Seth Rutner
3874b63af3
Fix typos in error message ( #2692 )
2017-05-10 10:28:35 -04:00
Vishal Nayak
8bb6c8caef
Return error message for failure to parse CSR ( #2657 )
2017-04-28 08:30:24 -04:00
Saj Goonatilleke
01f3056b8b
pki: Include private_key_type on DER-formatted responses from /pki/issue/ ( #2405 )
2017-02-24 11:17:59 -05:00
joe miller
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
Chris Hoffman
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
Jeff Mitchell
897d3c6d2c
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
vishalnayak
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
Jeff Mitchell
f1cc16b77f
Remove manual selection of nextprotos from tls config coming from certutil; it's really not up to us to dictate third party requirements
2016-07-22 11:12:46 -04:00
Jeff Mitchell
3ec81debe7
Trim leading/trailing space around PEM bundles.
...
Fixes #1634
2016-07-20 13:57:49 -04:00
vishalnayak
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
vishalnayak
46d34130ac
Set minimum TLS version in all tls.Config objects
2016-07-12 17:06:28 -04:00
Andrew Stuart
c81e5c41d2
Update PrivateKeyType to string, update switch statement.
2015-12-14 11:16:47 -07:00
Andrew Stuart
100465fee8
Remove unnecessary cast
2015-12-14 06:17:20 -07:00
Andrew Stuart
ae9e842841
Merge branch 'pkcs8'
2015-12-11 15:22:43 -07:00
Andrew Stuart
b277eb9f14
Remove flag check before trying pkcs8 parsing.
2015-12-11 15:17:49 -07:00
Andrew Stuart
4da225d39e
Update tests and finish implementation of PKCS8 handling
2015-12-11 15:17:49 -07:00
Andrew Stuart
2861be29a4
Move to pem.Block.Type-based decoding
2015-12-11 14:57:33 -07:00
Andrew Stuart
572f587093
Update flag to field with format info
2015-12-10 21:02:31 -07:00
Andrew Stuart
ef2be34985
Remove flag check before trying pkcs8 parsing.
2015-12-09 15:33:25 -07:00
Andrew Stuart
7d274cbb0b
Update tests and finish implementation of PKCS8 handling
2015-12-09 15:33:25 -07:00
Jeff Mitchell
0dbe15cb87
Mostly revert changes to certutil as the embedded struct stuff was being
...
problematic.
2015-11-19 14:18:39 -05:00
Jeff Mitchell
4681d027c0
Move serial number generation and key validation into certutil; centralize format and key verification
2015-11-19 09:51:18 -05:00
Jeff Mitchell
54fccb2ff4
Add support for EC CA keys, output to base64-encoded DER instead of PEM, and tests for all of those. Also note that Go 1.5 is now required.
2015-11-19 09:51:17 -05:00
Jeff Mitchell
b2df079446
Add unit tests to test signing logic, fix up test logic for names
2015-11-19 09:51:17 -05:00
Jeff Mitchell
1cec03d9ca
Implement CA cert/CSR generation. CA certs can be self-signed or
...
generate an intermediate CSR, which can be signed.
2015-11-19 09:51:17 -05:00
Jeff Mitchell
390f769d1a
Add unit tests for certutil, and fix a whitespace stripping issue.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 16:06:56 -04:00
Jeff Mitchell
a6fc48b854
A few things:
...
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
Jeff Mitchell
34f495a354
Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
Jeff Mitchell
9e00ca769a
Restructure a little bit to make the helper library fully standalone. This makes it easier to move around later if desired, and for use by external programs.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 06:42:57 -04:00
Jeff Mitchell
29e7ec3e21
A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth.
...
Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks.
More refactoring could be done within the PKI backend itself, but that can wait.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-17 16:07:20 -04:00