Commit Graph

34 Commits (3841e9e396685846d89f1f29459c5ae4b185038a)

Author SHA1 Message Date
Kyle Havlovitz e8dd89359a
agent: fix formatting
6 years ago
Aestek 25f04fbd21 [Security] Add finer control over script checks (#4715)
6 years ago
Kyle Havlovitz 57deb28ade connect/ca: tighten up the intermediate signing verification
6 years ago
Kyle Havlovitz 2919519665 connect/ca: add intermediate functions to Vault ca provider
6 years ago
Kyle Havlovitz 52e8652ac5 connect/ca: add intermediate functions to Consul CA provider
6 years ago
Kyle Havlovitz d515d25856
Merge pull request #4644 from hashicorp/ca-refactor
6 years ago
Paul Banks 74f2a80a42
Fix CA pruning when CA config uses string durations. (#4669)
6 years ago
Kyle Havlovitz 5c7fbc284d connect/ca: hash the consul provider ID and include isRoot
6 years ago
Kyle Havlovitz c112a72880
connect/ca: some cleanup and reorganizing of the new methods
6 years ago
Kyle Havlovitz 546bdf8663
connect/ca: add Configure/GenerateRoot to provider interface
6 years ago
Siva Prasad 288d350a73
Revert "CA initialization while boostrapping and TestLeader_ChangeServerID fix." (#4497)
6 years ago
Siva Prasad 589b589b53
CA initialization while boostrapping and TestLeader_ChangeServerID fix. (#4493)
6 years ago
Kyle Havlovitz f67a4d59c0
connect/ca: simplify passing of leaf cert TTL
6 years ago
Kyle Havlovitz ce10de036e
connect/ca: check LeafCertTTL when rotating expired roots
6 years ago
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL
6 years ago
Matt Keeler 677d6dac80 Remove x509 name constraints
7 years ago
Kyle Havlovitz 8c2c9705d9 connect/ca: use weak type decoding in the Vault config parsing
7 years ago
Kyle Havlovitz 050da22473 connect/ca: undo the interface changes and use sign-self-issued in Vault
7 years ago
Kyle Havlovitz 914d9e5e20 connect/ca: add leaf verify check to cross-signing tests
7 years ago
Kyle Havlovitz bc997688e3 connect/ca: update Consul provider to use new cross-sign CSR method
7 years ago
Kyle Havlovitz 8a70ea64a6 connect/ca: update Vault provider to add cross-signing methods
7 years ago
Kyle Havlovitz 6a2fc00997 connect/ca: add URI SAN support to the Vault provider
7 years ago
Kyle Havlovitz 226a59215d connect/ca: fix vault provider URI SANs and test
7 years ago
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider
7 years ago
Paul Banks 51fc48e8a6 Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift
7 years ago
Paul Banks e514570dfa Actually return Intermediate certificates bundled with a leaf!
7 years ago
Kyle Havlovitz ab4a9a94f4
Re-use uint8ToString
7 years ago
Kyle Havlovitz 5683d628c4
Support giving the duration as a string in CA config
7 years ago
Paul Banks b4803eca59
Generate CSR using real trust-domain
7 years ago
Paul Banks c1f2025d96
Return TrustDomain from CARoots RPC
7 years ago
Kyle Havlovitz e00088e8ee
Rename some of the CA structs/files
7 years ago
Kyle Havlovitz 627aa80d5a
Use provider state table for a global serial index
7 years ago
Kyle Havlovitz 988510f53c
Add test for ca config http endpoint
7 years ago
Kyle Havlovitz de72834b8c
Move connect CA provider to separate package
7 years ago