Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
cert-manager
cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates.
Collective -
Host: opensource -
https://opencollective.com/cert-manager
- Website: https://cert-manager.io
- Code: https://github.com/cert-manager
This change amends the default renewal to 30 days before cert expiration,
as recommended by vari...
Change-Id: Iddcb145ecd8a6b51c72ad3d77b242975baf4a5cf
Reviewed-on: https://go-review.googlesource...
Change-Id: I855a6542a2eb2ae1d223f03892c0f19da81a4f8d
Reviewed-on: https://go-review.googlesource...
Ensures that it compiles and makes it more discoverable in godoc.
Change-Id: I50a3deb23110017d0...
github.com/cert-manager/crypto - 12c985af8526c1f6f0c463bbfd9d69623d13b323 authored over 7 years ago by Ross Light <[email protected]>
Consider the following code:
var p *int
a := []int{0, 1, 2, 3}
for _, i := range a {
if i =...
After receiving a badNonce error, the call can be safely retried. Nonce
errors can happen unexpe...
Change-Id: I271c90ff3a6d59e2e075c785a6bdb79e4b0849fa
Reviewed-on: https://go-review.googlesource...
Fixes a nil pointer dereference that slipped through buildbots because
it was introduced by the ...
The normal handshake kicks off with a waitSession(), which guarantees
that we never attempt to s...
Simplify the constant swap function.
On amd64: Replace the CMOVQEQ scheme with SSE2 code simila...
github.com/cert-manager/crypto - cd11541cdfcb6d51d1d78f27d596cf7bdff346f7 authored over 7 years ago by Andreas Auernhammer <[email protected]>Context.Err() is not valid before Context.Done().
Updates golang/go#19856
Change-Id: I7605bb22...
github.com/cert-manager/crypto - 9b9c1afcb078c2080cd1fac84be67797a33a32e9 authored over 7 years ago by Brad Fitzpatrick <[email protected]>This change breaks backwards compatibility.
MaxAuthTries specifies the maximum number of authen...
github.com/cert-manager/crypto - 9ef620b9ca2f82b55030ffd4f41327fa9e77a92c authored over 7 years ago by James Myers <[email protected]>
This commit implements OpenSSH streamlocal extension, providing the equivalent
of `ssh -L local....
The ctxhttp package used to be big and gross before net/http supported
contexts natively. Nowada...
Add import comment for blake2b, blake2s, chacha20poly1305 and cryptobyte.
Change-Id: I4703b5cd6...
github.com/cert-manager/crypto - 55a552f0823e0d3d54931488a2993ebd2fd0258c authored over 7 years ago by Andreas Auernhammer <[email protected]>
A certificate must have the Server Auth Extended Key Usage to be used
for TLS, and an ECDSA cert...
Adds support for parsing RSA keys in the openssh-key-v1 private key format.
Change-Id: Iacdcbaa...
github.com/cert-manager/crypto - c2303dcbe84172e0c0da4c9f083eeca54c06f298 authored over 7 years ago by Paul Querna <[email protected]>
Change-Id: I92c3916b0b5628dc2079af82202d9bfef032c708
Reviewed-on: https://go-review.googlesource...
Now users can do 1-line LetsEncrypt HTTPS servers:
log.Fatal(http.Serve(autocert.NewListene...
github.com/cert-manager/crypto - b020702ab212964a017cbb8f7db52b5367017a4d authored over 7 years ago by Brad Fitzpatrick <[email protected]>This fixes weirdness when users use int64(-1) as sentinel value.
Also, really use cipher specif...
github.com/cert-manager/crypto - c78caca803c95773f48a844d3dcab04b9bc4d6dd authored over 7 years ago by Han-Wen Nienhuys <[email protected]>
Previously, the public key authentication for clients would send an
enquiry to the remote for ev...
The standard library context package has been available since Go 1.7,
and the Go build dashboard...
Change-Id: I061b797d46097e37880bea1911475e2b2f1a0378
Reviewed-on: https://go-review.googlesource...
Thanks to Anisse Astier (@anisse) for noticing.
Change-Id: I1c282b2bb54601cf5649e194eafd5344c70...
github.com/cert-manager/crypto - 3cb07270c9455e8ad27956a70891c962d121a228 authored over 7 years ago by Brad Fitzpatrick <[email protected]>Fixes #18850.
Change-Id: Id3ae89233f9e95ec3238462bf2ecda3e0c515f88
Reviewed-on: https://go-revi...
This change breaks existing behavior.
Before, a missing ClientConfig.HostKeyCallback would caus...
github.com/cert-manager/crypto - e4e2799dd7aab89f583e1d898300d96367750991 authored over 7 years ago by Han-Wen Nienhuys <[email protected]>Fixes golang/go#19542
Change-Id: I60d2370d1d1e0763c72c9cc203ea2ff21123af73
Reviewed-on: https:/...
cryptobyte is a helper library for building and parsing byte strings,
specifically for TLS and A...
Register BLAKE2s-256 if the package is imported.
Change-Id: Ib415ae641f21d863720bf9c089017ee9765...
Register BLAKE2b-256, BLAKE2b-384 and BLAKE2b-512 if the package is imported.
Change-Id: Iba425a...
This is the test that I use to sanity-check significant changes to the
package, thus it's probab...
The test was assuming that the OCSP creation wouldn't cross a minute
boundary, which is flakey n...
Before this change, every JWS-signed request was preceded
by a HEAD request to fetch a fresh non...
Reduce code complexity by replacing the floating-point implementation
with a 32-bit implementati...
On some amd64 CPUs (Xeon E5-2680v4 / E5-2620v3) using SSE and AVX instructions
leads to very low...
Fixes golang/go#17676
Change-Id: I96c51431b174898a6bc0f6bec7f4561d5d64819f
Reviewed-on: https:/...
memCache used an unsynchronized map, which failed go test -race. Add a
mutex and constructor fun...
Fixes golang/go#18820.
Change-Id: I4b3a49b3bbbecc4e1008989fefd39da9725a28ea
Reviewed-on: https:...
Missed a copy/paste of netPipe in change 36110.
Change-Id: I1a850dd9273d71fadc0519cf4cb2a2de6ec...
github.com/cert-manager/crypto - 5a6e40e042292b81de1d40719a995dc058f7cbf1 authored almost 8 years ago by Heschi Kreinick <[email protected]>The previous attempt would fail in the following scenario:
* select picks "first" kex from requ...
github.com/cert-manager/crypto - 77014cf7f9bde4925afeed52b7bf676d5f5b4285 authored almost 8 years ago by Han-Wen Nienhuys <[email protected]>
The ssh tests currently require 127.0.0.1 to work which isn't
necessarily available everywhere. ...
Since encryption messes up the packets, the wrongly retained packets
look like noise and cause a...
This is a simple minded, fast print, suitable for debugging timing
sensitive issues.
Change-Id:...
github.com/cert-manager/crypto - b05791f2e11c76a1ca25fd2181cc059e14bceeaa authored almost 8 years ago by Han-Wen Nienhuys <[email protected]>
Often intermediate results of poly1305 calculations are only reduced to
the range [0, 2^130). Th...
1) Always force a key exchange if we exchange 2^31 packets. In the past
this might not happen if...
The initial kex is started from both sides simultaneously, and before,
we could consume the the ...
The previous name did not have the '_test.go' suffix and so was
always built.
Change-Id: I2d18d...
github.com/cert-manager/crypto - 854ae91cdcbf914b499b1d7641d07859f3653481 authored almost 8 years ago by Michael Munday <[email protected]>The file was originally added in 2016.
Change-Id: I1b5c01400fb73e83f39c086ea1235a948d27308d
Rev...
Change-Id: I2ee0ed4ba82d2d156a7896551dea04b28cdeceb0
Reviewed-on: https://go-review.googlesource...
Due to a missing return, corrupt TLV data would cause an infinite loop
that consumes memory, eve...
This serves as a basic sanity check and also prevents malformed private
keys from setting P=0 an...
The inline struct has the wrong order for the public and private key parts.
Change-Id: Ib3a5d68...
github.com/cert-manager/crypto - b82246307bd525fde15c1df976318003716bca68 authored almost 8 years ago by Paul Querna <[email protected]>
According to the io.Reader docs, Alex had it right the first time. (See
discussion on https://go...
Fixes golang/go#16552
Change-Id: I18a9c9b42fe042c4871b3efb3f51bef7cca335d0
Reviewed-on: https:/...
Use channels and a dedicated write loop for managing the rekeying
process. This lets us collect...
Update golang/go#18673.
Change-Id: I3ba89bab42f17e6fd7005df40c7a853aef1fda37
Reviewed-on: https...
Change-Id: Ib35ce0e7437e32a3fa24a9330c479306b7fa6880
Reviewed-on: https://go-review.googlesource...
This prevents these messages from confusing higher layers of the
protocol.
Fixes #16927.
Chang...
github.com/cert-manager/crypto - 7c6cc321c680f03b9ef0764448e780704f486b51 authored almost 8 years ago by Han-Wen Nienhuys <[email protected]>
Change-Id: I13dc3119cb46f0649147959c05c6c62624c43690
Reviewed-on: https://go-review.googlesource...
This patch makes the Restore function return nil
on success to be consistent with other function...
This change detects BMI2 usability as an additional condition
to examine the usability of AVX2 v...
Change-Id: I85c2912a6862c6c251450f2a0926ecd33a9fb8e7
Reviewed-on: https://go-review.googlesource...
Change-Id: Ib9ebb1a2eff4b61f60453086be5c63ac7af1f7fc
Reviewed-on: https://go-review.googlesource...
ResponderID is unmarshalled into either ResponderName or
ResponderKeyHash depending on which one...
Add an AVX implementation and improve SSE4.1 assembly.
AVX vs SSE4.1
name old time/op new t...
Change-Id: I55a2ad4495f4e1164af6a8504b035cf658f8b822
Reviewed-on: https://go-review.googlesource...
Change-Id: Iafe2ebb6d37afd2a64aa72750a722d4860bb735e
Reviewed-on: https://go-review.googlesource...
Change-Id: Icf4ccb29e9eae0fb6fd237ca1d8785d4fd39a8d8
Reviewed-on: https://go-review.googlesource...
Currently, autocert.Manager always generates EC-based certificates.
This change adds an optional...
A net.IP may be represented by both by a 4 as well as a 16 byte long
byte slice. Because of this...
Change-Id: Icae0ec427183d1e319f5a28d6372c823c269d898
Reviewed-on: https://go-review.googlesource...
Allows user to set the hash function to use in the OCSP response
when using ocsp.CreateResponse ...
911fafb28f4 made MakeRaw match C's behaviour. This included clearing the
OPOST flag, which means...
Change-Id: Icb220341756f472ade15f5fc6b91016214233da9
Reviewed-on: https://go-review.googlesource...
For golang/go#18154.
Change-Id: Ieab8bae9cb8be5e2817a87ae62ac0a2218f63dbb
Reviewed-on: https://...
I missed this in the initial review but this will cause blake2b to
SIGILL on, at least, some Ato...
Browsers can send an SNI name of "example.com." for
https://example.com./ but LetsEncrypt reject...
Implement a standards-compliant fingerprint format method (RFC 4716 section 4)
and a newer SHA25...
Similarly to https://go-review.googlesource.com/32311,
chacha20poly1305 needs additional build c...
Having a trailing comma before a space doesn't mean that the next option
will be ANDed rather th...
Let's Encrypt apparently implements authorization revocation as specified
in the v3 of the spec:...
Rather than change the value of R13 during the execution, keep R13 fixed
(after the initial prel...
This adds use* flags for all arches so a common test can observe what
implementations are suppor...
This adds use* flags for all arches so a common test can observe what
implementations are suppor...
The frame is actually 16 bytes plus alignment, not 0.
This fixes the build on Go 1.6.
Change-I...
github.com/cert-manager/crypto - 3c0d69f1777220f1a1d2ec373cb94a282f03eb42 authored about 8 years ago by Austin Clements <[email protected]>
Now that the frame sizes of these functions are correct, the compiler
is detecting that they ove...
keccakF1600 manually subtracts 200 from SP, but the generated prologue
already does this and the...
SP offsets were adjusted to fill in the now unused callee save area
using the following Python s...
The spadj computation in the assembler can't handle SP alignment code
and will just get confused...
Similar to the previous commit, blake2b's assembly routines claim they
have a zero byte frame an...
Currently blake2s's assembly routines claim they have a zero byte
frame and manually subtract up...
The assembly implementations of ladderstep and mul contain register
save prologues that are unne...
The curve25519 assembly routines do very non-Go-ABI SP adjustments.
These would thoroughly confu...
5f31782cfb2b6373211f8f9fbf31283fa234b570 added build constraints to
disable assembly for Go 1.6 ...
Up till now, sum_arm.s was working only because of luck. It was written
assuming that it had sta...
Change-Id: I6c33e69dc3e45d86843861973952d6f11c0fae88
Reviewed-on: https://go-review.googlesource...
Add the hash function BLAKE2b defined in RFC 7693.
On amd64/AVX2
name time/op
Write128-4 164...
The names of the constant values were previously not scoped to the
package and |andMask| could c...
The ARM assembly doesn't work for NaCl on ARM because it doesn't meet
the required rules. This c...
Add hash function BLAKE2s defined in RFC 7693.
On amd64/SSE4:
name time/op
Write64-4 1...