3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-15 01:02:54 +02:00
Code Issues Projects Releases Packages Wiki Activity
3183 commits 165 branches 127 tags 106 MiB
Commit graph

21 commits

Author SHA1 Message Date
Caleb Doxsey
53573dc046
core/config: remove version (#4653) 
* core/config: remove version

* lint

* fix
 2023-11-01 10:19:55 -06:00
Caleb Doxsey
ae420f01c6
core/config: add config version, additional telemetry (#4645) 
* core/config: add config version, additional telemetry

* typo
 2023-10-27 15:16:40 -06:00
Kenneth Jenkins
a1388592d8
stub out HPKE public key fetch for self-hosted authenticate (#4360) 
Fetch the HPKE public key only when configured to use the hosted
authenticate service. Determine whether we are using the hosted
authenticate service by comparing the resolved authenticate domain with
a hard-coded list of hosted authenticate domains.

Extract this list of hosted authenticate domains to the internal/urlutil
package in order to keep a single source of truth for this data.
 2023-07-13 10:04:34 -07:00
Caleb Doxsey
e3b2b3994c
improve certificate matching performance (#4186) 2023-05-23 07:39:02 -06:00
Denis Mishin
80ffefeafd
fix WillHaveCertificateForServerName check to be strict match for derived cert name (#4167) 2023-05-09 18:54:50 -04:00
Caleb Doxsey
0f295d4a63
hpke: move published public keys to a new endpoint (#4044) 2023-03-08 09:17:04 -07:00
Caleb Doxsey
d2b732243a
cryptutil: generate certificates from deriveca (#3992) 2023-02-23 08:38:56 -07:00
Denis Mishin
62ca7ffaa2
authenticate: fix authenticate_internal_service_url for all in one (#4003) 2023-02-22 10:42:27 -05:00
Caleb Doxsey
da46b4a47d
config: use insecure skip verify if derived certificates are not used (#3861) 2023-01-11 13:50:51 -07:00
Caleb Doxsey
3f1a87727f
config: generate derived certificates instead of self-signed certificates (#3860) 2023-01-06 12:50:40 -07:00
Denis Mishin
488bcd6f72
auto tls (#3856) 2023-01-05 16:35:58 -05:00
Denis Mishin
a49f86d023
use tlsClientConfig instead of custom dialer (#3830) 
* use tlsClientConfig instead of custom dialer

* rm debug log
 2022-12-27 09:55:36 -07:00
Caleb Doxsey
e5ac784cf4
autocert: add support for ACME TLS-ALPN (#3590) 
* autocert: add support for ACME TLS-ALPN

* always re-create acme tls server
 2022-08-29 16:19:20 -06:00
Denis Mishin
f67b33484b
add metrics aggregation (#3452) 2022-06-30 10:52:45 -04:00
Denis Mishin
d1037d784a
allow pomerium to be embedded as a library (#3415) 2022-06-15 20:29:19 -04:00
Caleb Doxsey
b435f73e2b
authenticate: fix debug and metrics endpoints (#3212) 2022-03-30 09:37:37 -06:00
Caleb Doxsey
bbec2cae9f
grpc: send client traffic through envoy (#2469) 
* wip

* wip

* handle wildcards in override name

* remove wait for ready, add comment about sync, force initial sync complete in test

* address comments
 2021-08-16 16:12:22 -06:00
Caleb Doxsey
fcb33966e2
config: add enable_google_cloud_serverless_authentication to config protobuf (#2306) 
* config: add enable_google_cloud_serverless_authentication to config protobuf

* use dependency injection for embedded envoy provider

* Revert "use dependency injection for embedded envoy provider"

This reverts commit 5c08990501.

* config: attach envoy version to Config to avoid metrics depending on envoy/files
 2021-06-21 18:00:29 -06:00
Caleb Doxsey
853d2dd478
config: use getters for certificates (#2001) 
* config: use getters for certificates

* update log message
 2021-03-23 08:02:50 -06:00
Caleb Doxsey
f396c2a0f7
config: log config source changes (#1959) 
* config: log config source changes

* use internal log import
 2021-03-03 09:54:08 -07:00
Caleb Doxsey
c90eda5622
autocert: store certificates separately from config certificates (#1794) 2021-01-21 13:13:55 -07:00