Commit Graph

36 Commits (2df7d13354bd65c48896a54d76971659b45a68e5)

Author SHA1 Message Date
R.B. Boyer a2876453a5
connect/ca: cease including the common name field in generated certs (#10424)
3 years ago
Daniel Nephin b9e60c0775 testing: skip slow tests with -short
4 years ago
Kyle Havlovitz 0bfda4481f Add CA server delegate interface for testing
4 years ago
Daniel Nephin 3dfb7c224b stream: Use a no-op event publisher if streaming is disabled
4 years ago
Paul Banks f6ac08be04 state: track changes so that they may be used to produce change events
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Hans Hasselberg 82c556d1be
connect: use correct subject key id for leaf certificates. (#7091)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Paul Banks d7329097b2
Change CA Configure struct to pass Datacenter through (#6775)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Todd Radel 29b5253154 connect: Implement NeedsLogger interface for CA providers (#6556)
5 years ago
Todd Radel 54f92e2924 Make all Connect Cert Common Names valid FQDNs (#6423)
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago
R.B. Boyer af01d397a5
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
5 years ago
Alvin Huang c516fabfac
revert commits on master (#6413)
5 years ago
tradel 9b1ac4e7ef add subject names to issued certs
5 years ago
R.B. Boyer 561b2fe606
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
5 years ago
Christian Muehlhaeuser 7753b97cc7 Simplified code in various places (#6176)
5 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
6 years ago
Kyle Havlovitz 57deb28ade connect/ca: tighten up the intermediate signing verification
6 years ago
Kyle Havlovitz 2919519665 connect/ca: add intermediate functions to Vault ca provider
6 years ago
Kyle Havlovitz 52e8652ac5 connect/ca: add intermediate functions to Consul CA provider
6 years ago
Kyle Havlovitz d515d25856
Merge pull request #4644 from hashicorp/ca-refactor
6 years ago
Paul Banks 74f2a80a42
Fix CA pruning when CA config uses string durations. (#4669)
6 years ago
Kyle Havlovitz 5c7fbc284d connect/ca: hash the consul provider ID and include isRoot
6 years ago
Kyle Havlovitz c112a72880
connect/ca: some cleanup and reorganizing of the new methods
6 years ago
Kyle Havlovitz 546bdf8663
connect/ca: add Configure/GenerateRoot to provider interface
6 years ago
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL
6 years ago
Kyle Havlovitz 050da22473 connect/ca: undo the interface changes and use sign-self-issued in Vault
7 years ago
Kyle Havlovitz 914d9e5e20 connect/ca: add leaf verify check to cross-signing tests
7 years ago
Kyle Havlovitz bc997688e3 connect/ca: update Consul provider to use new cross-sign CSR method
7 years ago
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider
7 years ago
Kyle Havlovitz 5683d628c4
Support giving the duration as a string in CA config
7 years ago
Kyle Havlovitz e00088e8ee
Rename some of the CA structs/files
7 years ago