personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-11-22 08:24:25 +01:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
649 Commits 45 Branches 23 Tags
04f47eabf797e2d5b315b9a2b8d371928ffb5155
Commit Graph

10 Commits

Author SHA1 Message Date
Nate Brown
52f1908126 Don't log every blocklisted fingerprint (#1525) 2025-11-12 09:41:46 -06:00
Jack Doan
01909f4715 try to make certificate addition/removal reloadable in some cases (#1468) 
* try to make certificate addition/removal reloadable in some cases

* very spicy change to respond to handshakes with cert versions we cannot match with a cert that we can indeed match

* even spicier change to rehandshake if we detect our cert is lower-version than our peer, and we have a newer-version cert available

* make tryRehandshake easier to understand
 2025-11-03 19:38:44 -06:00
Jack Doan
768325c9b4 cert-v2 chores (#1466) 2025-09-05 15:08:22 -05:00
Wade Simmons
b8ea55eb90 optimize usage of bart (#1395)
Some checks failed
gofmt / Run gofmt (push) Successful in 9s
Details
smoke-extra / Run extra smoke tests (push) Failing after 19s
Details
smoke / Run multi node smoke test (push) Failing after 1m19s
Details
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m41s
Details
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m47s
Details
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m47s
Details
Build and test / Build and test on macos-latest (push) Has been cancelled
Details
Build and test / Build and test on windows-latest (push) Has been cancelled
Details 
Use `bart.Lite` and `.Contains` as suggested by the bart maintainer:

- 9455952eed (commitcomment-155362580)
 2025-04-18 12:37:20 -04:00
John Maguire
d4a7df3083 Rename pki.default_version to pki.initiating_version (#1381)
Some checks failed
gofmt / Run gofmt (push) Successful in 9s
Details
smoke-extra / Run extra smoke tests (push) Failing after 20s
Details
smoke / Run multi node smoke test (push) Failing after 1m26s
Details
Build and test / Build all and test on ubuntu-linux (push) Failing after 21m13s
Details
Build and test / Build and test on linux with boringcrypto (push) Failing after 3m19s
Details
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m47s
Details
Build and test / Build and test on macos-latest (push) Has been cancelled
Details
Build and test / Build and test on windows-latest (push) Has been cancelled
Details
2025-04-07 18:08:29 -04:00
Nate Brown
d97ed57a19 V2 certificate format (#1216) 
Co-authored-by: Nate Brown <nbrown.us@gmail.com>
Co-authored-by: Jack Doan <jackdoan@rivian.com>
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com>
Co-authored-by: Jack Doan <me@jackdoan.com>
 2025-03-06 11:28:26 -06:00
Nate Brown
08ac65362e Cert interface (#1212) 2024-10-10 18:00:22 -05:00
Jack Doan
35603d1c39 add PKCS11 support (#1153) 
* add PKCS11 support

* add pkcs11 build option to the makefile, add a stub pkclient to avoid forcing CGO onto people

* don't print the pkcs11 option on nebula-cert keygen if not compiled in

* remove linux-arm64-pkcs11 from the all target to fix CI

* correctly serialize ec keys

* nebula-cert: support PKCS#11 for sign and ca

* fix gofmt lint

* clean up some logic with regard to closing sessions

* pkclient: handle empty correctly for TPM2

* Update Makefile and Actions

---------

Co-authored-by: Morgan Jones <me@numin.it>
Co-authored-by: John Maguire <contact@johnmaguire.me>
 2024-09-09 17:51:58 -04:00
Nate Brown
e264a0ff88 Switch most everything to netip in prep for ipv6 in the overlay (#1173) 2024-07-31 10:18:56 -05:00
Nate Brown
5a131b2975 Combine ca, cert, and key handling (#952) 2023-08-14 21:32:40 -05:00