consul

Commit Graph

Author	SHA1	Message	Date
Matt Keeler	677d6dac80	Remove x509 name constraints These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.	7 years ago
Kyle Havlovitz	050da22473	connect/ca: undo the interface changes and use sign-self-issued in Vault	7 years ago
Kyle Havlovitz	6a2fc00997	connect/ca: add URI SAN support to the Vault provider	7 years ago
Paul Banks	4aeab3897c	Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.	7 years ago
Paul Banks	b4803eca59	Generate CSR using real trust-domain	7 years ago
Paul Banks	e0e12e165b	TLS watching integrated into Service with some basic tests. There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.	7 years ago
Paul Banks	90c574ebaa	Wire up agent leaf endpoint to cache framework to support blocking.	7 years ago
Paul Banks	10db79c8ae	Rework connect/proxy and command/connect/proxy. End to end demo working again	7 years ago
Paul Banks	26e65f6bfd	connect.Service based implementation after review feedback.	7 years ago
Mitchell Hashimoto	75bf0e1638	agent/connect: support SpiffeIDSigning	7 years ago
Mitchell Hashimoto	17ca8ad083	agent/connect: rename SpiffeID to CertURI	7 years ago
Mitchell Hashimoto	0cbcb07d61	agent/connect: use proper keyusage fields for CA and leaf	7 years ago
Mitchell Hashimoto	c2588262b7	agent: /v1/connect/ca/leaf/:service_id	7 years ago
Mitchell Hashimoto	891cd22ad9	agent/consul: key the public key of the CSR, verify in test	7 years ago
Mitchell Hashimoto	d768d5e9a7	agent/consul: test for ConnectCA.Sign	7 years ago

15 Commits (0f27ffd163155293e881c290ed35693a7223495f)