- parse PEM CSRs to DER before sending them to the signer
- handle SignCertificate and SignOpenPGP response messages
- add file system prefix constants for writing certificate files
- define supported hash algorithms
- fix handling of signing requests without organization, organizational unit,
or location information
- use a different SMTP port for debugging with mailpit
- Rename client.CertInfo to CACertificateInfo
- declare commands channel inside client.Run, there is no need to inject it
from the outside
- let command generating code in client.commandLoop run in goroutines to
allow parallel handling of queued commands and avoid blocking operations
- pass context to command generating functions to allow cancellation
- guard access to c.knownCACertificates by mutex.Lock and mutex.Unlock
- make command channel capacity configurable
- update to latest cacert-gosigner dependency for channel direction support
- improve handling of closed input channel
- reduce client initialization to serial connection setup, move callback and
handler parameters to client.Run invocation
This commit adds code to allow the generation of a default client
configuration. The generator is run instead of the regular client
code, when the option -generate-config is passed on the command
line.
Change the behaviour of the client to use the new CAInfoCommand support in
cacert-gosigner.
The client has a new mechanism to generate new commands as reaction to
received responses. This functionality is used to retrieve CA certificate
information when certificates previously unknown to the client appear
and to trigger CRL retrieval for new certificates.
New CA certificates announced by the signer are detected and information is
retrieved. The retrieved CA certificate is stored alongside the CRL files
in a configurable directory (defaults to "public" in the working directory
of the signerclient process).
- add callback support to client and handler
- implement support for updating the CA certificates and profiles from
health data of the signer
- implement CRL retrieval from the signer including delta CRL support
- implement error response handling
- add configurable start and interval timers for health and CRL data