sscg-3.0.5

Full Changelog: sscg-3.0.4...sscg-3.0.5

sscg-3.0.4

Full Changelog: sscg-3.0.3...sscg-3.0.4

sscg-3.0.3

What's Changed

• Debian packaging: Drop obsolete popt paragraph by @martinpitt in #53
• CI: Drop CentOS Linux, long live CentOS Stream! by @sgallagher in #54
• Packit: Drop redundant epel-8 build by @sgallagher in #55
• Get Fedora container images from Quay.io by @sgallagher in #57
• Truncate IP address in SAN by @sgallagher in #56
• Modernize the Packit configuration by @sgallagher in #58
• Increase create_csr_test unit test timeout by @martinpitt in #60
• Add tests for cert validity and key strength by @sgallagher in #61
• dhparams: don't fail if default file can't be created by @sgallagher in #62
• Update Github checkout to v3 by @sgallagher in #63
• Track the latest run-on-arch action by @sgallagher in #64
• Add Ubuntu 22.04 to the test matrix by @sgallagher in #65

Full Changelog: sscg-3.0.2...sscg-3.0.3

SSCG 3.0.2

What's Changed

• Debian packaging: Accept *.tar.gz files as well, bump test timeouts by @martinpitt in #48
• Debian packaging: Drop bogus Recommends: by @martinpitt in #49
• dhparams: Fix the FIPS_mode() call for OpenSSL 3.0 by @schopin-pro in #51

New Contributors

• @schopin-pro made their first contribution in #51

Full Changelog: sscg-3.0.1...sscg-3.0.2

SSCG 3.0.1

What's Changed

• Debian packaging: Add subprojects/popt to copyright by @martinpitt in #26
• Debian packaging updates, fix build failures due to test timeout, fix CI on Fedora/CentOS by @martinpitt in #27
• Correct certificate lifetime calculation by @allisonkarlitskaya in #28
• Drop popt and clean up git archive by @sgallagher in #34

New Contributors

• @allisonkarlitskaya made their first contribution in #28

Full Changelog: sscg-3.0.0...sscg-3.0.1

sscg 3.0

sscg 3.0

New features

• Support for OpenSSL 3.0
• Support for outputting named Diffie-Hellman parameter groups
• Support for CentOS Stream 9

Major version notes

• SSCG now requires OpenSSL 1.1.0 or later.
• sscg will now always output DH parameters to a PEM file. It will default to using the ffdhe4096 group.
• Generated certificate lifetime now defaults to 398 days, rather than ten years to conform to modern browser expectations.

sscg-2.6.2: Release SSCG 2.6.2

Stephen Gallagher (5):

• Fix missing error check
• Read long password files properly
• Make clang-format optional
• Fix Coverity scans
• Release 2.6.2

sscg 2.6.1

Changelog

Stephen Gallagher (14):

• Bump version to 2.6.1dev
• Fix help message for --client-key-file
• Run clang-format
• Further clarify --client-key-file help message
• Check that key passphrases are within 4-1023 characters
• Output private keys with 2048 iteration count
• Rework passphrase handling
• Fix wrong x509 version in CSR
• Fix memory leaks
• Fix alignment issue with popt
• Prevent uninitialized read error
• Add missing newline for error message
• Fix OpenSSL 1.0 support
• Fix formatting

sscg 2.6.0

Highlights

• Can now generate an empty CRL file.
• Can now create and store a Diffie-Hellman parameters (dhparams) file.
• Support for setting a password on private keys.
• Support for generating a client authentication certificate and key.
• Better support for OpenSSL 1.0

Full log

Patrick Uiterwijk (1):

• Initialize OpenSSL with OpenSSL <1.1.0

Stephen Gallagher (25):

• Work around Coverity certificate problem
• Clean up popt options table
• Fix up minor formatting issue
• Add password support for private keys
• Allow specifying keyfile password by file
• CI: Run tests on multiple Fedora releases
• CI: Run tests on CentOS 7
• Merge remote-tracking branch 'tipabu/crl-file'
• Update .gitignore file
• Add function for DH parameter generation
• Generate DH parameters file
• Update CI test hosts
• Add serverAuth extendedKeyUsage for server certificates
• Rename create_service_cert() to create_cert()
• Use a common macro for default file modes
• Add I/O utility routines
• Rework output file handling
• Check for invalid file combinations
• Add support for client certificates
• Better error message for client certs without public key file
• Add talloc_report() debugging option
• Fix memory leak in sscg_sign_x509_csr()
• Address clang-analyzer warning
• Run ninja scan-build in CI
• Update version to 2.6.0

Tim Burke (1):

• Add --crl-file option

SSCG 2.5.1

Fix issues discovered by automated testing.