Skip to content

Force the renew of the CA server. #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 28, 2018
Merged

Force the renew of the CA server. #11

merged 3 commits into from
Nov 28, 2018

Conversation

maraino
Copy link
Contributor

@maraino maraino commented Nov 28, 2018

Description

Force the renew of the CA server cert if it's about to expire. This only happens after a wake up after a hibernation if enough time has passed to expire the certificate.

This PR only solves the problem for the CA server and not server or clients using CA certificates, as those won't be able to use TLS requests with expired certs.

@maraino maraino requested a review from dopey November 28, 2018 00:01
@CLAassistant
Copy link

CLAassistant commented Nov 28, 2018
edited
Loading

CLA assistant check
All committers have signed the CLA.

@codecov-io
Copy link

codecov-io commented Nov 28, 2018
edited
Loading

Codecov Report

Merging #11 into master will increase coverage by 0.89%.
The diff coverage is 90%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #11      +/-   ##
==========================================
+ Coverage   70.85%   71.75%   +0.89%     
==========================================
  Files          19       19              
  Lines        1431     1448      +17     
==========================================
+ Hits         1014     1039      +25     
+ Misses        306      296      -10     
- Partials      111      113       +2
Impacted Files Coverage Δ
ca/ca.go 45.78% <50%> (-0.56%) ⬇️
ca/renew.go 75.3% <94.44%> (+19.92%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d63f4f0...7e2f80a. Read the comment docs.

@maraino maraino merged commit eaa9bc5 into master Nov 28, 2018
@maraino maraino deleted the ca-force-renew branch November 28, 2018 00:47
@maraino maraino mentioned this pull request Nov 28, 2018
Closed
maraino added a commit that referenced this pull request May 20, 2020
@maraino
Add implementation of URIs for KMS.
b0f768a 
Implementation is based on the PKCS #11 URI Scheme RFC
https://tools.ietf.org/html/rfc7512
maraino added a commit that referenced this pull request Jan 27, 2021
@maraino
Add support for PKCS #11 KMS.
8dca652 
The implementation works with YubiHSM2. Unit tests are still pending.

Fixes #301
@maraino maraino mentioned this pull request Jan 27, 2021
Merged
3 tasks
maraino added a commit that referenced this pull request Feb 12, 2021
@maraino
Merge pull request #457 from smallstep/pkcs11
ddd6bc1 
Add support for PKCS #11 KMS.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dopey dopey dopey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@maraino @CLAassistant @codecov-io @dopey