e639df78ec
Add certgen.TestCA for in-memory test certificate infrastructure
...
Provides a P-256 CA that issues leaf certificates for TLS testing
with full verification enabled. No files written to disk.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-17 10:44:36 -07:00
5dbb46c3ee
Add AIA fields (OCSPServer, IssuingCertificateURL) to certgen.Profile
...
The Profile struct now supports optional OCSPServer and
IssuingCertificateURL fields. When populated, these are set on the
x509.Certificate template as Authority Information Access extensions
before signing. Empty slices are omitted.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-17 08:49:28 -07:00
30b5a6699a
Ensure CN is included as a DNS SAN when FQDN.
2026-03-15 14:06:36 -07:00
e1cb7efbf1
DisplayCSR and MatchKeysCSR.
2026-02-12 13:51:20 -08:00
94c55af888
Update testdata yaml files.
2025-11-21 18:51:20 -08:00
11866a3b29
Cleaning certlib code.
2025-11-21 18:49:30 -08:00
91f954391e
certlib and other updates
2025-11-21 16:56:39 -08:00
0bdd30f506
make the linter happy
2025-11-19 23:23:18 -08:00
e9c7fec86f
certlib: fix CSR FileKind, add test cases.
2025-11-19 22:09:24 -08:00
85de524a02
certlib/certgen: GenerateKey was generating wrong key type.
...
The ed25519 block was being used to generate RSA keys.
2025-11-19 14:46:54 -08:00
02fb85aec0
certlib: update FileKind with algo information.
...
Additionally, key algo wasn't being set on PEM files.
2025-11-19 14:46:17 -08:00
46c9976e73
certlib: Add file kind functionality.
2025-11-19 09:45:57 -08:00
3317b8c33b
certlib/bundler: add support for pemcrt.
2025-11-19 08:43:46 -08:00
7bb6973341
QoL for CSR generation.
2025-11-19 02:57:26 -08:00
d76db4a947
Minor bug fixes.
2025-11-19 02:43:25 -08:00
8eaca580be
Minor bug fixes.
2025-11-19 02:20:21 -08:00
7426988ae4
linter fixes.
2025-11-19 01:47:42 -08:00
154d5a6c2e
Major refactoring.
...
+ Many lib functions have been split out into separate packages.
+ Adding cert/key generation tooling.
+ Add new time.Duration parser.
2025-11-19 01:35:37 -08:00
90a48a1890
Add unit tests for keymatch.
2025-11-19 00:32:39 -08:00
245cf78ebb
certlib/hosts: update doc string to describe valid targets.
2025-11-18 23:54:50 -08:00
bf29d214c5
lib: add base64 hex encoding; linter fixes.
2025-11-18 23:45:21 -08:00
ff34eb4eff
cmd/ca-signed: clean up the codebase
2025-11-18 23:01:58 -08:00
786f116f54
certlib: move tlskeypair functions into certlib.
2025-11-18 21:10:48 -08:00
f5917ac6fc
verify/verify.go: fix nil point deref
2025-11-18 20:55:41 -08:00
3c1d92db6b
cmd: refactor cert utils into certlib
2025-11-18 20:21:00 -08:00
57672c8f78
cmd/certdump: refactor certdump into reusable library package
2025-11-18 18:34:57 -08:00
62c3db88ef
Add proxy-aware dialing functions, and convert cmd/... tooling over.
2025-11-18 16:09:19 -08:00
aad7d68599
cmd/ski: update display mode
2025-11-18 11:46:58 -08:00
4560868688
cmd: switch programs over to certlib.Fetcher.
2025-11-18 11:08:17 -08:00
9280e846fa
certlib: add Fetcher
...
Fetcher is an interface and set of functions for retrieving a
certificate (or chain of certificates) from a spec. It will
determine whether the certificate spec is a file or a server,
and fetch accordingly.
2025-11-17 19:48:57 -08:00
804f53d27d
Refactor bundling into separate package.
2025-11-17 15:08:10 -08:00
3ad562b6fa
cmd: continuing linter fixes
2025-11-16 02:54:02 -08:00
cf2b016433
certlib: complete overhaul.
2025-11-15 22:54:12 -08:00
f3b4838cf6
Overhauling certlib.
...
LICENSE to Apache 2.0.
2025-11-15 22:00:29 -08:00
8ed30e9960
certlib: linter autofixes
2025-11-15 21:10:09 -08:00
e4db163efe
Cleaning up.
2025-11-15 15:48:18 -08:00
aba5e519a4
First round of linter cleanups.
2025-11-15 15:11:07 -08:00
f463eeed88
minor updates
2025-11-14 22:01:12 -08:00
f6d227946b
Get rid of bazel.
...
Good riddance. More of a headache than it's worth.
2024-05-19 20:24:38 -07:00
83d42dc489
bazel: running gazelle to pick up dependency changes
2023-05-06 13:37:58 -07:00
984baa6bb4
working on removing dependency on cfssl.
2023-05-06 13:25:30 -07:00
