mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 02:57:04 +02:00
Code Issues Projects Releases Wiki Activity
18,193 Commits 2,843 Branches 445 Tags 454 MiB
bc69ef899a
Commit Graph

73 Commits

Author SHA1 Message Date
Vishal Nayak
e2bb2ec3b9
Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Jeff Mitchell
a4a6758942
Codify using strings.Join and strings.TrimSpace around PEM handling to ensure newline sanity (#4148) 
Fixes #4136
 2018-03-18 16:00:51 -04:00
Jeff Mitchell
a43a854740
Support other names in SANs (#3889) 2018-02-16 17:19:34 -05:00
Brian Kassouf
8142b42d95 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Kassouf
78adac0a24
Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Jeff Mitchell
33cf98026e
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Jeff Mitchell
6cfdd7b40c Rejig some error messages in pki 2017-10-27 12:02:18 -04:00
Jeff Mitchell
f970aea9f8 Change behavior of TTL in sign-intermediate (#3325) 
* Fix using wrong public key in sign-self-issued

* Change behavior of TTL in sign-intermediate

This allows signing CA certs with an expiration past the signer's
NotAfter.

It also change sign-self-issued to replace the Issuer, since it's
potentially RFC legal but stacks won't validate it.

Ref: https://groups.google.com/d/msg/vault-tool/giP69-n2o20/FfhRpW1vAQAJ
 2017-09-13 11:42:45 -04:00
Jeff Mitchell
4ad96d9513 Add pki/root/sign-self-issued. (#3274) 
* Add pki/root/sign-self-issued.

This is useful for root CA rolling, and is also suitably dangerous.

Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.

* Add tests
 2017-08-31 23:07:15 -04:00
Jeff Mitchell
f3a3e5ad8f Use TypeDurationSecond for TTL values in PKI. (#3270) 2017-08-31 15:46:13 -04:00
Jeff Mitchell
2946d133af Make PKI root generation idempotent-ish and add delete endpoint. (#3165) 2017-08-15 14:00:40 -04:00
Calvin Leung Huang
96bcd50de0 Include and use normalizeSerial func 2017-05-03 10:12:58 -04:00
Jeff Mitchell
dba2de57de Change storage of entries from colons to hyphens and add a 
lookup/migration path

Still TODO: tests on migration path

Fixes #2552
 2017-04-18 11:14:23 -04:00
vishalnayak
faa975326d pki: Appended error to error message 2016-12-19 10:49:32 -05:00
vishalnayak
c8319e330d PKI: Added error to the error message 2016-12-19 10:47:29 -05:00
Chris Hoffman
10c8024fa3 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
vishalnayak
ddb6ae18a0 Fix invalid input getting marked as internal error 2016-07-28 16:23:11 -04:00
Jeff Mitchell
9de0ea081a Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Jeff Mitchell
5da2949d45 Check role key type and bits when signing CSR. 
Two exceptions: signing an intermediate CA CSR, and signing a CSR via
the 'sign-verbatim' path.
 2016-02-19 20:50:49 -05:00
Jeff Mitchell
7fb8db2e6c Allow the format to be specified as pem_bundle, which creates a 
concatenated PEM file.

Fixes #992
 2016-02-01 13:19:41 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
7eed5db86f Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell
3437af0711 Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00