Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[pull] master from smallstep:master #209

Merged
merged 10 commits into from
Oct 7, 2023
Merged

[pull] master from smallstep:master #209

merged 10 commits into from
Oct 7, 2023

Conversation

pull[bot]
Copy link

@pull pull bot commented Oct 5, 2023
edited
Loading

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

hslatman and others added 9 commits October 2, 2023 13:30
@hslatman
Prevent invalid provisioner name on step ca init
3c08482 
An unfortunate combination of `--provisioner acme` and the `--acme`
flags on `step ca init` could lead to an invalidat CA configuration.
This commit prevent this case from happening. A similar error could
occur for the `sshpop` provisioner, so a fix was implemented for that
case too.

The fix doesn't catch all cases, e.g. it doesn't check for multiple
provisioners having the same `acme-` or `sshpop-` prefix. The code
that is called is intended to be only called from a `step ca init`
invocation, so should work for these cases, but might not if the
methods are invoked at other times.
@hslatman
Merge branch 'master' into herman/fix-init-with-duplicate-provisioner…
991a9a6 
…-name
@hslatman
Add some basic tests for GenerateConfig
2e560ca 
So far the `GenerateConfig` method wasn't tested. This commit adds
a couple of basic tests for this method. It's not fully covered yet,
nor are all properties being checked, but it provides a starting
point for refactoring the CA (configuration) initialization process.
@hslatman
Improve decoding SCEP requests
3c12b4f
@hslatman
Implement workaround for weird macOS SCEP message in query
cd78b9f 
Apparently the macOS SCEP client sends a SCEP message in the query
that's not fully escaped. Only the base64 padding is escaped, the
'+' and '/' characters aren't.

This is a bit of a special case, because the macOS SCEP client
will default to using HTTP POST for the PKIOperation. But if the
CA is configured without the POSTPKIOperation capability, the
macOS SCEP client will use HTTP GET instead. This behavior might
be the same on iOS.
@hslatman
Fix linting issues
965d7aa
@hslatman
Add base64 to the raw message decoding error
25f4b40
@hslatman
Merge pull request #1570 from smallstep/herman/improve-scep-request-h…
d1dd1fa 
…andling

Improve SCEP request handling
@hslatman
Merge pull request #1566 from smallstep/herman/fix-init-with-duplicat…
06750b0 
…e-provisioner-name

Fix `step ca init` with duplicate provisioner name (`--provisioner acme --acme`)
@pull pull bot added ⤵️ pull and removed needs triage labels Oct 5, 2023
@dopey
Allow for identity certificate signing (in sshSign) by skipping valid…
9f84f7c 
…ators (#1572)

- skip urisValidator for identity certificate signing. Implemented
  by building the validator with the context in a hacky way.
@fritterhoff fritterhoff merged commit ff6a02d into hm-edu:master Oct 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@fritterhoff fritterhoff

Labels
⤵️ pull
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fritterhoff @hslatman @dopey