open-consul

Commit Graph

Author	SHA1	Message	Date
R.B. Boyer	91e78e00c7	fix typos reported by golangci-lint:misspell (#5434 )	2019-03-06 11:13:28 -06:00
R.B. Boyer	28b87063e3	fix a few leap-year related clock math inaccuracies and failing tests	2019-03-01 13:51:49 -06:00
Kyle Havlovitz	51d5d6b1d4	connect/ca: fix a potential panic in the Consul provider	2019-02-07 10:43:54 -08:00
Kyle Havlovitz	5a5436380b	connect/ca: return a better error message if the CA isn't fully initialized when signing	2019-01-22 11:15:09 -08:00
Kyle Havlovitz	1a4204f363	agent: fix formatting	2018-11-07 02:16:03 -08:00
Aestek	260a9880ae	[Security] Add finer control over script checks (#4715 ) * Add -enable-local-script-checks options These options allow for a finer control over when script checks are enabled by giving the option to only allow them when they are declared from the local file system. * Add documentation for the new option * Nitpick doc wording	2018-10-11 13:22:11 +01:00
Kyle Havlovitz	6301f763df	connect/ca: tighten up the intermediate signing verification	2018-09-14 16:08:54 -07:00
Kyle Havlovitz	ba1d7201a0	connect/ca: add intermediate functions to Vault ca provider	2018-09-13 13:38:32 -07:00
Kyle Havlovitz	138a39026b	connect/ca: add intermediate functions to Consul CA provider	2018-09-13 13:09:21 -07:00
Kyle Havlovitz	70c43a27c3	connect/ca: hash the consul provider ID and include isRoot	2018-09-12 13:44:15 -07:00
Kyle Havlovitz	8fc2c77fdf	connect/ca: some cleanup and reorganizing of the new methods	2018-09-11 16:43:04 -07:00
Kyle Havlovitz	e184a18e4b	connect/ca: add Configure/GenerateRoot to provider interface	2018-09-06 19:18:59 -07:00
Siva Prasad	cfa436dc16	Revert "CA initialization while boostrapping and TestLeader_ChangeServerID fix." (#4497 ) * Revert "BUGFIX: Unit test relying on WaitForLeader() did not work due to wrong test (#4472)" This reverts commit cec5d7239621e0732b3f70158addb1899442acb3. * Revert "CA initialization while boostrapping and TestLeader_ChangeServerID fix. (#4493)" This reverts commit 589b589b53e56af38de25db9b56967bdf1f2c069.	2018-08-07 08:29:48 -04:00
Siva Prasad	29c181f5fa	CA initialization while boostrapping and TestLeader_ChangeServerID fix. (#4493 ) * connect: fix an issue with Consul CA bootstrapping being interrupted * streamline change server id test	2018-08-06 16:15:24 -04:00
Kyle Havlovitz	45ec8849f3	connect/ca: add configurable leaf cert TTL	2018-07-16 13:33:37 -07:00
Matt Keeler	b3ba709b3d	Remove x509 name constraints These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.	2018-06-25 12:26:10 -07:00
Kyle Havlovitz	f3089a6647	connect/ca: undo the interface changes and use sign-self-issued in Vault	2018-06-25 12:25:42 -07:00
Kyle Havlovitz	cea94d0bcf	connect/ca: update Consul provider to use new cross-sign CSR method	2018-06-25 12:25:41 -07:00
Kyle Havlovitz	a98b85b25c	connect/ca: add the Vault CA provider	2018-06-25 12:25:41 -07:00
Paul Banks	6ecc0c8099	Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift	2018-06-25 12:25:41 -07:00
Kyle Havlovitz	4d46bba2c4	Support giving the duration as a string in CA config	2018-06-14 09:42:22 -07:00
Paul Banks	30d90b3be4	Generate CSR using real trust-domain	2018-06-14 09:42:16 -07:00
Paul Banks	c808833a78	Return TrustDomain from CARoots RPC	2018-06-14 09:42:15 -07:00
Kyle Havlovitz	d1265bc38b	Rename some of the CA structs/files	2018-06-14 09:42:15 -07:00

24 Commits