mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity
2979 commits 33 branches 197 tags 41 MiB
Commit graph

2979 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mariano Cano
90d2785776 Sanitize log entries in logging package 2022-08-11 17:44:31 -07:00
Mariano Cano
b62f4d1000 Add lgtm comments on some security warnings 2022-08-11 17:32:57 -07:00
Mariano Cano
a5439c43cd Remove ciphersuites without Lucky13 countermeasures 
SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
 2022-08-11 17:11:04 -07:00
Mariano Cano
d6baad443b
Merge pull request #1008 from smallstep/endpoint-id 
Endpoint ID
 2022-08-11 15:18:47 -07:00
Mariano Cano
8bd0174251 Rename field to IsCAServerCert 2022-08-11 15:14:26 -07:00
Mariano Cano
5df1694250 Add endpoint id for the RA certificate 
In a linked RA mode, send an endpoint id to group the server
certificates.
 2022-08-11 14:47:11 -07:00
Max
20784c7a00
Merge pull request #1006 from smallstep/max/revoke-serial-validation 
Validate revocation serial number
 2022-08-11 09:45:26 -07:00
max furman
1dd0d7d0ee Update bad serial error to be more specific 2022-08-11 09:34:04 -07:00
max furman
73ba411e1d [action] parameterize golangci-lint version 2022-08-10 21:45:10 -07:00
Mariano Cano
eb091aec54 Simplify field names for ProvisionerInfo 2022-08-10 17:44:14 -07:00
Mariano Cano
2f7cb9225f Use go.step.sm/crypto to set the permanent identifier 2022-08-10 17:38:18 -07:00
Mariano Cano
a65adc032b
Merge pull request #1005 from smallstep/crypto-kms 
Use go.step.sm/crypto/kms
 2022-08-10 09:57:26 -07:00
Mariano Cano
21427d5d65 Replace instead of prepend provisioner extension 
With non standard SANs this will generate the SAN and provisioner
extension in the same order.
 2022-08-09 16:48:00 -07:00
Mariano Cano
2ab1e6658e Fix nonce validation 
The attestation certificate contains the nonce as raw bytes in the
extension 1.2.840.113635.100.8.11.1
 2022-08-09 15:06:52 -07:00
max furman
7052a32c2c Validate revocation serial number 2022-08-09 11:04:00 -07:00
Mariano Cano
4985ab1d62 Remove kms package 2022-08-08 18:01:10 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms 
Fixes #975
 2022-08-08 17:58:18 -07:00
Mariano Cano
e02a190fa7 Merge branch 'master' into device-attestation 2022-08-08 17:29:59 -07:00
Max
3e2729e391
Merge pull request #989 from smallstep/max/disable-ssh-hosts 
Add attribute to disable SSH Hosts list API
 2022-08-08 14:15:35 -07:00
Mariano Cano
9f67a808cd
Merge pull request #1004 from smallstep/go-1.19 
Change actions to build using Go 1.19
 2022-08-08 12:35:49 -07:00
Mariano Cano
f1aabaa99c Use functions from os instead of io/ioutil 2022-08-08 12:12:53 -07:00
Mariano Cano
8445c29db6 Change actions to build using Go 1.19 
Fixes #998
 2022-08-08 12:01:18 -07:00
max furman
99c9155467 disableSSHHostsListAPI -> disableGetSSHHosts 2022-08-04 18:44:44 -07:00
Mariano Cano
38fb92452f
Merge pull request #993 from smallstep/ra-ids 
RA provisioner IDs
 2022-08-04 11:26:59 -07:00
Mariano Cano
22337da18c
Merge pull request #990 from qbit/master 
Update deps to bring in support for OpenBSD
 2022-08-04 11:26:37 -07:00
Mariano Cano
821743f71e Upgrade newrelic to v3 2022-08-04 11:16:11 -07:00
Aaron Bieber
135c481893 Update deps to bring in support for OpenBSD 
OpenBSD support was added to the following deps:
 - github.com/go-piv/piv-go in https://github.com/go-piv/piv-go/pull/101
 - github.com/newrelic/go-agent in https://github.com/newrelic/go-agent/pull/455
 - github.com/miekg/pkcs11 in https://github.com/miekg/pkcs11/pull/140

With these deps bumped, tests all pass on OpenBSD amd64.
 2022-08-04 11:38:15 -06:00
Mariano Cano
a2f7766943 Use released version of linkedca 2022-08-04 10:31:57 -07:00
Mariano Cano
c5c7c30cc2 Fix typo in ProvisionerInfo 2022-08-04 10:07:20 -07:00
Mariano Cano
64744562c6 Send RA provisioner to linkedca. 2022-08-03 18:44:25 -07:00
Mariano Cano
6b5d3dca95 Add provisioner name to RA info 2022-08-03 18:44:04 -07:00
Mariano Cano
9648fe6b4c Remove debug statement 2022-08-03 15:32:39 -07:00
Mariano Cano
a1f54921d2 Rename internal field 2022-08-03 12:07:45 -07:00
Mariano Cano
f9df8ac05f Remove unused interface 2022-08-03 12:03:49 -07:00
Mariano Cano
7a1e6a0e1f Fix and extend stepcas unit tests 2022-08-03 11:57:42 -07:00
Mariano Cano
9408d0f24b Send RA provisioner information to the CA 2022-08-02 19:28:49 -07:00
Mariano Cano
a8819376d3 Remove empty lines on debug information 
At the start of step-ca some information about the CA is displayed,
this change remove extra lines when displaying the ssh public keys.
 2022-08-02 16:05:04 -07:00
Max
87f28a7ec9
Create codeql-analysis.yml 2022-08-01 11:16:08 -07:00
Max
0efaf514d7
Create SECURITY.md 2022-07-29 15:17:05 -07:00
max furman
fb7f57a8df Add attribute to disable SSH Hosts list API 2022-07-27 23:30:00 -07:00
max furman
01423e36c9 [action] combine label and triage project add in one workflow 2022-07-24 22:38:34 -07:00
Mariano Cano
66356cff43 Add attestation certificate validation for Apple devices 2022-07-14 17:10:03 -07:00
max furman
9b9c5551f6 Add changelog template 2022-07-12 17:33:36 -07:00
Carl Tashian
1d10491f7a Update README.md 2022-07-12 17:33:36 -07:00
max furman
ffe7c00a10 Add changelog template 2022-07-06 15:04:55 -07:00
Carl Tashian
6814b7f5dd
Update README.md 2022-06-30 11:27:05 -06:00
Brandon Weeks
274f6ccb41 iOS 16 beta 2 support 2022-06-23 05:43:24 +10:00
Brandon Weeks
7e1b0bebd9 iOS 16 beta 1 support 2022-06-23 05:19:36 +10:00
Brandon Weeks
77c6d10fd6 Verify key authorization is contained within the TPM quote extraData field 2022-06-23 05:19:36 +10:00
Brandon Weeks
e1ec31c0ed Implement TPM attestation statement verification 2022-06-23 05:19:36 +10:00