From 1501758178629e041455c6d99e5aaa7d1ff36f10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florent=20H=2E=20CARR=C3=89?= Date: Sun, 19 Nov 2017 02:29:04 +0100 Subject: [PATCH 1/5] switch to go 1.9.2 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index fb29df5f6f44..5d737f5d8a50 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,7 @@ services: - docker go: - - 1.9.1 + - 1.9.2 matrix: allow_failures: From 19647bc36653081f514c9c6717ba084f435b3e1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florent=20H=2E=20CARR=C3=89?= Date: Sun, 19 Nov 2017 02:29:51 +0100 Subject: [PATCH 2/5] add RSA 16384 --- builtin/logical/pki/cert_util.go | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index 9356cdde8df6..c06778fb5267 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -122,6 +122,7 @@ func validateKeyTypeLength(keyType string, keyBits int) *logical.Response { case 2048: case 4096: case 8192: + case 16384: default: return logical.ErrorResponse(fmt.Sprintf( "unsupported bit length for RSA key: %d", keyBits)) From c8f7a5b2b00673b80486ff7e99268168f97817f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florent=20H=2E=20CARR=C3=89?= Date: Sun, 19 Nov 2017 02:31:30 +0100 Subject: [PATCH 3/5] switch default to 2048 so same default that ssh-keygen --- builtin/logical/ssh/path_roles.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go index ec2d534496b5..1266ef2a0477 100644 --- a/builtin/logical/ssh/path_roles.go +++ b/builtin/logical/ssh/path_roles.go @@ -83,7 +83,7 @@ func pathRoles(b *backend) *framework.Path { Description: ` [Required for Dynamic type] [Not applicable for OTP type] [Not applicable for CA type] Admin user at remote host. The shared key being registered should be - for this user and should have root privileges. Everytime a dynamic + for this user and should have root privileges. Everytime a dynamic credential is being generated for other users, Vault uses this admin username to login to remote host and install the generated credential for the other user.`, @@ -386,15 +386,15 @@ func (b *backend) pathRoleWrite(req *logical.Request, d *framework.FieldData) (* return logical.ErrorResponse("missing admin username"), nil } - // This defaults to 1024 and it can also be 2048. + // This defaults to 1024 and it can also be 2048 and 4096. keyBits := d.Get("key_bits").(int) - if keyBits != 0 && keyBits != 1024 && keyBits != 2048 { + if keyBits != 0 && keyBits != 1024 && keyBits != 2048 && keyBits != 4096 { return logical.ErrorResponse("invalid key_bits field"), nil } - // If user has not set this field, default it to 1024 + // If user has not set this field, default it to 2048 if keyBits == 0 { - keyBits = 1024 + keyBits = 2048 } // Store all the fields required by dynamic key type From 875a0e479d152d8af7835f4bf325cb7e1faf4035 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florent=20H=2E=20CARR=C3=89?= Date: Mon, 27 Nov 2017 17:36:03 +0100 Subject: [PATCH 4/5] rollback .travis.yml to go 1.9.1 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 5d737f5d8a50..fb29df5f6f44 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,7 @@ services: - docker go: - - 1.9.2 + - 1.9.1 matrix: allow_failures: From 5259247856bedaf02167b2e092f6d0a2053fdc26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florent=20H=2E=20CARR=C3=89?= Date: Mon, 4 Dec 2017 17:12:38 +0100 Subject: [PATCH 5/5] remove RSA 16384 --- builtin/logical/pki/cert_util.go | 1 - 1 file changed, 1 deletion(-) diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index c06778fb5267..9356cdde8df6 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -122,7 +122,6 @@ func validateKeyTypeLength(keyType string, keyBits int) *logical.Response { case 2048: case 4096: case 8192: - case 16384: default: return logical.ErrorResponse(fmt.Sprintf( "unsupported bit length for RSA key: %d", keyBits))