Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-01-15 | Make CertStorer implementations public | Niall Sheridan | |
2017-01-14 | Add critical options support | Niall Sheridan | |
2017-01-13 | Use wkfs to manage the lets encrypt cache | Niall Sheridan | |
2017-01-13 | Db test config (#43) | Kevin Lyda | |
* Allow tests to specify mysql connection info. User can set MYSQL_TEST_USER, MYSQL_TEST_PASS and MYSQL_TEST_HOST environment variables for test environments that need that. * Changes from testing. Need to set both time fields as '0000-00-00' depends on a feature deprecated in MySQL 5.7.4. Go lint wanted snake case for my sql_config var. sqlConfig it is. * Go go idioms. Based on feedback from Niall, a cleaner way to do this in Go. | |||
2017-01-10 | Use latest versions | Niall Sheridan | |
Fix newly-broken tests | |||
2017-01-08 | Remove dbinit and use sql/js seed files | Niall Sheridan | |
2017-01-05 | Move GetPublicKey to the shared `lib` package | Niall Sheridan | |
2016-12-29 | Use vendored s3 wkfs | Niall Sheridan | |
2016-12-28 | Log SHA256 fingerprints | Niall Sheridan | |
2016-12-28 | quieten the linter | Niall Sheridan | |
2016-12-28 | Allow building static binaries | Niall Sheridan | |
sqlite uses CGO which prevents the building of statically-linked binaries. This change will omit sqlite support when building a static binary with: CGO_ENABLED=0 go build --ldflags '-extldflags "-static"' | |||
2016-12-28 | Add LetsEncrypt support | Niall Sheridan | |
When configured the server will request a TLS certificate for the specified server name from LetsEncrypt | |||
2016-10-17 | Unmarshal the config using mapstructure directly. | Niall Sheridan | |
Avoid unmarshalling into an intermediate struct. Better tests. | |||
2016-10-11 | Replace the 'datastore' option with a 'database' option | Niall Sheridan | |
The 'datastore' string option is deprecated and will be removed in a future version. The new 'database' map option is preferred. | |||
2016-10-06 | Add support for Hashicorp Vault | Niall Sheridan | |
Vault is supported for the following: As a well-known filesystem for TLS cert, TLS key and SSH signing key. For configuration secrets for cookie_secret, csrf_secret, oauth_client_id and oauth_client_secret options. | |||
2016-09-30 | Use json.NewDecoder to decode json from http | Niall Sheridan | |
2016-09-28 | Submit => Revoke | Niall Sheridan | |
2016-09-24 | Use a new session for each request | Niall Sheridan | |
2016-09-11 | Invert check for revoked cert | Niall Sheridan | |
2016-09-11 | Add a toggle for unexpired certs | Niall Sheridan | |
2016-09-11 | Allow filtering results | Niall Sheridan | |
2016-09-01 | Remove the Principal field from the request | Niall Sheridan | |
The server will always overwrite this field with the username obtained from the auth provider. Allowing the client to set it is a waste of time. | |||
2016-08-28 | Allow searching on keyID and principals | Niall Sheridan | |
2016-08-28 | List only certs which haven't expired | Niall Sheridan | |
2016-08-28 | Cosmetic changes | Niall Sheridan | |
2016-08-27 | Allow setting some config from environment | Niall Sheridan | |
2016-08-26 | First attempt at dropping privileges | sid77 | |
2016-08-20 | Replace Fatals with Errors | Niall Sheridan | |
2016-08-20 | Run some tests in parallel | Niall Sheridan | |
2016-08-20 | Use references to config structs | Niall Sheridan | |
2016-08-17 | Switch from bootstrap to skeleton | Niall Sheridan | |
2016-08-16 | Allow selecting which ip to listen on | Niall Sheridan | |
2016-08-09 | SQLite DB support | Niall Sheridan | |
2016-08-07 | Use bootstrap | Niall Sheridan | |
Move templates and static under server/ | |||
2016-08-07 | Ping the db before attempting to query it | Niall Sheridan | |
2016-08-01 | fix build | Niall Sheridan | |
2016-07-31 | Support mongo datastores | Niall Sheridan | |
2016-07-31 | Use a KRL for revoked certs | Niall Sheridan | |
2016-07-24 | Add a page for revoking certs | Niall Sheridan | |
Add a template for revocation Use DATETIME type to store created/expires times Require auth for the /admin and /revoke endpoints | |||
2016-07-17 | Add some handlers tests | Niall Sheridan | |
2016-07-03 | first pass at a certificate store | Niall Sheridan | |
2016-06-30 | Configurable logfile location | Niall Sheridan | |
2016-06-14 | Update whitelisting | Niall Sheridan | |
Whitelist Google users based on their email address instead of the username part of the email address. Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse. Skip testing for a Google Apps domain (ui.Hd) if no domain is configured. Principals will still be added as the user part of the email address. For the Github provider, skip checking that the user is a member of an organization is none is configured. | |||
2016-06-14 | Merge pull request #21 from nsheridan/whitelist_support | Marco Bonetti | |
Add support for a users whitelist | |||
2016-06-14 | Add support for a users whitelist | Marco Bonetti | |
2016-06-13 | Run the linter as part of tests. | Niall Sheridan | |
Fix lint warnings. | |||
2016-06-06 | Merge pull request #16 from nsheridan/s3 | Niall Sheridan | |
Add AWS S3 and Google GCS virtual filesystems | |||
2016-06-06 | Save oauth 'state' identifier in the client | Niall Sheridan | |
2016-06-05 | Add AWS S3 and Google GCS virtual filesystems. | Niall Sheridan | |
This allows the signing key to be read directly from S3 using a path like /s3/<bucket>/<path/to/signing.key> or /gcs/<bucket>/<path/to/signing.key>. | |||
2016-06-02 | Validate tokens correctly | Niall Sheridan | |
This switch statement doesn't do what I thought it does |