Commit graph

2766 commits

Author SHA1 Message Date
Jeff Mitchell 7fc4ee1ed7 Disallow 1024-bit RSA keys.
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
2016-02-19 14:33:02 -05:00
Jeff Mitchell 05b5ff69ed Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell c67871c36e Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Vishal Nayak 597ba98895 Merge pull request #1099 from hashicorp/fix-ssh-cli
ssh: use resolved IP address while executing ssh command
2016-02-19 13:02:34 -05:00
Jeff Mitchell 28857cb419 Fix mixed whitespacing in ssh help text 2016-02-19 12:47:58 -05:00
vishalnayak bccbf2b87e ssh: use resolved IP address while executing ssh command 2016-02-19 12:19:10 -05:00
Jeff Mitchell d3f3122307 Add tests to ldap using the discover capability 2016-02-19 11:46:59 -05:00
Jeff Mitchell 154c326060 Add ldap tests that use a bind dn and bind password 2016-02-19 11:38:27 -05:00
Jeff Mitchell 520d71668d Update .gitignore to remove overzealous application of 'pkg' shadowing
vendor dir.

Also update Travis to stop doing bad things.
2016-02-18 21:51:04 -05:00
Jeff Mitchell 0cf0d4d265 Makefile whitespacing 2016-02-18 21:26:28 -05:00
Jeff Mitchell df3527c0eb Add travis building of travis-testing branch and make dev to install 2016-02-18 21:23:40 -05:00
Jeff Mitchell d6df4fa43e Remove godep from Travis; we're using Go 1.6 vendoring now 2016-02-18 18:25:21 -05:00
Jeff Mitchell af22880425 Update travis to use Go 1.6 2016-02-18 18:09:21 -05:00
vishalnayak 84d9b6c6b2 changelog++ 2016-02-18 17:11:50 -05:00
Jeff Mitchell 88d486c9c1 Merge pull request #1094 from hashicorp/sanitize-ttl-emptystring
Make SanitizeTTL treat an empty string the same as a "0" string.
2016-02-18 16:59:23 -05:00
Jeff Mitchell f9fb20bbe4 Make SanitizeTTL treat an empty string the same as a "0" string.
This causes a 0 TTL to be returned for the value, which is a clue to
other parts of Vault to use appropriate defaults. However, this makes
the defaults be used at lease allocation or extension time instead of
when parsing parameters.
2016-02-18 16:51:36 -05:00
Vishal Nayak 3e1a07d3d0 Merge pull request #1047 from hashicorp/vault-iss999-github-renewal
GitHub renewal enhancements
2016-02-18 16:47:15 -05:00
Jeff Mitchell 2b85154c37 Bump version 2016-02-18 16:43:43 -05:00
Jeff Mitchell cfd908cb73 More dep bumps 2016-02-18 16:37:30 -05:00
Jeff Mitchell 09176ff93b changelog++ 2016-02-18 15:33:14 -05:00
Jeff Mitchell 7a4eda156c Migrate to built-in Go vendoring.
This also removes `godep` calls from make scripts. Of note is that
currently `./...` checking in acceptance tests is disabled.
2016-02-18 15:06:02 -05:00
Vishal Nayak ba134f5a7a Merge pull request #1086 from hashicorp/iss962-verify-otp-response-code
SSH: Fix response code for ssh/verify
2016-02-18 13:32:28 -05:00
Vishal Nayak 84774287ea Merge pull request #1085 from hashicorp/iss1065-cert-read-return-code
Pki: Respond user error when cert is not found instead of internal error
2016-02-18 13:31:52 -05:00
Jeff Mitchell 9f4273589f Remove root-protected references from transit docs 2016-02-18 12:45:18 -05:00
Jeff Mitchell 695a822545 Merge pull request #1075 from rajanadar/patch-14
adding full response for intermediate/generate
2016-02-18 10:16:53 -05:00
Jeff Mitchell c431c2204d Merge pull request #1074 from rajanadar/patch-13
added missing fields to read role
2016-02-18 10:16:14 -05:00
Jeff Mitchell 4a9b8d132e Merge pull request #1073 from rajanadar/patch-12
fixing response fields of /pki/issue
2016-02-18 10:15:19 -05:00
Jeff Mitchell 324357c226 Update cross-compiling Dockerfile to Go 1.6 2016-02-17 17:09:01 -05:00
Jeff Mitchell c4a9d24c4a Merge pull request #1090 from hashicorp/pooled-consul
Use a pooled transport for the Consul physical backend
2016-02-17 16:57:32 -05:00
Jeff Mitchell 5edaf522a8 Use a pooled transport for the Consul physical backend and give it 4 idle connections 2016-02-17 16:53:30 -05:00
Jeff Mitchell 94e6196574 Update go-cleanhttp 2016-02-17 16:51:12 -05:00
vishalnayak a6f3b31a36 ssh: Fix response code for ssh/verify 2016-02-16 19:46:29 -05:00
vishalnayak d9536043e7 Pki: Respond user error when cert is not found instead of internal error 2016-02-16 17:58:57 -05:00
Vishal Nayak 4e896ca0d2 Merge pull request #1068 from lunixbochs/master
don't panic when config directory is empty
2016-02-15 11:03:48 -05:00
Raja Nadar e7d20c0ef3 adding full response for intermediate/generate
1. adding superset of fields in response, so that folks can see all possible response fields.
2. also added the less important "warnings" field
2016-02-14 14:42:37 -08:00
Raja Nadar 2d918196ca added missing fields to read role
added the lease and token type field to the read role response.
2016-02-14 13:00:42 -08:00
Raja Nadar b0d05ebcb3 fixing response fields of /pki/issue
1. added the private_key_type field
2. changed "serial" to "serial_number"
3. added the warnings field
2016-02-14 12:41:43 -08:00
Vishal Nayak baa506c5c2 Merge pull request #1070 from chuyskywalker/patch-1
Minor spelling fix
2016-02-13 11:44:53 -05:00
Jeff Minard 1985fa3313 Minor spelling fix 2016-02-13 08:41:16 -08:00
Ryan Hileman 1e65c4a01f don't panic when config directory is empty 2016-02-12 16:40:19 -08:00
Jeff Mitchell ea12dff28b changelog++ 2016-02-12 15:38:52 -05:00
Jeff Mitchell a216c5d74d Merge pull request #1066 from hashicorp/issue-1054
Return status for rekey/root generation at init time.
2016-02-12 15:35:45 -05:00
Jeff Mitchell 8510dbad05 Verify that nonces are non-empty in tests 2016-02-12 15:35:26 -05:00
Jeff Mitchell 5f5542cb91 Return status for rekey/root generation at init time. This mitigates a
(very unlikely) potential timing attack between init-ing and fetching
status.

Fixes #1054
2016-02-12 14:24:36 -05:00
Jeff Mitchell 3d3ad051a8 Merge pull request #1064 from techraf/patch-1
Fixes typo
2016-02-12 09:48:55 -05:00
techraf 812736b475 Fixes typo 2016-02-12 22:34:07 +09:00
vishalnayak 0b44d81a16 Github renewal enhancement 2016-02-11 20:42:42 -05:00
Jeff Mitchell 3378db0166 Merge pull request #1061 from tomrittervg/tomrittervg-typos-1
Fix some typos
2016-02-11 15:12:09 -05:00
Jeff Mitchell 880c9798b7 Merge pull request #1062 from tomrittervg/tomrittervg-AllowedBaseDomain-migration
AllowedBaseDomain will stay non-empty in certain error conditions. None of these conditions should be hit anyways, but this provides an extra safety check.
2016-02-11 15:07:54 -05:00
Jeff Mitchell fdc7317ef0 changelog++ 2016-02-11 12:54:49 -05:00