From 4b2b3a0a36c598016d8deb83dd166222e8abdf4e Mon Sep 17 00:00:00 2001 From: Somsak Meesangpetch Date: Thu, 1 Jun 2023 14:51:34 +0700 Subject: [PATCH] Squashed commit of the following: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit e1165bba970713da395f6fbe7ff318ae8a63fb24 Merge: ce41e38e 21c13ab9 Author: Nicky Semenza Date: Mon May 15 09:25:14 2023 -0700 Merge pull request #1300 from cloudflare/dependabot/go_modules/golang.org/x/crypto-0.9.0 commit ce41e38ef579f4375baff57ffc816192f3842442 Merge: b2e0b850 7479ed6d Author: Nicky Semenza Date: Mon May 15 09:25:04 2023 -0700 Merge pull request #1299 from cloudflare/dependabot/go_modules/github.com/stretchr/testify-1.8.2 commit 21c13ab91a1a408559bac83af8989423cc62cfce Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon May 15 03:59:39 2023 +0000 build(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] commit 7479ed6d29ba27e8e26cb4aa270d18c777d07932 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon May 15 03:59:26 2023 +0000 build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] commit b2e0b850df40f0e46d62258a32fcc0eece5f72d7 Merge: 9618eba9 f6cb3e8a Author: Nicky Semenza Date: Fri May 12 14:09:17 2023 -0700 Merge pull request #1290 from cloudflare/nicky/golang-cross-latest commit 9618eba9b36427f80fa99e50c7af07a4cd4590ab Merge: 7bcbc6d8 372ef3d8 Author: Nicky Semenza Date: Fri May 12 10:28:07 2023 -0700 Merge pull request #1295 from cloudflare/dependabot/go_modules/github.com/google/certificate-transparency-go-1.1.6 build(deps): bump github.com/google/certificate-transparency-go from 1.1.4 to 1.1.6 commit 372ef3d8c256e7e423c4ddbe6b5650a36520313a Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri May 12 17:12:34 2023 +0000 build(deps): bump github.com/google/certificate-transparency-go Bumps [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) from 1.1.4 to 1.1.6. - [Release notes](https://github.com/google/certificate-transparency-go/releases) - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/certificate-transparency-go/compare/v1.1.4...v1.1.6) --- updated-dependencies: - dependency-name: github.com/google/certificate-transparency-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] commit 7bcbc6d879cb8030a83bcc2ff23653ca019f172d Merge: 0d872f60 04f6d3e0 Author: Nicky Semenza Date: Fri May 12 10:11:55 2023 -0700 Merge pull request #1297 from cloudflare/dependabot/go_modules/github.com/go-sql-driver/mysql-1.7.1 build(deps): bump github.com/go-sql-driver/mysql from 1.6.0 to 1.7.1 commit 0d872f6073bcb65fb4c730d9f6b8c61421533c6c Merge: 11796e14 be9f3a38 Author: Nicky Semenza Date: Fri May 12 10:11:47 2023 -0700 Merge pull request #1298 from cloudflare/dependabot/go_modules/github.com/lib/pq-1.10.9 build(deps): bump github.com/lib/pq from 1.10.1 to 1.10.9 commit 11796e1478655e4f8618ea3d5875b98ed7f48526 Merge: c1cdc1bc bf9636a0 Author: Nicky Semenza Date: Fri May 12 10:11:20 2023 -0700 Merge pull request #1291 from ahrtr/bump_zlint_20230512 bump github.com/zmap/zlint/v3 from 3.1.0 to 3.4.1 commit bf9636a01e88945b1b2fbae19b37d37a9b6a30fe Author: Nicky Semenza Date: Fri May 12 09:34:41 2023 -0700 update lint test for bumped zlint commit 4a5a64d7e29d14d2aa947cf377ffe166ccf57954 Author: Benjamin Wang Date: Fri May 12 12:58:29 2023 +0800 bump github.com/zmap/zlint/v3 from 3.1.0 to 3.4.1 Signed-off-by: Benjamin Wang commit be9f3a384d4cfe0f00e54431bfb534c2889bb5ad Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri May 12 16:07:32 2023 +0000 build(deps): bump github.com/lib/pq from 1.10.1 to 1.10.9 Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.1 to 1.10.9. - [Release notes](https://github.com/lib/pq/releases) - [Commits](https://github.com/lib/pq/compare/v1.10.1...v1.10.9) --- updated-dependencies: - dependency-name: github.com/lib/pq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] commit 04f6d3e068bdc95b0c7b60911ff6f1760e1703f6 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri May 12 16:07:05 2023 +0000 build(deps): bump github.com/go-sql-driver/mysql from 1.6.0 to 1.7.1 Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.6.0 to 1.7.1. - [Release notes](https://github.com/go-sql-driver/mysql/releases) - [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md) - [Commits](https://github.com/go-sql-driver/mysql/compare/v1.6.0...v1.7.1) --- updated-dependencies: - dependency-name: github.com/go-sql-driver/mysql dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] commit c1cdc1bce69d276f492931ee02656c4187c569d6 Merge: 3e4a0601 03a86ea2 Author: Nicky Semenza Date: Fri May 12 09:06:21 2023 -0700 Merge pull request #1296 from cloudflare/dependabot/go_modules/github.com/jmoiron/sqlx-1.3.5 build(deps): bump github.com/jmoiron/sqlx from 1.3.3 to 1.3.5 commit 3e4a06013525875ba40313220aaa0e0f571b528a Merge: f37a685b e1d17772 Author: Nicky Semenza Date: Fri May 12 09:00:23 2023 -0700 Merge pull request #1293 from cloudflare/dependabot/github_actions/docker/build-push-action-4 build(deps): bump docker/build-push-action from 3 to 4 commit f37a685b3e172e9d4f2aa4e5f6622f33afb94375 Merge: 58b12e72 e2461488 Author: Nicky Semenza Date: Fri May 12 09:00:10 2023 -0700 Merge pull request #1294 from cloudflare/dependabot/go_modules/github.com/prometheus/client_golang-1.15.1 build(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.15.1 commit 03a86ea2cddbcb84900d462c6ac6597ddd883e95 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri May 12 15:45:58 2023 +0000 build(deps): bump github.com/jmoiron/sqlx from 1.3.3 to 1.3.5 Bumps [github.com/jmoiron/sqlx](https://github.com/jmoiron/sqlx) from 1.3.3 to 1.3.5. - [Commits](https://github.com/jmoiron/sqlx/compare/v1.3.3...v1.3.5) --- updated-dependencies: - dependency-name: github.com/jmoiron/sqlx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] commit 58b12e72ad7adc4429e26cb641eb9e9c7130e21a Merge: 214bd576 5f34df79 Author: Nicky Semenza Date: Fri May 12 08:45:53 2023 -0700 Merge pull request #1289 from cloudflare/nicky/docker-arch fix architecture for docker builds commit e2461488a140d0814d702b0a6746c962afc6ff44 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri May 12 15:45:42 2023 +0000 build(deps): bump github.com/prometheus/client_golang Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.13.0 to 1.15.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.13.0...v1.15.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] commit e1d1777290871c186e482eaca1955569090c3b05 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri May 12 15:45:34 2023 +0000 build(deps): bump docker/build-push-action from 3 to 4 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] commit 214bd576c4dd15fded3e3bba8a0557fce7fac92b Merge: 88bfcbf5 2b2dd1a7 Author: Nicky Semenza Date: Fri May 12 08:45:11 2023 -0700 Merge pull request #1292 from ahrtr/configure_dependabot_20230512 configure dependabot commit 2b2dd1a75a3972bc1e9b9101f6096088ff4143db Author: Benjamin Wang Date: Fri May 12 13:03:50 2023 +0800 configure dependabot Signed-off-by: Benjamin Wang commit f6cb3e8a12c79fd074c0ef514aba1d25e0f73436 Author: Nicky Semenza Date: Thu May 11 12:41:54 2023 -0700 build pacakges with latest go disabling buildvcs for now, seems to be related to https://github.com/golang/go/issues/51253 commit 88bfcbf5e0fdbb6d8ddbb89e51618b0dc40bd9f5 Merge: 415a59e1 e9d07906 Author: Nicky Semenza Date: Tue May 2 09:00:41 2023 -0700 Merge pull request #1288 from kbdharun/master CI: bump actions version, fix node 12 deprecation warning commit 5f34df79341ba7f3aa734926f7347078a02b2907 Author: Nicky Semenza Date: Wed Apr 26 10:35:05 2023 -0700 fix architecture for docker builds it seems that specifing the platform arg is not needed / incorrect for github actions: https://github.com/docker/build-push-action/issues/668#issuecomment-1213063705 resolves #1287 commit e9d07906f1f5cf1a26fd1ffbe02747a4d7420e3c Author: K.B.Dharun Krishna Date: Fri Apr 28 11:53:13 2023 +0530 go.yml: update actions/checkout to v3, actions/setup-go to v4 commit 76629b56e45ca81359a377d22485ff8f214bf364 Author: K.B.Dharun Krishna Date: Fri Apr 28 11:50:46 2023 +0530 snapshot.yml: update actions/checkout to v3 commit 415a59e18b98f13c65ae51baf07df40aa281c782 Merge: 908df500 636ddf8b Author: Nicky Semenza Date: Wed Apr 26 10:35:39 2023 -0700 Merge pull request #1282 from patrickelectric/arm commit 636ddf8b9e5073cd3ba80897edcbe7d6b11a8838 Author: Patrick José Pereira Date: Tue Apr 18 18:01:34 2023 -0300 goreleaser: Add ARMv7 binaries Such boards are still available Signed-off-by: Patrick José Pereira commit 908df500cbbd167cf4ad0e1766e7273a7c607c7c Merge: b4d0d877 2fab338a Author: Nicky Semenza Date: Wed Apr 19 09:07:50 2023 -0700 Merge pull request #1285 from cloudflare/nicky/goreleaser-action-snapshot commit 2fab338a5e797b5992a8a0cd85f2fe36b58df26b Author: Nicky Semenza Date: Wed Nov 30 09:04:17 2022 -0800 add workflow to run goreleaser snapshot commit b4d0d877cac528f63db39dfb62d5c96cd3a32a0b Merge: 6b3f2331 6e8b0316 Author: Nicky Semenza Date: Tue Mar 28 08:57:26 2023 -0700 Merge pull request #1277 from cloudflare/nicky/docker push images to github/docker container registry commit 6e8b03168b08906a3e39b33f6779dfa9a9dab843 Author: Nicky Semenza Date: Tue Mar 21 16:17:15 2023 -0700 push images to github/docker container registry relates to #1265 commit 6b3f23319ae12650ddc738ef1e4176bd068fe3b2 Merge: a8697b2e cf63dcbf Author: Nicky Semenza Date: Tue Mar 21 16:16:15 2023 -0700 Merge pull request #1267 from shahidhs-ibm/s390x-multiarch Add support to multi architecture docker image using github action commit a8697b2ed5173a3c9d9391772c05dc2379482939 Merge: 4db924a7 51a7fa85 Author: Nicky Semenza Date: Tue Mar 21 16:11:51 2023 -0700 Merge pull request #1273 from ehershey/patch-2 Make api intro.txt references links commit 4db924a7ae723f8ae764e6adcae1e9207f1c1727 Merge: c5e40da6 fcde786e Author: Nicky Semenza Date: Wed Mar 8 09:56:25 2023 -0800 Merge pull request #1274 from cloudflare/dependabot/go_modules/golang.org/x/net-0.7.0 build(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 commit fcde786e4e604306415c347527839d9179d6ab22 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Feb 18 03:23:06 2023 +0000 build(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.2.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] commit 51a7fa85befb7cf5bf1bf5de84f06a9b44e9da4a Author: Ernie Hershey Date: Thu Feb 16 00:56:34 2023 -0500 Make api intro.txt references links commit cf63dcbff72726324f0370afa8bae0194a5681ad Author: Shahid Date: Tue Feb 7 14:08:43 2023 +0530 Update Dockerfile Incorporating review comments https://github.com/cloudflare/cfssl/pull/1267#discussion_r1083943730 and https://github.com/cloudflare/cfssl/pull/1267#discussion_r1083963991 commit 8467879cdfaede36ab545bf873deb8497d41f3e5 Author: Shahid Date: Tue Feb 7 14:05:24 2023 +0530 Update Makefile Adding check before using `GOOS` and `GOARCH` variables in `go build` command. Ref. https://github.com/cloudflare/cfssl/pull/1267#discussion_r1083938333 commit b37103e9542a298ff32511a73298216a5e5c856e Author: Shahid Date: Tue Jan 10 19:27:54 2023 +0530 Add support to multi architecture docker image using a github action commit c5e40da603065e56dbb3c2c443609a855aa7d79c Merge: 2ac5c8a1 1382f3b0 Author: Nicky Semenza Date: Thu Dec 8 08:57:09 2022 -0800 Merge pull request #1262 from thaJeztah/remove_go_net commit 1382f3b0bd966cbf881250af13845a301a97e73a Author: Sebastiaan van Stijn Date: Thu Dec 8 02:50:50 2022 +0100 remove use of obsolete golang.org/x/net/context package This package is an alias for "context", which has been part of stdlib since go1.7, so should no longer be needed. Signed-off-by: Sebastiaan van Stijn commit 2ac5c8a1c1eadac50649678e9d638b165a61a58f Merge: 37715e73 fa8441a9 Author: Nicky Semenza Date: Tue Dec 6 10:08:57 2022 -0800 Merge pull request #1260 from linux-on-ibm-z/s390x-binary-enablement Binary enablement for s390x commit fa8441a97a6f4d400230b7753b60755c256cf0e2 Author: Shahid Shaikh Date: Wed Nov 30 03:51:47 2022 -0800 Binary enablement for s390x commit 37715e73dc6c71533a0c7381348239468b47dcb7 Merge: 123abe0b 39c4590c Author: Nicky Semenza Date: Tue Nov 29 08:46:16 2022 -0800 Merge pull request #1259 from sonork/master Add linux/arm64 Build commit 123abe0b8fdc0540b96b8f127d2ef73414491084 Merge: a4a432ba 00a28f65 Author: Nicky Semenza Date: Wed Nov 23 09:05:34 2022 -0800 Merge pull request #1187 from jonathanio/improve-ocspserve-ipv6-handling Improve IPv6 address handling in ocspserve commit 39c4590c8a3a566d8ed437cdb4d118caf2fa6e38 Author: Michael Wiesenbauer Date: Wed Nov 23 09:16:30 2022 +0100 add arm64 on all linux binaries commit a4a432ba1e23ac001fdd90f26b43e7759549441e Merge: cfd0e9ab 0eecfe20 Author: Nicky Semenza Date: Tue Nov 22 09:12:34 2022 -0800 Merge pull request #1257 from thaJeztah/remove_goutils transport/ca/localca: New(): return error instead of calling os.Exit(1), remove github.com/kisom/goutils/assert commit c09440215f80f186550982193f92e3d8ff0263bb Author: Michael Wiesenbauer Date: Tue Nov 22 12:13:28 2022 +0100 remove docker socket volume mount commit 4dd587dbb11450ba27db56af282e14675d06df57 Author: Michael Wiesenbauer Date: Tue Nov 22 12:12:04 2022 +0100 remove privileged argument from docker runs commit 540aeaf9efeb4e26912f87c06c8b97ac3d8fa035 Author: Michael Wiesenbauer Date: Mon Nov 21 13:20:42 2022 +0100 remove external linker in linux builds commit c383f2add921c88a23f39d292a8336900bea5e44 Author: Michael Wiesenbauer Date: Mon Nov 21 13:16:20 2022 +0100 use cgo only in darwin builds commit 24b3ec5c2f27d7edebf8dbea5b5955858220c5e4 Author: Michael Wiesenbauer Date: Mon Nov 21 11:13:36 2022 +0100 use gythialy/golang-cross for snapshot builds commit 188cfa4871a6883c202d500ced4711ad434e2a7d Author: Michael Wiesenbauer Date: Mon Nov 21 10:08:03 2022 +0100 include linux/arm64 in builds commit 0eecfe207f46635217e1e543e5638c9e88cad3db Author: Sebastiaan van Stijn Date: Sun Nov 20 12:41:54 2022 +0100 transport/ca/localca: remove uses of deprecated io/ioutil Using their replacements instead. Also making use of t.TempDir(), to let Go's testing take care of cleaning up. Signed-off-by: Sebastiaan van Stijn commit b069c865435fd29bc93168a6832c3364b17a2147 Author: Sebastiaan van Stijn Date: Sun Nov 20 12:34:12 2022 +0100 transport/ca/localca: remove unused testGenerateKeypair utility This was added in 56dfed7c82597110116d549dc1c990a5e24d1db7, but never used. Signed-off-by: Sebastiaan van Stijn commit 5937a3f33738b1be432168d46b8dc818fe141724 Author: Sebastiaan van Stijn Date: Sun Nov 20 12:27:14 2022 +0100 transport/ca/localca: remove uses of github.com/kisom/goutils/assert This package was the only package using this assertion library. Looking for a replacement, all packages (except for one) in this repository were not using an assertion library, so replacing it with standard checks. Signed-off-by: Sebastiaan van Stijn commit 4607acedb3dfc22ea832dcfa1bddfbb5f800d3e6 Author: Sebastiaan van Stijn Date: Sun Nov 20 12:18:23 2022 +0100 transport/ca/localca: New(): return error instead of calling os.Exit(1) This code was added in 56dfed7c82597110116d549dc1c990a5e24d1db7, but now has become the only use of github.com/kisom/goutils/assert, which previously was used in tests, and now is archived (moved to a new module). There were a couple of issues with this code; The `assert.NoError` appears to have a bug; it accepts optional arguments, but those are ignored; https://github.com/kisom/goutils/blob/v1.4.3/assert/assert.go#L90-L99 In this case, it meant that the additional information to describe the error won't be printed. Looking at the code (https://github.com/kisom/goutils/blob/v1.4.3/assert/assert.go#L35-L45), it defaults (`GOTRACEBACK` anything other than "crash") using `os.Exit(1)`. While (from the description), program execution MUST be terminated, there are some downsides to using `os.Exit` here, as it terminates execution immediately (which is desirable), but has no way to recover. While users should NOT use the result in this case, they still may want to catch this error (without terminating the program as a whole, which may be problematic if this module is used as part of a service). `os.Exit` also does not execute pending `defer` statements, which may still be desirable to handle state cleanup. This patch changes the function to return an error instead, allowing the caller to handle the error. Signed-off-by: Sebastiaan van Stijn commit cfd0e9ab2afa2101e9cf7647babf7eec2c3d4829 Merge: c71f9f68 052932c1 Author: Nicky Semenza Date: Mon Nov 21 13:44:33 2022 -0800 Merge pull request #1255 from thaJeztah/update_gomod go.mod: update for go1.18 and update/remove obsolete dependencies commit c71f9f68dbbb2bdb90ff95db71c05ab94a330a6d Merge: b553d93a 68b96f84 Author: Nicky Semenza Date: Mon Nov 21 13:41:24 2022 -0800 Merge pull request #1258 from thaJeztah/remove_ioutils chore: remove uses of deprecated io/ioutil commit 68b96f84a7e2891320491683ce4e28a4591c36fd Author: Sebastiaan van Stijn Date: Sun Nov 20 13:58:17 2022 +0100 doc: remove mention of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit f277884f6332b9f3c3a2e9b5a467856cb6b930e3 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:58:04 2022 +0100 selfsign: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit f98ae4a6790151daf96162528a07a8756023c85f Author: Sebastiaan van Stijn Date: Sun Nov 20 13:57:50 2022 +0100 revoke: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 9d4d8c6779a1dc71d3c1678f3420b9e01e99f888 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:57:39 2022 +0100 multiroot: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit df5893e91e4e72e08b0f824ba32b15644d134918 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:57:27 2022 +0100 initca: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 62ebbe3726683f1716a55c92363f7eef043345f9 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:56:29 2022 +0100 csr: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 31652f3d0c5cdea571d94e08123a34e69de1e7c9 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:56:10 2022 +0100 crl: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 77a52e775f073de941b01388a9e7362da5ef1218 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:55:37 2022 +0100 config: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 7c1b3588da2292c39966676b118cb72d3262fea5 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:55:24 2022 +0100 certinfo: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 7025962aaa5975891ca0ef8d317f452d79c41922 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:55:07 2022 +0100 certdb: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit c9e5b44932223adb111e354e2cc00af434228b54 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:54:25 2022 +0100 whitelist: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 052932c167809da1e64de0d7e061e425164fff43 Author: Sebastiaan van Stijn Date: Sun Nov 20 00:33:41 2022 +0100 go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2 adds go module support Signed-off-by: Sebastiaan van Stijn commit 3eb1f2940731045ef9e94e53582f3f880d7fa3bb Author: Sebastiaan van Stijn Date: Sun Nov 20 00:18:26 2022 +0100 go.mod: golang.org/x/crypto v0.3.0 Signed-off-by: Sebastiaan van Stijn commit 706ae75e7314493ef46bd278f6c4faed08f019b1 Author: Sebastiaan van Stijn Date: Sun Nov 20 00:46:44 2022 +0100 go.mod: golang.org/x/net v0.2.0 the golang.org/x projects now tag releases. Signed-off-by: Sebastiaan van Stijn commit 1ddff47e3db73d5374c9c6e822b361153a06d461 Author: Sebastiaan van Stijn Date: Sun Nov 20 00:09:20 2022 +0100 go.mod: github.com/jmhodges/clock v1.2.0 Adds go module support. No code changes in vendored files full diff: https://github.com/jmhodges/clock/compare/880ee4c33548...v1.2.0 Signed-off-by: Sebastiaan van Stijn commit 59534b3c34eeea05e9d0ba22b3543b2312e6af91 Author: Sebastiaan van Stijn Date: Sun Nov 20 00:04:56 2022 +0100 go.mod: github.com/cloudflare/redoctober v0.0.0-20211013234631-6a74ccc611f6 Adds go module support and drops various obsolete dependencies; full diff: https://github.com/cloudflare/redoctober/compare/99c99a8e7544...6a74ccc611f6 Signed-off-by: Sebastiaan van Stijn commit 0cb76cee3fd9110af602ce9b5b930c0a7a056b29 Author: Sebastiaan van Stijn Date: Sat Nov 19 23:59:37 2022 +0100 go.mod: github.com/google/certificate-transparency-go v1.1.4 This version drops a great number of (indirect) dependencies Signed-off-by: Sebastiaan van Stijn commit 1c31e687d9b60adc5795aa107971584a2ecc2a7a Author: Sebastiaan van Stijn Date: Sun Nov 20 00:50:14 2022 +0100 remove deprecated golint (golang.org/x/lint) CI is already using golangci-lint, which should cover whatever golint was still covering. Signed-off-by: Sebastiaan van Stijn commit d90536d5434a63ac5e6552745848282619e4f43f Author: Sebastiaan van Stijn Date: Sun Nov 20 14:26:50 2022 +0100 all: gofmt for go1.18 (fixes missing build-tags) Signed-off-by: Sebastiaan van Stijn commit d7e9e5fab6848ab355aa01049626ea8dd03c260a Author: Sebastiaan van Stijn Date: Sun Nov 20 13:53:31 2022 +0100 ubiquity: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 8bd4af2b3b90449b45f798a6ffaee31fc21881bc Author: Sebastiaan van Stijn Date: Sun Nov 20 13:49:48 2022 +0100 transport: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 6a932bb7bf8ce68afc752af67d61804c7cedf739 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:49:30 2022 +0100 scan: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 5b8919c197a03bc3f2651f9ca11fc19c5c22bdd1 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:49:03 2022 +0100 ocsp: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit e7d48f1cd9f17db0ae4bab8e05b5b864bd0d685d Author: Sebastiaan van Stijn Date: Sun Nov 20 13:48:33 2022 +0100 signer: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit b27c723cccb13f14dc6b3936415bdd7759ab930b Author: Sebastiaan van Stijn Date: Sun Nov 20 13:47:22 2022 +0100 helpers: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit fc8619eae3f3734998c8dab9fe574dbd16ff1f50 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:47:00 2022 +0100 cmd: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 45225c2f2246b8037f39b5af192f425db9d308ec Author: Sebastiaan van Stijn Date: Sun Nov 20 13:46:26 2022 +0100 cli: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 6f34ba02802b99dddceccd9685cf764418b206d7 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:45:10 2022 +0100 bundler: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 2bc4f21a8c8e8e559c9969acfd7f7f9b5a2c1c72 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:44:33 2022 +0100 auth: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 941a1cde099d8ad7655d4239eb2e283c58591241 Author: Sebastiaan van Stijn Date: Sun Nov 20 13:44:03 2022 +0100 api: replace uses of deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn commit 28c127eebf13a457da4048e8fa08200aa502c4c3 Author: Sebastiaan van Stijn Date: Sat Nov 19 23:55:03 2022 +0100 go.mod: tidy and vendor with go1.18 go1.17 and older are deprecated and no longer tested in CI Signed-off-by: Sebastiaan van Stijn commit b553d93abe2c9749c86b3c375be43770b7c3b17e Merge: 079aed0a 879b1d38 Author: Nicky Semenza Date: Mon Nov 7 10:23:10 2022 -0800 Merge pull request #1254 from thaJeztah/remove_go1.12_support helpers/derhelpers: remove support for go1.12 commit 879b1d38a56467eccd595812bbf8b2bc71f5d0ea Author: Sebastiaan van Stijn Date: Sun Nov 6 02:17:31 2022 +0100 helpers/derhelpers: remove support for go1.12 go1.12 has reached EOL when go1.14 was released in 2020, so it should be safe to remove now. Also removing uses of golang.org/x/crypto/ed25519, which is now part of stdlib: Beginning with Go 1.13, the functionality of this package was moved to the standard library as crypto/ed25519. This package only acts as a compatibility wrapper. This partially reverts e45ead24ff2d3a16f9c662d6f3b787176096049e / 81e54732c78bc0320d4f6061b9d27b441d8ff8f7 Signed-off-by: Sebastiaan van Stijn commit 079aed0a45c58d019740b4de1811e2116eae6866 Merge: d4be5f51 e0c522a3 Author: Nicky Semenza Date: Tue Oct 4 09:00:58 2022 -0700 Merge pull request #1249 from cloudflare/nicky/new-db-accessor add db accessor to get unexpired certs by labels, add DB tests back to CI commit e0c522a34cb793a4beb7a092112b57a1f913c75a Author: Nicky Semenza Date: Mon Oct 3 16:02:44 2022 -0700 add test for GetUnexpiredCertificatesByLabel commit a9a2c2e4be1a3f087451cf971a79fd76c0febbc8 Author: Nicky Semenza Date: Mon Oct 3 15:09:18 2022 -0700 add postgres and mysql tests back to CI resolves #1238 commit d4488a84e2595902f2b0bf2eaead2d9d3bd5fa83 Author: Nicky Semenza Date: Mon Oct 3 13:54:55 2022 -0700 add DB accessor to get unexpired certs by one or more labels commit d4be5f51fd039a532d63f2bca4c6fb2551dfed58 Merge: 4e654dd0 d9b0432a Author: Nicky Semenza Date: Thu Sep 22 08:57:50 2022 -0700 Merge pull request #1245 from sevan/patch-2 commit 4e654dd020506d64966159d2547040c4d72c0b03 Merge: ffddf3ab 97e7ff29 Author: Nicky Semenza Date: Thu Sep 22 08:57:42 2022 -0700 Merge pull request #1246 from sevan/patch-3 commit ffddf3ab3da7a094f546aad1a5f5d1fc431047e6 Merge: bba3a201 40209b17 Author: Nicky Semenza Date: Thu Sep 22 08:57:32 2022 -0700 Merge pull request #1244 from sevan/patch-1 commit 97e7ff29bc08fcc75006afe5238c17e9be300a1b Author: Sevan Janiyan Date: Fri Sep 2 00:19:34 2022 +0100 doc/api/intro.txt: there are 13 endpoints sorte and document certinfo & revoke endpoints. commit d9b0432a55b04f9189cd089678b41109fa07c000 Author: Sevan Janiyan Date: Thu Sep 1 22:59:56 2022 +0100 doc/cmd/multiroot.txt: Add dbconfig to example multirootca/config was moved to the root of the source directory. commit 40209b175f798d3e3f282a731ba16de59ee9191b Author: Sevan Janiyan Date: Thu Sep 1 22:27:31 2022 +0100 doc/cmd/cfssl.txt: grammar commit bba3a2015ca4ad91f5b2c61c5876f0ecbfcb39bc Author: Nicky Semenza Date: Fri Aug 26 11:51:10 2022 -0700 update release make target to use go 1.18 commit cacf1702e49e95c402b3b041a1689965e784dadd Merge: 81f1f19f 73645931 Author: Nicky Semenza Date: Wed Aug 24 10:57:20 2022 -0700 Merge pull request #1241 from cloudflare/nicky/bump-crypto chore: bump golang.org/x/crypto commit 81f1f19fe6c83482a0f86dc87b1596f62138c246 Merge: a3eea0c1 f1e6594a Author: Nicky Semenza Date: Wed Aug 24 10:54:57 2022 -0700 Merge pull request #1213 from akamac/patch-1 add health endpoint to docs commit 73645931e8ffcb9234a8dadba192fa83fc69c506 Author: Nicky Semenza Date: Wed Aug 24 10:51:19 2022 -0700 chore: bump golang.org/x/crypto Resolves #1226 commit a3eea0c13300dd9c1d9110c208c2540325d0490b Merge: 7614d6ca 23c92b07 Author: Nicky Semenza Date: Wed Aug 24 10:46:18 2022 -0700 Merge pull request #1239 from cloudflare/nicky/add-gh-actions add github Actions to replace travis commit 23c92b07d69cac29e39c04b34ae7727759fdf1fc Author: Nicky Semenza Date: Sun Jan 24 10:06:25 2021 -0800 add github Actions to replace travis Travis hasn't been running for ~ 1 year, this adds some basic Actions tests so that there's some form of CI running * some certs have expired since, filed #1237 to handle fixing those * this doesn't quite have feature parity - namely missing the tests that run against the database. (filed #1238) commit 7614d6cad35dd6d33c8c1fc2e2db5d9ce111e56b Merge: 04def84a 33661a29 Author: Nicky Semenza Date: Fri Aug 19 10:34:05 2022 -0700 Merge pull request #1236 from blotus/use-go-embed Replace go.rice with go embed commit 33661a291000b3e21419f9418760304cec018015 Author: Sebastien Blot Date: Wed Aug 17 13:23:14 2022 +0200 min go version is now 1.16 commit 3d2d3b520937be058f1f1b217f1947555be662da Author: Sebastien Blot Date: Wed Aug 17 13:22:51 2022 +0200 update Dockerfiles to use go 1.16 commit 33ed56286f3847949fc3607461c8351ba6bce804 Author: Sebastien Blot Date: Wed Aug 17 13:14:07 2022 +0200 remove go.rice dependency commit 9ca1d0a10e7414ea22c23b7b77153a6028c51a8a Author: Sebastien Blot Date: Wed Aug 17 13:08:46 2022 +0200 use go:embed commit 04def84a58a0220d5adec64406b28a8e1ec6f716 Merge: e6502bb7 547d051e Author: Nicky Semenza Date: Tue May 24 10:41:16 2022 -1000 Merge pull request #1231 from boranx/readme-go1.18-install docs: add go install commit 547d051ee560db1e0459b9e24d48934f7fd03b63 Author: boranx Date: Tue May 24 12:50:06 2022 +0200 docs: add go install commit e6502bb7ffe4ee576227c9123a101deda248884c Merge: 503b4d7b 34ce3de5 Author: Nicky Semenza Date: Wed Jan 19 08:37:23 2022 -0800 Merge pull request #1224 from romantomjak/master commit 34ce3de5d5868b670f5bb224dc3e33875e1d5c7e Author: Roman Tomjak <6570684+romantomjak@users.noreply.github.com> Date: Sun Jan 16 12:05:33 2022 +0000 add support for m1 macs commit f1e6594a1fa8e5d1873733aa84b4d5b0dcafb427 Author: Alexey Miasoedov Date: Thu Dec 2 14:02:28 2021 +0300 add health endpoint to docs commit 503b4d7bdf090b00d20d67dcc1d129163c86d5c7 Merge: 29ae05fe a8591c38 Author: Watson Ladd Date: Wed Sep 15 14:32:28 2021 -0700 Merge pull request #1205 from cloudflare/watson/fix-delegation-support Support for DelegationUsage extension commit a8591c383218ee9869cbc152ebebf2502895cbdb Author: Watson Ladd Date: Tue Sep 14 15:51:13 2021 -0700 Support for DelegationUsage extension This special cases the DelegationUsage extension, copying it to the output when signing. It also adds support for a flag delegation_enabled in certificate specifications. I have manually confirmed this works. commit 29ae05fe80e1a9c704ddad7002d90ade7a38cb29 Merge: f4208c64 e582ed4c Author: Nicky Semenza Date: Wed Jul 14 15:06:11 2021 -0700 Merge pull request #1189 from cloudflare/nicky/fix-coreos-mod-rename commit f4208c6426fc943869353262c073f96a062ec0ef Merge: 1f29b040 19c09ff6 Author: Nicky Semenza Date: Thu Jun 17 12:50:52 2021 -0700 Merge pull request #1195 from BowonY/bowon/avoid-select-all commit 19c09ff6ad5a2a2625647dd993d4b742d8508b01 Author: Bowon Yang Date: Thu Jun 17 12:09:53 2021 -0700 pick columns to get revoked/unexpired certs commit 1f29b040495c08c983351455acc957826d2e597f Merge: 6dd12c2d 87f86f18 Author: Nicky Semenza Date: Mon Jun 7 17:25:49 2021 -0700 Merge pull request #1191 from Rutori/loglevel-multiroot-ca commit 87f86f189b1fad65d1c08e9cee58e6983e27893f Author: Rutori Date: Mon May 24 17:28:13 2021 +0300 Add loglevel flag for multiroot-ca commit e582ed4cfff7e0875c8136fe00e790ca29b81450 Author: Nicky Semenza Date: Tue May 11 15:46:31 2021 -0700 remove -u flag from readme, link to releases commit bea2d3db90fe13a9d4c220a9ef506a82af4b1b9f Author: Nicky Semenza Date: Tue May 11 10:32:00 2021 -0700 remove old go versions from travis commit b2552cabdf56f79fe67618bea930916d7ad47089 Author: Nicky Semenza Date: Fri Apr 2 15:38:55 2021 -0700 fix upgrading transitive coreos dependency breakage The root of the problem is that the latest semver release of https://github.com/google/certificate-transparency-go is from 2018, and the etcd packages have been renamed since. For some reason the readme instructs the usage of `-u` with go get, so this upgrades that to the latest version, along with some other packages that are years out of date. more context at: https://github.com/etcd-io/etcd/issues/11749 resolves #1142, resolves #1182 resolves #1183 resolves #1188 commit 00a28f6561cfaebeb8dd59c930137fb327088ae5 Author: Jonathan Wright Date: Sat May 8 18:20:40 2021 +0100 Improve IPv6 address handling in ocspserve When setting an IPv6 address to listing on via the -address command-line argument for both serve and ocspserve, the latter errors with "listen tcp: address ::1:8889: too many colons in address" unless it is escaped. However, the former uses the net library to process the address and port, which results in the enforced escaping of IPv6 addresses regardless of if the address is already enclosed in square brackets (e.g. [::1]). This changes oscpserve to use the same net library call as serve to provide consistency between the two calls when handling IPv6 addresses. commit 6dd12c2d4cf9471540566d3758ac744a4cdfd943 Merge: 0707dc7c 57d4044c Author: Nicky Semenza Date: Fri Mar 26 10:14:02 2021 -0700 Merge pull request #1157 from mayocream/patch-1 commit 0707dc7c7679d3d9b4e53f5b3193844df64b20cc Merge: b1512a1f ea20c62e Author: Nicky Semenza Date: Fri Mar 26 10:12:42 2021 -0700 Merge pull request #1181 from myokoyama28/fix-certadd commit ea20c62e8f777ba0de98fdf406016c2d71a1d98e Author: myokoyama28 Date: Tue Mar 23 15:26:37 2021 +0900 fix lint errors commit 6b41bfc832dbb3d4a4d226109e128396be7d6e31 Author: myokoyama28 Date: Tue Mar 23 15:10:58 2021 +0900 fix serve_test.go commit 9af920455ab53a5b95c9e1fa46f447b45cc568c7 Author: myokoyama28 Date: Tue Mar 23 13:53:47 2021 +0900 make certadd available commit b1512a1f2b696488459832cf5ec4ec3d59f4cd1b Merge: 2215630d 9b27d0d8 Author: Max Nystrom Date: Wed Feb 24 17:57:51 2021 -0800 Merge pull request #1172 from aklyachkin/master Support for E attribute (emailAddress) in CSR commit 2215630d72a34603d912d2715f9c39e8a6c4328c Merge: c6f04ed9 152fb8b0 Author: Nicky Semenza Date: Wed Feb 24 12:02:09 2021 -0800 Merge pull request #1175 from chienfuchen32/patch-1 Add http response close in client post function commit 152fb8b0d7fb5c8d1fa7c29e81d308e008c0eee9 Author: 陳傑夫 Date: Tue Feb 16 15:26:03 2021 +0800 Add http response close in client post function commit c6f04ed940e8ab5f52f583ac07cca9849f71a226 Merge: 6eb16407 84e7ff5e Author: Nicky Semenza Date: Fri Feb 12 15:29:03 2021 -0800 Merge pull request #1174 from nickysemenza/go-metrics-prometheus replace deprecated go-metrics with prometheus commit 84e7ff5e1a6fc982b2627395acc520f192ec18f0 Author: Nicky Semenza Date: Tue Feb 9 17:53:04 2021 -0800 chore(multirootca): replace deprecated go-metrics with prometheus This _is_ a breaking change. commit 6eb1640765c7330eb7a67b4556ab5f12c6b9455e Merge: 9f7129a6 f247e5be Author: Nicky Semenza Date: Mon Feb 8 17:31:41 2021 -0800 Merge pull request #1173 from iguanesolutions/revoke_leak revoke: fix connection leak commit f247e5be73a3b69ab9ba011c17c1e1b05a7b8c6a Author: Benjamin Gustin Date: Mon Feb 8 13:27:32 2021 +0100 revoke: fix connection leak commit 9b27d0d80ebfdab86f3b54d64f194e726818d236 Author: aklyachkin Date: Mon Feb 8 13:17:54 2021 +0100 support for E attribute in CSR commit 9f7129a65ac028f14451258d860bf3efd3e63576 Merge: 57882e0a 5628e979 Author: Nicky Semenza Date: Mon Feb 1 08:36:33 2021 -0800 Merge pull request #1163 from akgmartin/master commit 5628e979a3ac93446abc504656e4e15e2784bdef Merge: 38b82406 b156a8c1 Author: akgmartin Date: Fri Jan 29 15:31:43 2021 -0600 Merge pull request #1 from benbuzbee/benbuz/tests Fix tests and add OID test commit b156a8c16c79634bdd2ea6795a1d75a8526b186e Author: Ben Buzbee Date: Fri Jan 29 21:25:54 2021 +0000 Fix tests and add OID test commit 38b82406acc59d214d4d282d0dcb592a40770f52 Author: Andy Martin Date: Thu Dec 31 10:55:56 2020 -0600 Added support for general OID names in CSRs commit 57882e0acfd6cd873edb826bfcf0505662a56ab0 Merge: 3cc617f2 1c752601 Author: Nicky Semenza Date: Sun Jan 24 09:48:42 2021 -0800 Merge pull request #1170 from qinghai5060/fixErrorCheck fix error check when check signature commit 1c7526010688af74c36733d69dcccebd0c23c19e Author: root Date: Sun Jan 24 20:22:24 2021 +0800 fix error check when check signature commit 3cc617f27de99f13068b41960b52a62015616e97 Merge: 23b638f5 7a59a7db Author: Nicky Semenza Date: Tue Jan 12 09:10:30 2021 -0800 Merge pull request #1164 from grongor/dont-use-default-http-client Allow users to use custom HTTP client commit 7a59a7dbae656717661d880ecdb35990334cda8a Author: Jakub Chábek Date: Tue Jan 5 12:17:44 2021 +0100 Allow users to use custom HTTP client commit 23b638f5a9370a5f13fb22f9d7b909f1bc0e0205 Merge: c75db4fe c90849d7 Author: Nicky Semenza Date: Tue Dec 22 11:28:16 2020 -0800 Merge pull request #1160 from orangepizza/zlint_upgrade commit c90849d7dc60036d73fb68f738f29eb54099c39e Author: abnoeh Date: Tue Dec 22 16:08:53 2020 +0000 update zlint to v3.0.0 commit c75db4fe0dff203f6291e149e1dbe253db30c18a Merge: a538700a d103ea14 Author: Nicky Semenza Date: Fri Dec 11 13:42:20 2020 -0800 Merge pull request #1156 from mayocream/master format json indent commit 57d4044c66be4a8c7c22067db781352ed77644c7 Author: Han Huang Date: Wed Dec 9 17:59:16 2020 +0800 trigger commit 763faa7f5632a49d4d40eb2c282c33ad352e23a6 Author: 真夜 <35420264+mayocream@users.noreply.github.com> Date: Wed Dec 9 13:49:43 2020 +0800 fix: cfssl provider support SAN URI commit d103ea147140377e6179a8fd1a3d27ac3426c81c Author: Mayo Date: Mon Dec 7 13:45:42 2020 +0800 format json indent commit a538700acfbab2ae160df7c145207f0c3114e5d3 Merge: aebbc137 9f1ff979 Author: Nicky Semenza Date: Mon Nov 23 08:25:44 2020 -0800 Merge pull request #1151 from nagesh4193/master Add Power Support ppc64le commit 9f1ff9797cd9d5a64b79dae69b93898365b9c7c9 Author: nagesh4193 <70690392+nagesh4193@users.noreply.github.com> Date: Mon Nov 23 12:43:41 2020 +0530 Add Power Support ppc64le commit aebbc137271af51055fb97ea77be67a1868a3d21 Merge: c1bf7b99 f712ad9e Author: Nicky Semenza Date: Fri Nov 13 14:46:11 2020 -0800 Merge pull request #1143 from nickysemenza/add-go-1.15 commit c1bf7b99b33c754afc837dc43d4619de162dee5f Merge: 9ccff9a3 a22fd94a Author: Nicky Semenza Date: Fri Nov 13 11:06:09 2020 -0800 Merge pull request #1119 from jbampton/fix-spelling Fix spelling commit f712ad9e454aec2d0ec40979fb3375bd71e67a2c Author: Nicky Semenza Date: Fri Nov 13 10:00:24 2020 -0800 copy over ca-bundle and int-bundle testdata from cloudflare/cfssl_trust commit 9ccff9a3f5332b52a6103a3876bdc990be872163 Merge: 816bb927 7f460093 Author: Nicky Semenza Date: Mon Nov 9 12:37:41 2020 -0800 Merge pull request #1145 from AshleyPoole/ash/add-health-api-doc Add documentation for API health endpoint commit 7f460093583f10da924467345a42f48af6f2438b Author: Ashley Poole Date: Sun Nov 8 12:16:12 2020 +0000 Add documentation for API health endpoint commit 5c037eb7f964ea31e38129ccefcc3039a65a838e Author: Nicky Semenza Date: Fri Nov 6 15:56:45 2020 -0800 chore: add go 1.15 to travis commit 816bb92712c79b67d5eb4bf918ab1d3c67db111b Merge: e905e919 6152bbbf Author: Nicky Semenza Date: Wed Nov 4 16:19:59 2020 -0800 Merge pull request #1141 from nickysemenza/add-docker-push add Docker Hub push to release make target commit 6152bbbf41b60c5a7e204e48389365e5f4b3a0ad Author: Nicky Semenza Date: Wed Nov 4 15:01:25 2020 -0800 add Docker Hub push to release make target commit e905e919f68e0214990a445928752ece41a86038 Merge: d6ad84ed a0fb6096 Author: Nicky Semenza Date: Wed Oct 21 10:35:54 2020 -0700 Merge pull request #1137 from hugoboos/update-zlint Update dependency zlint to 2.2.1 commit d6ad84ed79e75c6be0dfc7a7e35fd26543df5f2c Merge: 8fb54138 e8f9337d Author: Nicky Semenza Date: Wed Oct 21 10:31:15 2020 -0700 Merge pull request #1136 from nickysemenza/fix-null-commonname fix(certdb): allow reading other null columns (part 2 of #1135) commit e8f9337d2c132653bedd6368b60a1a161a5d278c Author: Nicky Semenza Date: Tue Oct 13 15:36:41 2020 -0700 fix(certdb): allow reading other null columns (part 2 of #1135) This follows up #1135 to properly handle the case when columns written pre-migration have null values. commit 8fb54138795b4030fb4e6d0183660f71aa4d764d Merge: d1be3c20 34885de9 Author: Nicky Semenza Date: Thu Oct 15 09:42:47 2020 -0700 Merge pull request #1112 from RocketPuppy/patch-1 Document revocation parameter formats commit a0fb609621624e0a6b41bf649935fb9b24fe1499 Author: Hugo Stijns Date: Thu Oct 15 15:26:42 2020 +0200 update dependency zlint to 2.2.1 commit d1be3c20dd38c5e1044919090461a6cc9aad5072 Merge: 8e907d36 c7426dff Author: Nicky Semenza Date: Tue Oct 13 15:10:53 2020 -0700 Merge pull request #1135 from nickysemenza/fix-null-commonname fix selecting rows created before migration introduced in #1126 commit c7426dffe46a00aaceaa0ef191ac56b9bb88df4f Author: Nicky Semenza Date: Tue Oct 13 14:36:51 2020 -0700 fix(certdb): use `sql.NullString` for CertificateRecord.CommonName Rows inserted before the migration in #1126 will have the `common_name` set to NULL. This fixes selects for those rows. commit 8e907d36f0663163058b9f9a102bdc471ce40d9a Merge: 8090bcee 1b44b481 Author: Nicky Semenza Date: Fri Sep 25 14:46:16 2020 -0700 Merge pull request #1132 from asayyah/master Fix race condition in revoke commit 1b44b481724ef795de3ff08efabf8a7b29078c1d Author: Ali Sayyah Date: Fri Sep 25 10:55:04 2020 -0700 Fix race condition in revoke commit 8090bceefe6c9cc3b044197a8341bea2619d00a6 Author: Nicky Semenza Date: Fri Sep 25 10:25:11 2020 -0700 feat(authsign): store additional metadata/fields in `certdb` (#1126) This is a major change in that the included DB migrations *must* be run before the new version of `cfssl` is deployed. This allows for clients (i.e. https://github.com/cloudflare/certmgr) to send some additional optional fields to `/api/v1/cfssl/authsign` to be stored in `certdb`. It also starts saving SANs, common name, and NotBefore from the issued certificates so that they can be queried without having to parse the PEM. commit 046b174bc41a3d0d6e5c56c6e62783c461ac5c00 Merge: ca392c0f beeced86 Author: Nicky Semenza Date: Thu Sep 17 15:20:26 2020 -0700 Merge pull request #1129 from mitalirawat/mitali/SECENG-8092 Allowing CertificateRequest to take CRL url as input which can then be used on a cert commit beeced861039dcb4f2f378ed9efcb8ac71e766e4 Author: Mitali Rawat Date: Wed Sep 16 13:37:58 2020 -0700 Allowing CSR to take CRL url as input which can then be used on a certificate commit ca392c0f5e00b59ca8a5e1f5863c757495e7b08a Merge: efd6a76c ff9470e2 Author: Nicky Semenza Date: Wed Sep 16 14:56:07 2020 -0700 Merge pull request #1100 from gzzchh/patch-1 typo fix of json commit efd6a76c0b801ebf1baf1e198a986d20fa95a44b Merge: 2916a1fa 1fb9b902 Author: Nicky Semenza Date: Wed Sep 16 09:08:16 2020 -0700 Merge pull request #1128 from huiyifyj/fix-typo Fix typo and go fmt this file commit 1fb9b902d2323457031618a3ba50a75139680f0f Author: huiyifyj Date: Wed Sep 16 11:51:38 2020 +0800 Fix typo and go fmt this file commit a22fd94ab951d23c1f84195403ad443e14e22e6a Author: John Bampton Date: Sat Jul 4 09:39:24 2020 +1000 Fix spelling commit 2916a1fa6bf37b6d7a672a9be7e734871e08039c Merge: 6b49beae d3846318 Author: Ryan Carter Date: Wed Jun 10 16:32:06 2020 -0700 Merge pull request #1111 from cpu/cpu-temp-fix-bundle-test bundler: temporarily remove `leafRSA3072` testcases. commit 34885de9fe6d332f5aad675d582f3a1822a81e9d Author: Daniel Wilson-Thomas Date: Wed May 27 12:54:31 2020 -0400 Document revocation parameter formats commit d38463181f7363e3d4c4b046a031d0f4df4269db Author: Daniel McCarney Date: Tue May 26 18:46:56 2020 -0400 bundler: temporarily remove `leafRSA3072` testcases. The `leafRSA3072` test file, (`bundler/testdata/cfssl-leaf-rsa3072.pem`) expired and breaks tests. A proper fix would be to regenerate this test file but in the meantime removing the testcases fixes CI. commit ff9470e2fbfe5a79d00088f88e67ea0b2b2c59d2 Author: CA_GA_64 Date: Wed Apr 22 22:47:38 2020 +0800 typo fix of json commit 6b49beae21ff90a09aea3901741ef02b1057ee65 Author: DarkEdges Date: Fri Mar 27 04:30:38 2020 +1100 add copy_extensions configuration to local signer to allow (#1082) * Added ability to copy Extensions from CSR * Added Profile to determine if the Signer should copy the extensions provided in the CSR across. * Added config test Co-authored-by: Nicholas Irving commit f30ae6a1f0bacda4972528f0c5e70141cb658344 Author: Sofía Celi Date: Thu Mar 26 11:27:25 2020 -0500 Add go 1.14 to the CI (#1092) * Update mod * Include go 1.14 to CI * Update go to 1.14 in dockerfiles commit abef926615f4d1d3afb7c3e6573158551ad7dd54 Author: Daniel McCarney Date: Tue Mar 24 18:52:41 2020 -0400 local/signer: use zmap/zlint v2.0.0, add filtering. (#1080) This updates the CFSSL local signer ZLint pre-issuance linting integration to use v2.0.0. The existing signing profile configuration field "ignored_lints" is joined by a new field "ignored_lint_sources". This relies on features in the new 2.0.0 release and is useful for CAs that know certain classes of ZLint lints are never applicable (e.g. CABF EV guidelines, ETSI ESI, etc). Co-authored-by: Daniel commit 7c8e5017d5eca62b5b635b5ed98daab18b0fca16 Author: Sofía Celi Date: Mon Mar 23 16:05:07 2020 -0500 Fix 'TestNewMutualTLSServer' test for go1.14 #1075 (#1091) commit e9f28f7c74bf21d35565721a5eea349d35943398 Author: Chris Broglie Date: Wed Mar 18 09:08:55 2020 -0700 Replace pkg.cfssl.org with 'Packages' tab (#1050) commit 44db4a7efa5989a423b7cfe452e656706e7a985d Author: Sven Sauleau Date: Wed Mar 18 04:12:00 2020 +0000 Cloud_f_lare (#1070) commit f1bc990b9d4c86ae0c859ddeaad355036ffeb57a Author: Thomas Date: Wed Mar 18 05:11:12 2020 +0100 Updated github.com/lib/pq to v1.3.0 (#1086) commit e45ead24ff2d3a16f9c662d6f3b787176096049e Author: Daniel McCarney Date: Tue Mar 17 18:15:04 2020 -0400 deps: update /x/crypto, fix Go 1.13 test breakage. (#1081) * deps: update /x/crypto to 8b5121be2f68 * helpers/derhelpers: split Go 1.12/1.13 impls. When using modern `golang.org/x/crypto/ed25519` on Go 1.13 the `x` library is a small wrapper around the stdlib version. The helper function needs to match on the stdlib type in this case. To maintain backwards compat with Go 1.12 the helper code is split by a build tag. The legacy code can use the `golang.org/x/crypto/ed25519` import while the new code can use the `crypto/ed25519` import. Co-authored-by: Daniel commit 10ed8daa8bb427c5ac7d133c1b449476e76c954d Author: Sofía Celi Date: Tue Mar 17 16:39:50 2020 -0500 Correctly check for different golang versions #1076 (#1083) commit 87a2fe70720844802207b55cd96f7fedc5d833ed Author: Jon Moroney Date: Tue Feb 11 10:39:10 2020 -0800 Ignore EC parameters when parsing private keys commit 644917271238216c94866f021e2b24ce54555848 Merge: 828c23c2 4468af66 Author: Chris Broglie Date: Tue Jan 21 12:38:48 2020 -0800 Merge pull request #1073 from PeterLincsafe/master Fix readme still referencing deleted doc file commit 4468af6609d0b0091c4f6340cbcdde341387e73f Author: Peter Buijs Date: Tue Jan 21 13:18:01 2020 +0100 Fix readme still referencing deleted doc file commit 828c23c22cbca1f7632b9ba85174aaa26e745340 Merge: ebe01990 c7e13aec Author: Chris Broglie Date: Mon Dec 16 20:41:24 2019 -0800 Merge pull request #1065 from linux-on-ibm-z/test-s390x-pr Add s390x support commit c7e13aec684d881e995107198807295de5bef239 Author: Prasanna Kelkar Date: Fri Dec 6 10:32:35 2019 +0530 Add support for s390x in travis.yml commit ebe01990a23a309186790f4f8402eec68028f148 Merge: 358fd07c 69fa54a3 Author: Chris Broglie Date: Wed Nov 13 02:15:33 2019 -0800 Merge pull request #1054 from dsix-work/musl-builds Build staticly with musl for better compatibility commit 69fa54a3e275939077528092eb8b8a504d74088e Author: David Six Date: Mon Nov 11 13:06:08 2019 +0000 Update goreleaser tag to musl version commit 49924c4a02e6438269a5ef550953333daad898dd Author: David Six Date: Fri Nov 8 22:22:51 2019 +0000 Build staticly with musl for better compatibility commit 358fd07c64357b144621d8a700d67fdfbeb80899 Merge: 67aae946 acbed0af Author: Chris Broglie Date: Wed Nov 6 11:14:45 2019 -0800 Merge pull request #1052 from cloudflare/cbroglie/pkg-deb-rpm Add make targets for building .deb and .rpm packages commit acbed0afe20f978880b83aaaaa70132d592c28fe Author: Christopher Broglie Date: Tue Nov 5 22:00:32 2019 -0800 Add make targets for building .deb and .rpm packages commit 67aae9466f3559ce0ae1c2450336ed84c0a3bb8e Merge: d9af611a 1bfc9462 Author: Chris Broglie Date: Thu Oct 31 10:14:18 2019 -0700 Merge pull request #966 from andrewheberle/patch-1 Add missing sqlite import commit d9af611a7824cabde35280a6f2964672650a96e7 Merge: 2318616c ce0e2949 Author: Chris Broglie Date: Thu Oct 31 09:32:35 2019 -0700 Merge pull request #1048 from cloudflare/cbroglie/goreleaser Support building/releasing binaries with goreleaser commit ce0e2949afe2b929ca966d6d5010690a75a6ca85 Author: Christopher Broglie Date: Wed Oct 30 19:36:54 2019 -0700 Support building/releasing binaries with goreleaser Since this project requires cgo, the builds are performed in a container which includes the MinGW compiler (for Windows) and an OSX SDK. commit 2318616c6faa8ced58522e59bb2acaab30b8478d Merge: 40f4f514 9f1008dd Author: Chris Broglie Date: Wed Oct 30 15:11:19 2019 -0700 Merge pull request #1047 from cloudflare/cbroglie/modules Migrate to Go modules commit 9f1008ddb886243a959be9c66e048ed4e13be721 Author: Christopher Broglie Date: Wed Oct 30 14:14:28 2019 -0700 Drop the slow macOS build It takes forever in Travis, and we have enough folks developing on macOS so any regressions will be caught quickly. commit ee731906980f0e89d124b8e56384733a1c6ed588 Author: Christopher Broglie Date: Wed Oct 30 12:14:57 2019 -0700 Migrate to Go modules commit 40f4f514ff4fd6bf6fec99f1b25ec44dd1ad1241 Merge: 1a911ca1 ac360f21 Author: Chris Broglie Date: Mon Oct 28 13:23:25 2019 -0700 Merge pull request #1044 from cloudflare/cbroglie/selfsign Fix bug causing selfsign to ignore the default profile commit ac360f21638790fd6fd6cc5fa6b4b18fa79cbe45 Author: Christopher Broglie Date: Mon Oct 28 11:31:33 2019 -0700 Fix bug causing selfsign to ignore the default profile commit 1a911ca1b1d6e899bf97dcfa4a14b38db0d31134 Merge: b1ec8c58 27c56f6c Author: Chris Broglie Date: Wed Sep 11 15:19:28 2019 -0700 Merge pull request #1030 from ashemedai/master Fix typo of genkey to gencsr commit 27c56f6c15cc70d8f44ab6664f681e4b62664c66 Author: Jeroen Ruigrok van der Werven Date: Tue Aug 13 16:27:23 2019 +0200 Fix typo of genkey to gencsr commit b1ec8c586c2aa3ec3eaf4a622933f169cfa5648b Merge: d4e85528 df5c37b0 Author: Chris Broglie Date: Wed Aug 7 18:16:37 2019 -0700 Merge pull request #1025 from cpu/cpu-bump-zlint-dep Gopkg: update zlint/zcrypto to latest. commit df5c37b0aa5db6a2bed60324f65f2bfc35f8d213 Author: Daniel Date: Wed Aug 7 14:23:19 2019 -0400 review: fix local signer TestLint unit test. The upstream `zlint` project removed the `w_serial_number_low_entropy` lint and so the `TestLint` function needed to be updated accordingly. commit aa3425363ca8eb49da2afe0601d049d6fb2ad929 Merge: db143166 d4e85528 Author: Daniel Date: Wed Aug 7 14:12:47 2019 -0400 Merge remote-tracking branch 'cf/master' into cpu-bump-zlint-dep commit d4e85528af85aba17223fcb2caf207d57293730a Merge: 633726f6 0338350c Author: Chris Broglie Date: Wed Aug 7 11:11:14 2019 -0700 Merge pull request #1027 from cpu/cpu-go-one-dot-twelve-plus project: require Go 1.12.x commit 0338350c7e690613d92816e7ef89e68e27171c0c Author: Daniel Date: Wed Aug 7 13:43:58 2019 -0400 project: require Go 1.12.x Dependencies are starting to require Go 1.12.x, Go 1.13 is near ready, and the project maintainers are comfortable dropping support for 1.11.x. commit db1431664129eebf4d121e3889ff14445fc43701 Author: Daniel Date: Tue Aug 6 13:37:18 2019 -0400 Gopkg: update zlint/zcrypto to latest. There was a slight bug with adding a `zlint.lints.LintStatus` field to the CFSSL signer config object: Prior to zlint commit 9971d62 this type could only be marshaled to JSON, but not unmarshaled. As a result if you marshal a CFSSL config (with or without setting the new `LintErrLevel` field) then unmarshaling it produces an error like: ``` Failed to create CA: {"code":5200,"message":"failed to unmarshal configuration: json: cannot unmarshal string into Go struct field SigningProfile.lint_error_level of type lints.LintStatus"} ``` Updating to `github.com/zmap/zlint` >= 9971d62 resolves the problem. commit 633726f6bcb7574626ae05ae72ca3c8dbc51810f Merge: 5fc50ce7 c4ed0e46 Author: Chris Broglie Date: Thu Jul 25 17:06:31 2019 -0700 Merge pull request #1022 from QuLogic/log-format Fix formatted logging calls. commit c4ed0e46dc584377df6f18daee78ad37d4993bc8 Author: Elliott Sales de Andrade Date: Thu Jul 25 19:47:42 2019 -0400 Fix formatted logging calls. These pass format strings, but don't call the formatting version of the function. commit 5fc50ce768d7c06f5dd84c7b5f83252ac05602c0 Merge: 6abac05f 2185c182 Author: Chris Broglie Date: Mon Jul 15 17:59:13 2019 -0700 Merge pull request #1018 from cloudflare/cbroglie/1.3.4 Release 1.3.4 commit 2185c182e6bad3bf99f55ca6f6af0027124c112d Author: Christopher Broglie Date: Mon Jul 15 17:42:20 2019 -0700 Release 1.3.4 commit 6abac05fccc688161be1e75d48791d31e347aa1b Merge: 2001f384 a4b817c6 Author: Chris Broglie Date: Mon Jul 15 17:15:03 2019 -0700 Merge pull request #1015 from cpu/cpu-add-a-lint-trap local signer: pre-issuance linting support with zlint. commit a4b817c681805f0131a1728e27addad3c42c6cb8 Author: Daniel Date: Mon Jul 15 09:51:14 2019 -0400 review: use lints.LintStatus, not int. commit 0434ea05422c409cd0b3ab12bdc2ae0aa3b5adeb Author: Daniel Date: Fri Jun 28 14:55:27 2019 -0400 local: lint tbs certificates with zlint. commit 66f7d5d783cff90dd1b3b8306bd5c5e920e59ef2 Author: Daniel Date: Fri Jun 28 12:42:27 2019 -0400 local: generate lintPriv key when required by profiles. commit 787a454ef67bf11b3fb2952e0115a0dacac44bd6 Author: Daniel Date: Fri Jun 28 12:28:27 2019 -0400 config: populate an ignored lints map commit f02ee2f1150405da0c202b0c8a7c1b61762c55cc Author: Daniel Date: Fri Jun 28 11:46:13 2019 -0400 config: add linting fields to signing profile config commit 797ea50c6819e9fc3905007e03600b9c9c131a06 Author: Daniel Date: Fri Jun 28 11:03:15 2019 -0400 dep: add and vendor github.com/zmap/zlint dependency. commit 2001f384ec4fea8e6e648cd89d07bda9bd7568c1 Merge: 21cbcb0d acf90ad9 Author: Chris Broglie Date: Thu Jun 27 16:11:40 2019 -0700 Merge pull request #1012 from cloudflare/cbroglie/key-rotation Add support for staged key rotation commit 21cbcb0de1db839c2494bf91170c95ebd182d8cf Author: Brian Harring Date: Thu Jun 27 12:24:45 2019 -0700 Convert KeyRequest into a concrete type to fix yaml support. The KeyRequest interface isn't providing any direct value to the current code, but it explicitly breaks the ability to unmarshal yaml data- you can't unmarshall yaml through an opaque interface like this. Json somehow supported it, but for yaml it triggers a panic. Thus this: drop the KeyRequest interface and instead just rename the concrete BasicKeyRequest struct into KeyRequest. Many thanks to Chris Broglie for running this down including the intended fix. commit 3ac1c71b23f593c29640cebb3f1f9ea128d05d6c Author: Brian Harring Date: Thu Jun 27 12:23:58 2019 -0700 Add explicit serialization tags for csr internals. Json does a fair amount of inferring, but yaml doesn't- thus this wasn't fully supported for yaml usage. commit acf90ad94a6fa6bfbb76625429275bda6f4e9837 Author: Christopher Broglie Date: Wed Jun 26 17:08:32 2019 -0700 Add support for staged key rotation commit 1bf3e59ec1cf5d16f00a1459119b4fe038c4cf05 Author: Roland Shoemaker Date: Mon Jun 10 21:53:15 2019 -0700 ocsp: Add request logging commit 9c027c93ba9e044bfffb63b78f9174075413bc9e Author: Curt Cunning Date: Fri May 10 02:06:11 2019 -0400 Add neturl.QueryEscape to correctly encode URL for OCSP GET request (#994) commit 6984086801c9b6d07193a2dab251da683dd50070 Author: Leland Garofalo Date: Thu May 9 14:34:12 2019 -0700 Fix failing build by reissuing intermediate L2 and leaf certificates (#996) * Fix failing build by reissuing intermediate L2 and leaf certificates * Adjustment for sql_mode in MySQL used in test that prevents zero date usage commit e03d70fc14f280aee4b83f6869eb0a62fa3d90d5 Author: Geoff Baskwill Date: Wed Apr 3 16:04:20 2019 -0400 Add support for Subject Alternative Names in selfsign This adds support for `DNSNames`, `EmailAddresses`, `IPAddresses`, and `URIs` in the SAN parsed from the `hosts` attribute of the CSR JSON. Signed-off-by: Geoff Baskwill commit 768cd563887febaad559b511aaa5964823ccb4ab Author: Christopher Broglie Date: Mon Apr 8 20:11:45 2019 -0700 Release 1.3.3 commit f0ca6c1eb7444e580f8dd46b137181a279f4f028 Author: Christopher Broglie Date: Mon Apr 8 20:09:30 2019 -0700 Pin to Go 1.12.1 Due to https://github.com/golang/go/issues/31293 commit 6ab434522183d9bbb59a21ebd9189f81938fcd51 Author: Simon Sawert Date: Sun Apr 7 20:49:48 2019 +0200 Add support to lookup certificate by s/n and authkey Add support to lookup certificate by s/n and authkey. Fixes #982. commit 1bfc946292a2618ba79dac254689c7280baa74b4 Merge: 7c2aa537 ea569c5a Author: andrewheberle Date: Mon Apr 1 13:49:12 2019 +0800 Merge pull request #1 from cloudflare/master rebase on master commit ea569c5aa1be8442fc8c98cb55948bad20bcabed Author: Andrew Lavery Date: Wed Mar 27 14:07:20 2019 -0700 update certificate-transparency-go, protobuf and mattn/go-sqlite3 this fixes compilation errors on go 1.11+ and GOOS=windows commit 132d03f10d7966f5f8d80b2584f85f11716901bc Author: Andrew Lavery Date: Thu Mar 28 12:17:09 2019 -0700 drop support for go 1.10 commit bb761f3510edd195c7abfe42c593a0611f6256bc Author: Andrew Lavery Date: Thu Mar 28 12:07:31 2019 -0700 include go 1.12 in Travis CI commit 7c2aa5370604154f4fda0407ad151fa7de9beba9 Author: andrewheberle Date: Tue Jan 29 09:55:41 2019 +0800 Add missing sqlite import Ensure that go-sqlite3 is imported so sqlite based databases work properly commit b94e044bb51ec8f5a7232c71b1ed05dbe4da96ce Author: Vincent Janelle Date: Wed Dec 12 23:08:20 2018 -0800 Change minimum golang to 1.10 commit c0271921643e94fa1f51106d4377ff1637de5343 Author: Vincent Janelle Date: Wed Dec 12 22:26:44 2018 -0800 (#921) URI SAN records Support URI san records. commit ea4033a214e73d353084d61c244b9ca1e9a727c4 Author: Christopher Broglie Date: Thu Nov 1 17:30:07 2018 -0700 Don't fail CI on development versions of Go commit 7321407f680df731fc12449a8c0f86960c7af136 Author: Christopher Broglie Date: Thu Nov 1 15:41:01 2018 -0700 Fix documentation for how to build cfssl binaries --- csr/csr.go | 132 +++++++++++++++++++++++++++++++-------------- csr/csr_test.go | 138 ++++++++++++++++++++++++++++++++++-------------- 2 files changed, 190 insertions(+), 80 deletions(-) diff --git a/csr/csr.go b/csr/csr.go index 9e2d00b9e..0ca250994 100644 --- a/csr/csr.go +++ b/csr/csr.go @@ -12,8 +12,11 @@ import ( "encoding/asn1" "encoding/pem" "errors" + "fmt" "net" "net/mail" + "net/url" + "strconv" "strings" cferr "github.com/cloudflare/cfssl/errors" @@ -29,46 +32,40 @@ const ( // A Name contains the SubjectInfo fields. type Name struct { - C string // Country - ST string // State - L string // Locality - O string // OrganisationName - OU string // OrganisationalUnitName - SerialNumber string + C string `json:"C,omitempty" yaml:"C,omitempty"` // Country + ST string `json:"ST,omitempty" yaml:"ST,omitempty"` // State + L string `json:"L,omitempty" yaml:"L,omitempty"` // Locality + O string `json:"O,omitempty" yaml:"O,omitempty"` // OrganisationName + OU string `json:"OU,omitempty" yaml:"OU,omitempty"` // OrganisationalUnitName + E string `json:"E,omitempty" yaml:"E,omitempty"` + SerialNumber string `json:"SerialNumber,omitempty" yaml:"SerialNumber,omitempty"` + OID map[string]string `json:"OID,omitempty", yaml:"OID,omitempty"` } -// A KeyRequest is a generic request for a new key. -type KeyRequest interface { - Algo() string - Size() int - Generate() (crypto.PrivateKey, error) - SigAlgo() x509.SignatureAlgorithm -} - -// A BasicKeyRequest contains the algorithm and key size for a new private key. -type BasicKeyRequest struct { +// A KeyRequest contains the algorithm and key size for a new private key. +type KeyRequest struct { A string `json:"algo" yaml:"algo"` S int `json:"size" yaml:"size"` } -// NewBasicKeyRequest returns a default BasicKeyRequest. -func NewBasicKeyRequest() *BasicKeyRequest { - return &BasicKeyRequest{"ecdsa", curveP256} +// NewKeyRequest returns a default KeyRequest. +func NewKeyRequest() *KeyRequest { + return &KeyRequest{"ecdsa", curveP256} } // Algo returns the requested key algorithm represented as a string. -func (kr *BasicKeyRequest) Algo() string { +func (kr *KeyRequest) Algo() string { return kr.A } // Size returns the requested key size. -func (kr *BasicKeyRequest) Size() int { +func (kr *KeyRequest) Size() int { return kr.S } // Generate generates a key as specified in the request. Currently, // only ECDSA and RSA are supported. -func (kr *BasicKeyRequest) Generate() (crypto.PrivateKey, error) { +func (kr *KeyRequest) Generate() (crypto.PrivateKey, error) { log.Debugf("generate key from request: algo=%s, size=%d", kr.Algo(), kr.Size()) switch kr.Algo() { case "rsa": @@ -99,7 +96,7 @@ func (kr *BasicKeyRequest) Generate() (crypto.PrivateKey, error) { // SigAlgo returns an appropriate X.509 signature algorithm given the // key request's type and size. -func (kr *BasicKeyRequest) SigAlgo() x509.SignatureAlgorithm { +func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm { switch kr.Algo() { case "rsa": switch { @@ -139,20 +136,22 @@ type CAConfig struct { // A CertificateRequest encapsulates the API interface to the // certificate request functionality. type CertificateRequest struct { - CN string - Names []Name `json:"names" yaml:"names"` - Hosts []string `json:"hosts" yaml:"hosts"` - KeyRequest KeyRequest `json:"key,omitempty" yaml:"key,omitempty"` - CA *CAConfig `json:"ca,omitempty" yaml:"ca,omitempty"` - SerialNumber string `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"` - Extensions []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"` + CN string `json:"CN" yaml:"CN"` + Names []Name `json:"names" yaml:"names"` + Hosts []string `json:"hosts" yaml:"hosts"` + KeyRequest *KeyRequest `json:"key,omitempty" yaml:"key,omitempty"` + CA *CAConfig `json:"ca,omitempty" yaml:"ca,omitempty"` + SerialNumber string `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"` + DelegationEnabled bool `json:"delegation_enabled,omitempty" yaml:"delegation_enabled,omitempty"` + Extensions []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"` + CRL string `json:"crl_url,omitempty" yaml:"crl_url,omitempty"` } // New returns a new, empty CertificateRequest with a -// BasicKeyRequest. +// KeyRequest. func New() *CertificateRequest { return &CertificateRequest{ - KeyRequest: NewBasicKeyRequest(), + KeyRequest: NewKeyRequest(), } } @@ -163,8 +162,25 @@ func appendIf(s string, a *[]string) { } } +// OIDFromString creates an ASN1 ObjectIdentifier from its string representation +func OIDFromString(s string) (asn1.ObjectIdentifier, error) { + var oid []int + parts := strings.Split(s, ".") + if len(parts) < 1 { + return oid, fmt.Errorf("invalid OID string: %s", s) + } + for _, p := range parts { + i, err := strconv.Atoi(p) + if err != nil { + return nil, fmt.Errorf("invalid OID part %s", p) + } + oid = append(oid, i) + } + return oid, nil +} + // Name returns the PKIX name for the request. -func (cr *CertificateRequest) Name() pkix.Name { +func (cr *CertificateRequest) Name() (pkix.Name, error) { var name pkix.Name name.CommonName = cr.CN @@ -174,9 +190,19 @@ func (cr *CertificateRequest) Name() pkix.Name { appendIf(n.L, &name.Locality) appendIf(n.O, &name.Organization) appendIf(n.OU, &name.OrganizationalUnit) + for k, v := range n.OID { + oid, err := OIDFromString(k) + if err != nil { + return name, err + } + name.ExtraNames = append(name.ExtraNames, pkix.AttributeTypeAndValue{Type: oid, Value: v}) + } + if n.E != "" { + name.ExtraNames = append(name.ExtraNames, pkix.AttributeTypeAndValue{Type: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}, Value: n.E}) + } } name.SerialNumber = cr.SerialNumber - return name + return name, nil } // BasicConstraints CSR information RFC 5280, 4.2.1.9 @@ -194,7 +220,7 @@ type BasicConstraints struct { func ParseRequest(req *CertificateRequest) (csr, key []byte, err error) { log.Info("received CSR") if req.KeyRequest == nil { - req.KeyRequest = NewBasicKeyRequest() + req.KeyRequest = NewKeyRequest() } log.Infof("generating key: %s-%d", req.KeyRequest.Algo(), req.KeyRequest.Size()) @@ -269,14 +295,17 @@ func getHosts(cert *x509.Certificate) []string { for _, email := range cert.EmailAddresses { hosts = append(hosts, email) } + for _, uri := range cert.URIs { + hosts = append(hosts, uri.String()) + } return hosts } // getNames returns an array of Names from the certificate -// It onnly cares about Country, Organization, OrganizationalUnit, Locality, Province +// It only cares about Country, Organization, OrganizationalUnit, Locality, Province func getNames(sub pkix.Name) []Name { - // anonymous func for finding the max of a list of interger + // anonymous func for finding the max of a list of integer max := func(v1 int, vn ...int) (max int) { max = v1 for i := 0; i < len(vn); i++ { @@ -370,8 +399,13 @@ func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err erro return nil, cferr.New(cferr.PrivateKeyError, cferr.Unavailable) } + subj, err := req.Name() + if err != nil { + return nil, err + } + var tpl = x509.CertificateRequest{ - Subject: req.Name(), + Subject: subj, SignatureAlgorithm: sigAlgo, } @@ -380,11 +414,15 @@ func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err erro tpl.IPAddresses = append(tpl.IPAddresses, ip) } else if email, err := mail.ParseAddress(req.Hosts[i]); err == nil && email != nil { tpl.EmailAddresses = append(tpl.EmailAddresses, email.Address) + } else if uri, err := url.ParseRequestURI(req.Hosts[i]); err == nil && uri != nil { + tpl.URIs = append(tpl.URIs, uri) } else { tpl.DNSNames = append(tpl.DNSNames, req.Hosts[i]) } } + tpl.ExtraExtensions = []pkix.Extension{} + if req.CA != nil { err = appendCAInfoToCSR(req.CA, &tpl) if err != nil { @@ -393,8 +431,16 @@ func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err erro } } + if req.DelegationEnabled { + tpl.ExtraExtensions = append(tpl.Extensions, helpers.DelegationExtension) + } + if req.Extensions != nil { - tpl.ExtraExtensions = append(tpl.ExtraExtensions, req.Extensions...) + err = appendExtensionsToCSR(req.Extensions, &tpl) + if err != nil { + err = cferr.Wrap(cferr.CSRError, cferr.GenerationFailed, err) + return + } } csr, err = x509.CreateCertificateRequest(rand.Reader, &tpl, priv) @@ -433,3 +479,11 @@ func appendCAInfoToCSR(reqConf *CAConfig, csr *x509.CertificateRequest) error { return nil } + +// appendCAInfoToCSR appends user-defined extension to a CSR +func appendExtensionsToCSR(extensions []pkix.Extension, csr *x509.CertificateRequest) error { + for _, extension := range extensions { + csr.ExtraExtensions = append(csr.ExtraExtensions, extension) + } + return nil +} diff --git a/csr/csr_test.go b/csr/csr_test.go index 40202129b..f6cd54f34 100644 --- a/csr/csr_test.go +++ b/csr/csr_test.go @@ -9,27 +9,25 @@ import ( "crypto/x509/pkix" "encoding/asn1" "encoding/pem" - "io/ioutil" + "os" "testing" "github.com/cloudflare/cfssl/errors" "github.com/cloudflare/cfssl/helpers" ) -//TestNew validate the CertificateRequest created to return with a BasicKeyRequest -//in KeyRequest field - +// TestNew validate the CertificateRequest created to return with a KeyRequest +// in KeyRequest field func TestNew(t *testing.T) { - if cr := New(); cr.KeyRequest == nil { - t.Fatalf("Should create a new, empty certificate request with BasicKeyRequest") + t.Fatalf("Should create a new, empty certificate request with KeyRequest") } } -// TestBasicKeyRequest ensures that key generation returns the same type of -// key specified in the BasicKeyRequest. -func TestBasicKeyRequest(t *testing.T) { - kr := NewBasicKeyRequest() +// TestKeyRequest ensures that key generation returns the same type of +// key specified in the KeyRequest. +func TestKeyRequest(t *testing.T) { + kr := NewKeyRequest() priv, err := kr.Generate() if err != nil { t.Fatalf("%v", err) @@ -69,10 +67,13 @@ func TestPKIXName(t *testing.T) { }, }, Hosts: []string{"cloudflare.com", "www.cloudflare.com"}, - KeyRequest: NewBasicKeyRequest(), + KeyRequest: NewKeyRequest(), } - name := cr.Name() + name, err := cr.Name() + if err != nil { + t.Fatalf("Error getting name: %s", err.Error()) + } if len(name.Country) != 2 { t.Fatal("Expected two countries in SubjInfo.") } else if len(name.Province) != 2 { @@ -109,11 +110,11 @@ func TestParseRequest(t *testing.T) { OU: "Systems Engineering", }, }, - Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com"}, - KeyRequest: NewBasicKeyRequest(), + Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com", "https://www.cloudflare.com"}, + KeyRequest: NewKeyRequest(), Extensions: []pkix.Extension{ - pkix.Extension{ - Id: asn1.ObjectIdentifier{1, 2, 3, 4, 5}, + { + Id: asn1.ObjectIdentifier{1, 2, 3, 4, 5}, Value: []byte("AgEB"), }, }, @@ -176,7 +177,7 @@ func TestParseRequestCA(t *testing.T) { PathLength: 0, PathLenZero: true, }, - KeyRequest: NewBasicKeyRequest(), + KeyRequest: NewKeyRequest(), } csrBytes, _, err := ParseRequest(cr) @@ -237,7 +238,7 @@ func TestParseRequestCANoPathlen(t *testing.T) { PathLength: 0, PathLenZero: false, }, - KeyRequest: NewBasicKeyRequest(), + KeyRequest: NewKeyRequest(), } csrBytes, _, err := ParseRequest(cr) @@ -295,7 +296,7 @@ func TestECGeneration(t *testing.T) { var eckey *ecdsa.PrivateKey for _, sz := range []int{256, 384, 521} { - kr := &BasicKeyRequest{"ecdsa", sz} + kr := &KeyRequest{"ecdsa", sz} priv, err := kr.Generate() if err != nil { t.Fatalf("%v", err) @@ -314,7 +315,7 @@ func TestRSAKeyGeneration(t *testing.T) { var rsakey *rsa.PrivateKey for _, sz := range []int{2048, 3072, 4096} { - kr := &BasicKeyRequest{"rsa", sz} + kr := &KeyRequest{"rsa", sz} priv, err := kr.Generate() if err != nil { t.Fatalf("%v", err) @@ -329,12 +330,12 @@ func TestRSAKeyGeneration(t *testing.T) { } } -// TestBadBasicKeyRequest ensures that generating a key from a BasicKeyRequest +// TestBadKeyRequest ensures that generating a key from a KeyRequest // fails with an invalid algorithm, or an invalid RSA or ECDSA key // size. An invalid ECDSA key size is any size other than 256, 384, or // 521; an invalid RSA key size is any size less than 2048 bits. -func TestBadBasicKeyRequest(t *testing.T) { - kr := &BasicKeyRequest{"yolocrypto", 1024} +func TestBadKeyRequest(t *testing.T) { + kr := &KeyRequest{"yolocrypto", 1024} if _, err := kr.Generate(); err == nil { t.Fatal("Key generation should fail with invalid algorithm") @@ -356,7 +357,7 @@ func TestBadBasicKeyRequest(t *testing.T) { t.Fatal("The wrong signature algorithm was returned from SigAlgo!") } - kr = &BasicKeyRequest{"tobig", 9216} + kr = &KeyRequest{"tobig", 9216} kr.A = "rsa" if _, err := kr.Generate(); err == nil { @@ -366,9 +367,9 @@ func TestBadBasicKeyRequest(t *testing.T) { } } -// TestDefaultBasicKeyRequest makes sure that certificate requests without +// TestDefaultKeyRequest makes sure that certificate requests without // explicit key requests fall back to the default key request. -func TestDefaultBasicKeyRequest(t *testing.T) { +func TestDefaultKeyRequest(t *testing.T) { var req = &CertificateRequest{ Names: []Name{ { @@ -380,7 +381,7 @@ func TestDefaultBasicKeyRequest(t *testing.T) { }, }, CN: "cloudflare.com", - Hosts: []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com"}, + Hosts: []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com", "https://www.cloudflare.com"}, } _, priv, err := ParseRequest(req) if err != nil { @@ -393,7 +394,7 @@ func TestDefaultBasicKeyRequest(t *testing.T) { t.Fatal("Bad private key was generated!") } - DefaultKeyRequest := NewBasicKeyRequest() + DefaultKeyRequest := NewKeyRequest() switch block.Type { case "RSA PRIVATE KEY": if DefaultKeyRequest.Algo() != "rsa" { @@ -420,8 +421,8 @@ func TestRSACertRequest(t *testing.T) { }, }, CN: "cloudflare.com", - Hosts: []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com"}, - KeyRequest: &BasicKeyRequest{"rsa", 2048}, + Hosts: []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com", "https://www.cloudflare.com"}, + KeyRequest: &KeyRequest{"rsa", 2048}, } _, _, err := ParseRequest(req) if err != nil { @@ -443,7 +444,7 @@ func TestBadCertRequest(t *testing.T) { }, CN: "cloudflare.com", Hosts: []string{"cloudflare.com", "www.cloudflare.com"}, - KeyRequest: &BasicKeyRequest{"yolo-crypto", 2048}, + KeyRequest: &KeyRequest{"yolo-crypto", 2048}, } _, _, err := ParseRequest(req) if err == nil { @@ -477,8 +478,8 @@ func TestGenerator(t *testing.T) { }, }, CN: "cloudflare.com", - Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com"}, - KeyRequest: &BasicKeyRequest{"rsa", 2048}, + Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com", "https://www.cloudflare.com"}, + KeyRequest: &KeyRequest{"rsa", 2048}, } csrBytes, _, err := g.ProcessRequest(req) @@ -512,6 +513,10 @@ func TestGenerator(t *testing.T) { t.Fatal("SAN parsing error") } + if len(csr.URIs) != 1 { + t.Fatal("SAN parsing error") + } + } // TestBadGenerator ensures that a request that fails the validator is @@ -530,7 +535,7 @@ func TestBadGenerator(t *testing.T) { }, // Missing CN Hosts: []string{"cloudflare.com", "www.cloudflare.com"}, - KeyRequest: &BasicKeyRequest{"rsa", 2048}, + KeyRequest: &KeyRequest{"rsa", 2048}, } _, _, err := g.ProcessRequest(missingCN) @@ -551,8 +556,8 @@ func TestWeakCSR(t *testing.T) { }, }, CN: "cloudflare.com", - Hosts: []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com"}, - KeyRequest: &BasicKeyRequest{"rsa", 1024}, + Hosts: []string{"cloudflare.com", "www.cloudflare.com", "jdoe@example.com", "https://www.cloudflare.com"}, + KeyRequest: &KeyRequest{"rsa", 1024}, } g := &Generator{testValidator} @@ -612,8 +617,8 @@ func TestGenerate(t *testing.T) { }, }, CN: "cloudflare.com", - Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com"}, - KeyRequest: &BasicKeyRequest{"ecdsa", 256}, + Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1", "jdoe@example.com", "https://www.cloudflare.com"}, + KeyRequest: &KeyRequest{"ecdsa", 256}, } key, err := req.KeyRequest.Generate() @@ -647,6 +652,10 @@ func TestGenerate(t *testing.T) { if len(csr.EmailAddresses) != 1 { t.Fatal("SAN parsing error") } + + if len(csr.URIs) != 1 { + t.Fatal("SAN parsing error") + } } // TestReGenerate ensures Regenerate() is abel to use the provided CSR as a template for signing a new @@ -664,7 +673,7 @@ func TestReGenerate(t *testing.T) { }, CN: "cloudflare.com", Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1"}, - KeyRequest: &BasicKeyRequest{"ecdsa", 256}, + KeyRequest: &KeyRequest{"ecdsa", 256}, } _, key, err := ParseRequest(req) @@ -707,7 +716,7 @@ func TestBadReGenerate(t *testing.T) { }, CN: "cloudflare.com", Hosts: []string{"cloudflare.com", "www.cloudflare.com", "192.168.0.1"}, - KeyRequest: &BasicKeyRequest{"ecdsa", 256}, + KeyRequest: &KeyRequest{"ecdsa", 256}, } _, key, err := ParseRequest(req) @@ -744,7 +753,7 @@ func TestBadReGenerate(t *testing.T) { var testECDSACertificateFile = "testdata/test-ecdsa-ca.pem" func TestExtractCertificateRequest(t *testing.T) { - certPEM, err := ioutil.ReadFile(testECDSACertificateFile) + certPEM, err := os.ReadFile(testECDSACertificateFile) if err != nil { t.Fatal(err) } @@ -775,3 +784,50 @@ func TestExtractCertificateRequest(t *testing.T) { t.Fatal("Bad Certificate Request!") } } + +// TestDelegationCSR tests that we create requests with the DC extension +func TestDelegationCSR(t *testing.T) { + var cr = &CertificateRequest{ + CN: "Test Common Name", + Names: []Name{ + { + C: "US", + ST: "California", + L: "San Francisco", + O: "CloudFlare, Inc.", + OU: "Systems Engineering", + }, + { + C: "GB", + ST: "London", + L: "London", + O: "CloudFlare, Inc", + OU: "Systems Engineering", + }, + }, + DelegationEnabled: true, + Hosts: []string{"cloudflare.com", "www.cloudflare.com"}, + KeyRequest: NewKeyRequest(), + } + csr, _, err := ParseRequest(cr) + if err != nil { + t.Fatal("could not generate csr") + } + unPem, _ := pem.Decode(csr) + if unPem == nil { + t.Fatal("Failed to decode pem") + } + res, err := x509.ParseCertificateRequest(unPem.Bytes) + if err != nil { + t.Fatalf("spat out nonsense as a csr: %v", err) + } + found := false + for _, ext := range res.Extensions { + if ext.Id.Equal(helpers.DelegationUsage) { + found = true + } + } + if !found { + t.Fatal("generated csr has no extension") + } +}