Nate Brown
d0f02ba873
Switch to slog, remove logrus ( #1672 )
2026-04-27 09:41:47 -05:00
John Maguire
0ad5c771e9
Refactor CA pool handling to use streaming ( #1644 )
...
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 3s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
Co-authored-by: maggie44 <64841595+maggie44@users.noreply.github.com >
Co-authored-by: JackDoan <me@jackdoan.com >
2026-04-13 13:19:55 -04:00
Nate Brown
52f1908126
Don't log every blocklisted fingerprint ( #1525 )
2025-11-12 09:41:46 -06:00
Jack Doan
01909f4715
try to make certificate addition/removal reloadable in some cases ( #1468 )
...
* try to make certificate addition/removal reloadable in some cases
* very spicy change to respond to handshakes with cert versions we cannot match with a cert that we can indeed match
* even spicier change to rehandshake if we detect our cert is lower-version than our peer, and we have a newer-version cert available
* make tryRehandshake easier to understand
2025-11-03 19:38:44 -06:00
Jack Doan
768325c9b4
cert-v2 chores ( #1466 )
2025-09-05 15:08:22 -05:00
Wade Simmons
b8ea55eb90
optimize usage of bart ( #1395 )
...
gofmt / Run gofmt (push) Successful in 9s
smoke-extra / Run extra smoke tests (push) Failing after 19s
smoke / Run multi node smoke test (push) Failing after 1m19s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m41s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m47s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m47s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
Use `bart.Lite` and `.Contains` as suggested by the bart maintainer:
- 9455952eed (commitcomment-155362580)
2025-04-18 12:37:20 -04:00
John Maguire
d4a7df3083
Rename pki.default_version to pki.initiating_version ( #1381 )
gofmt / Run gofmt (push) Successful in 9s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m26s
Build and test / Build all and test on ubuntu-linux (push) Failing after 21m13s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3m19s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m47s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-04-07 18:08:29 -04:00
Nate Brown
d97ed57a19
V2 certificate format ( #1216 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
Co-authored-by: Jack Doan <jackdoan@rivian.com >
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com >
Co-authored-by: Jack Doan <me@jackdoan.com >
2025-03-06 11:28:26 -06:00
Nate Brown
08ac65362e
Cert interface ( #1212 )
2024-10-10 18:00:22 -05:00
Jack Doan
35603d1c39
add PKCS11 support ( #1153 )
...
* add PKCS11 support
* add pkcs11 build option to the makefile, add a stub pkclient to avoid forcing CGO onto people
* don't print the pkcs11 option on nebula-cert keygen if not compiled in
* remove linux-arm64-pkcs11 from the all target to fix CI
* correctly serialize ec keys
* nebula-cert: support PKCS#11 for sign and ca
* fix gofmt lint
* clean up some logic with regard to closing sessions
* pkclient: handle empty correctly for TPM2
* Update Makefile and Actions
---------
Co-authored-by: Morgan Jones <me@numin.it >
Co-authored-by: John Maguire <contact@johnmaguire.me >
2024-09-09 17:51:58 -04:00
Nate Brown
e264a0ff88
Switch most everything to netip in prep for ipv6 in the overlay ( #1173 )
2024-07-31 10:18:56 -05:00
Nate Brown
5a131b2975
Combine ca, cert, and key handling ( #952 )
2023-08-14 21:32:40 -05:00
