|
Mariano Cano
|
b62f4d1000
|
Add lgtm comments on some security warnings
|
2022-08-11 17:32:57 -07:00 |
|
Mariano Cano
|
a5439c43cd
|
Remove ciphersuites without Lucky13 countermeasures
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
|
2022-08-11 17:11:04 -07:00 |
|
Mariano Cano
|
369b8f81c3
|
Use go.step.sm/crypto/kms
Fixes #975
|
2022-08-08 17:58:18 -07:00 |
|
max furman
|
99c9155467
|
disableSSHHostsListAPI -> disableGetSSHHosts
|
2022-08-04 18:44:44 -07:00 |
|
max furman
|
fb7f57a8df
|
Add attribute to disable SSH Hosts list API
|
2022-07-27 23:30:00 -07:00 |
|
Raal Goff
|
60671b07d7
|
Merge branch 'master' into crl-support
# Conflicts:
# api/api.go
# authority/config/config.go
# cas/softcas/softcas.go
# db/db.go
|
2022-07-13 08:52:58 +08:00 |
|
Herman Slatman
|
ad2de16299
|
Merge branch 'master' into herman/allow-deny
|
2022-04-19 10:26:31 +02:00 |
|
Mariano Cano
|
fe9c3cf753
|
Merge branch 'master' into ahmet2mir-feat/vault
|
2022-04-18 15:35:26 -07:00 |
|
Herman Slatman
|
abcad679ff
|
Merge branch 'master' into herman/allow-deny
|
2022-04-18 21:54:55 +02:00 |
|
Herman Slatman
|
d6be9450be
|
Merge branch 'master' into herman/allow-deny
|
2022-04-15 11:57:05 +02:00 |
|
Mariano Cano
|
d3b6bc3c75
|
Merge branch 'master' into fix/adminra
|
2022-04-13 17:44:23 -07:00 |
|
Mariano Cano
|
674dc3c844
|
Rename unreleased claim to allowRenewalAfterExpiry for consistency.
|
2022-04-13 15:11:54 -07:00 |
|
Mariano Cano
|
37b521ec6c
|
Merge branch 'master' into feat/vault
|
2022-04-11 14:57:45 -07:00 |
|
Mariano Cano
|
c55b27a2fc
|
Refactor admin token to use with RAs.
|
2022-04-07 18:14:43 -07:00 |
|
Raal Goff
|
d417ce3232
|
implement changes from review
|
2022-04-06 08:23:53 +08:00 |
|
Herman Slatman
|
571b21abbc
|
Fix (most) PR comments
|
2022-03-31 16:12:29 +02:00 |
|
Herman Slatman
|
dc23fd23bf
|
Merge branch 'master' into herman/allow-deny-next
|
2022-03-24 12:36:12 +01:00 |
|
Mariano Cano
|
c903f00cd4
|
Rename claim to allowRenewAfterExpiry.
|
2022-03-14 15:40:01 -07:00 |
|
Mariano Cano
|
616490a9c6
|
Refactor renew after expiry token authorization
This changes adds a new authority method that authorizes the
renew after expiry tokens.
|
2022-03-10 20:21:01 -08:00 |
|
Mariano Cano
|
fd6a2eeb9c
|
Add provisioner controller
The provisioner controller has the implementation of the identity
function as well as the renew methods with renew after expiry
support.
|
2022-03-09 18:39:09 -08:00 |
|
Herman Slatman
|
7c541888ad
|
Refactor configuration of allow/deny on authority level
|
2022-03-08 13:26:07 +01:00 |
|
Mariano Cano
|
c0525381eb
|
Merge branch 'master' into feat/vault
|
2022-02-16 18:19:23 -08:00 |
|
Herman Slatman
|
716b946e7a
|
Normalize IPv6 hostname addresses
|
2022-01-19 17:14:45 +01:00 |
|
Ahmet DEMIR
|
68b980d689
|
feat(authority): avoid hardcoded cn in authority csr
|
2022-01-13 20:30:54 +01:00 |
|
max furman
|
933b40a02a
|
Introduce gocritic linter and address warnings
|
2021-10-08 14:59:57 -04:00 |
|
Mariano Cano
|
da2802504b
|
Use Default min version if not specified.
|
2021-08-11 15:33:45 -07:00 |
|
Mariano Cano
|
072ba4227c
|
Add deployment type to config.
This field is ignored except for the start of the ca. If the type
is linked and the token is not passed, it will fail with an error.
|
2021-08-10 17:07:15 -07:00 |
|
Mariano Cano
|
384be6e205
|
Do not show provisioners if they are not required.
For deployment types like linked ca, the list of provisioners in
the ca.json are not required, so we should tag the json as omitempty.
|
2021-08-02 15:34:39 -07:00 |
|
Mariano Cano
|
4f27f4b002
|
Change default ciphersuites to newer names.
|
2021-07-28 13:56:05 -07:00 |
|
Mariano Cano
|
0730a165fd
|
Add collection of files and authority template.
|
2021-07-27 19:19:58 -07:00 |
|
Mariano Cano
|
887423ee6e
|
Update TLS cipher suites.
|
2021-07-27 18:29:10 -07:00 |
|
Mariano Cano
|
49c1427d15
|
Use authorityId instead of authorityID.
In json or javascript world authorityId, userId, ... are more common
than authorityID, ...
|
2021-07-12 15:31:05 +02:00 |
|
max furman
|
9fdef64709
|
Admin level API for provisioner mgmt v1
|
2021-07-02 19:05:17 -07:00 |
|
max furman
|
1726076ea2
|
wip
|
2021-05-25 16:52:06 -07:00 |
|
max furman
|
5d09d04d14
|
wip
|
2021-05-19 15:20:16 -07:00 |
|
max furman
|
af3cf7dae9
|
first steps
|
2021-05-19 15:20:16 -07:00 |
|
max furman
|
2f60f20b0b
|
lots of codes
|
2021-05-19 15:20:16 -07:00 |
|
max furman
|
7b5d6968a5
|
first commit
|
2021-05-19 15:20:16 -07:00 |
|