42894754a6
Remove comments destined to be outdated
2017-01-23 13:49:15 -05:00
1615280efa
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
7568a212b1
Adding support for exportable transit keys ( #2133 )
2017-01-23 11:04:43 -05:00
c9bd2a37f8
Don't sanitize disallowed_policies on token role
2017-01-17 21:34:14 -05:00
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
98a6e0fea3
Add Duo pushinfo capabilities ( #2118 )
2016-12-19 15:37:44 -05:00
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
fc81a301b8
Don't say mlock is supported on OSX when it isn't. ( #2120 )
...
Fixes #2119
2016-11-22 12:56:36 -05:00
ee29b329fb
Bump proto files after update
2016-11-17 10:06:26 -05:00
ac9304e660
Remove the methods introduced to make the tests work from its older package
2016-10-26 20:03:51 -04:00
c14a6c8666
Move policy test to keysutil package
2016-10-26 19:57:28 -04:00
6d1e1a3ba5
Pulled out transit's lock manager and policy structs into a helper
2016-10-26 19:52:31 -04:00
69df3fb95e
Added a few checks to the CIDR Subset checking util
2016-09-28 14:04:02 -04:00
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
b1ee56a15b
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
72b9c4c649
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
a31f9bb0e9
Fix zeroAddr check
2016-09-23 12:50:26 -04:00
f560e20b28
Address review feedback
2016-09-22 18:07:35 -04:00
07b1b244d6
Use net.IPv4zero to check for zero address
2016-09-21 20:29:33 -04:00
aaadd4ad97
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
93604e1e2e
Added cidrutil helper
2016-09-21 13:58:32 -04:00
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
897d3c6d2c
Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.
2016-09-16 11:05:43 -04:00
1d6552c625
Update logging formatting
2016-09-01 16:14:21 -04:00
cdcfa4572f
Address review feedback
2016-08-30 16:36:58 -04:00
7e41d5ab45
Pass headers back when request forwarding ( #1795 )
2016-08-26 17:53:47 -04:00
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
2860dcc60f
gofmt
2016-08-19 16:48:32 -04:00
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
5c33356d14
Protobuf for forwarding ( #1743 )
2016-08-17 16:15:15 -04:00
8d6244f8e7
Don't serialize the full connection state, instead just the peer certificates, and parse them on the other side
2016-08-17 10:29:53 -04:00
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
2c14ff7385
build: Add support for building on Illumos
...
This commit adds support for building for Illumos-derived operating
systems. Regrettably, the cyrpto/ssh/terminal package does not include
implementations of the functions IsTerminal, MakeRaw or Restore for the
solaris OS. Consequently this commit implements them in Vault.
makeRaw(fd int) is based on the Illumos implementation of the getpass
function [1] for the correct flags. isTerminal(fd int) is based on the
Illumos libc implementation [2] of isatty.
[1] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
[2] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
2016-08-13 00:20:15 -04:00
c1a46349fa
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00
185363d6e0
Address review feedback
2016-08-09 11:13:48 -04:00
b43cc03f0e
Address review feedback from @jefferai
2016-08-09 10:47:55 -04:00
78d57520fb
Refactoring and test fixes
2016-08-09 03:43:03 -04:00
c81460add6
Added compressutil tests
2016-08-09 02:26:38 -04:00
f994c7ccd3
Tests for (de)compression in jsonutil
2016-08-09 00:50:19 -04:00
29989fa4c1
Make generic utility for compression and decompression
2016-08-09 00:50:19 -04:00
55ecad83bc
Pull out compression code into compressutil
2016-08-09 00:50:19 -04:00
5866cee5b4
Added utilities to compress the data
2016-08-09 00:50:19 -04:00
6ffdce7f40
Fix bugs and add test case for arbitrary string slice
2016-08-03 14:57:36 -04:00
9e204bd88c
Add arbitrary string slice parsing.
...
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.
Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
c025b292b5
Cleanup
2016-08-03 13:09:12 -04:00
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00
f1cc16b77f
Remove manual selection of nextprotos from tls config coming from certutil; it's really not up to us to dictate third party requirements
2016-07-22 11:12:46 -04:00
8dc3a830dc
Address review feedback
2016-07-22 10:21:45 -04:00
Jeff Mitchell