personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-12-30 10:38:28 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
314 Commits 47 Branches 24 Tags
d4f9500ca5354fa06f1a307eb04ff047ed7446b5
Commit Graph

16 Commits

Author SHA1 Message Date
Wade Simmons
45d1d2b6c6 Update dependencies - 2022-04 (#664) 
Updated  github.com/kardianos/service         https://github.com/kardianos/service/compare/v1.2.0...v1.2.1
    Updated  github.com/miekg/dns                 https://github.com/miekg/dns/compare/v1.1.43...v1.1.48
    Updated  github.com/prometheus/client_golang  https://github.com/prometheus/client_golang/compare/v1.11.0...v1.12.1
    Updated  github.com/prometheus/common         https://github.com/prometheus/common/compare/v0.32.1...v0.33.0
    Updated  github.com/stretchr/testify          https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1
    Updated  golang.org/x/crypto                  5770296d90...ae2d96664a
    Updated  golang.org/x/net                     69e39bad7d...749bd193bc
    Updated  golang.org/x/sys                     7861aae155...289d7a0edf
    Updated  golang.zx2c4.com/wireguard/windows   v0.5.1...v0.5.3
    Updated  google.golang.org/protobuf           v1.27.1...v1.28.0
 2022-04-18 12:12:25 -04:00
forfuncsake
1110756f0f Allow setup of a CA pool from bytes that contain expired certs (#599) 
Co-authored-by: Nate Brown <nbrown.us@gmail.com>
 2021-12-09 21:24:56 -06:00
Nate Brown
4453964e34 Move util to test, contextual errors to util (#575) 2021-11-10 21:47:38 -06:00
Manuel Romei
3a8f533b24 refactor: use X25519 instead of ScalarBaseMult (#533) 
As suggested in https://pkg.go.dev/golang.org/x/crypto/curve25519#ScalarBaseMult,
use X25519 instead of ScalarBaseMult. When using Basepoint, it may employ
some precomputed values, enhancing performance.

Co-authored-by: Wade Simmons <wade@wades.im>
Co-authored-by: Wade Simmons <wadey@slack-corp.com>
 2021-10-12 12:03:43 -04:00
John Maguire
34d002d695 Check CA cert and key match in nebula-cert sign (#503) 
`func (nc *NebulaCertificate) VerifyPrivateKey(key []byte) error` would
previously return an error even if passed the correct private key for a
CA certificate `nc`.

That function has been updated to support CA certificates, and
nebula-cert now calls it before signing a new certificate. Previously,
it would perform all constraint checks against the CA certificate
provided, take a SHA256 fingerprint of the provided certificate, insert
it into the new node certificate, and then finally sign it with the
mismatching private key provided.
 2021-10-01 12:43:33 -04:00
Nathan Brown
7073d204a8 IPv6 support for outside (udp) (#369) 2021-03-18 20:37:24 -05:00
brad-defined
454bc8a6bb Check certificate banner during nebula-cert print (#373) 2021-02-05 14:52:32 -06:00
Wade Simmons
384b1166ea fix panic in UnmarshalNebulaCertificate (#339) 
This fixes a panic in UnmarshalNebulaCertificate when unmarshaling
a payload with Details set to nil.

Fixes: #332
 2020-11-19 08:44:54 -05:00
Nathan Brown
68e3e84fdc More like a library (#279) 2020-09-18 09:20:09 -05:00
forfuncsake
25964b54f6 Use inclusive terminology for cert blocking (#272) 2020-08-06 11:17:47 +10:00
Wade Simmons
aba42f9fa6 enforce the use of goimports (#248) 
* enforce the use of goimports

Instead of enforcing `gofmt`, enforce `goimports`, which also asserts
a separate section for non-builtin packages.

* run `goimports` everywhere

* exclude generated .pb.go files
 2020-06-30 18:53:30 -04:00
Nate Brown
328db6bb82 Root constraint usage and support in nebula-cert 2019-12-17 17:59:21 -08:00
Nate Brown
0dc9aafa14 Support root subnet asserts 2019-12-17 17:10:46 -08:00
Nate Brown
98d92ee4cf Support root IP assertions in cert.Verify 2019-12-17 17:06:13 -08:00
Ryan Huber
1884aec113 get rid of the annotation "errors" on github actions 2019-12-11 20:24:13 +00:00
Slack Security Team
f22b4b584d Public Release 2019-11-19 17:00:20 +00:00