sscg 2.6.0

Highlights

• Can now generate an empty CRL file.
• Can now create and store a Diffie-Hellman parameters (dhparams) file.
• Support for setting a password on private keys.
• Support for generating a client authentication certificate and key.
• Better support for OpenSSL 1.0

Full log

Patrick Uiterwijk (1):

• Initialize OpenSSL with OpenSSL <1.1.0

Stephen Gallagher (25):

• Work around Coverity certificate problem
• Clean up popt options table
• Fix up minor formatting issue
• Add password support for private keys
• Allow specifying keyfile password by file
• CI: Run tests on multiple Fedora releases
• CI: Run tests on CentOS 7
• Merge remote-tracking branch 'tipabu/crl-file'
• Update .gitignore file
• Add function for DH parameter generation
• Generate DH parameters file
• Update CI test hosts
• Add serverAuth extendedKeyUsage for server certificates
• Rename create_service_cert() to create_cert()
• Use a common macro for default file modes
• Add I/O utility routines
• Rework output file handling
• Check for invalid file combinations
• Add support for client certificates
• Better error message for client certs without public key file
• Add talloc_report() debugging option
• Fix memory leak in sscg_sign_x509_csr()
• Address clang-analyzer warning
• Run ninja scan-build in CI
• Update version to 2.6.0

Tim Burke (1):

• Add --crl-file option

SSCG 2.5.1

Fix issues discovered by automated testing.

SSCG 2.5.0

Add auto-detection for hash algorithm based on system security level.

SSCG 2.4.0

• Add a manpage
• Set the minimum key strength based on the system security level
• Add support for arbitrary key sizes

SSCG 2.3.3

Prevent SSCG from overwriting existing files unless forced

SSCG 2.3.2

Properly support hostnames up to 64 characters
Resolves: rhbz#1535537

SSCG 2.3.1

Add support for using an embedded copy of popt for platforms that don't support popt 1.14 or newer.

SSCG 2.3.0

Switch to the meson build system

Add support for non-DNS subjectAlternativeName values (fixes bug #4)

SSCG 2.2.0

Reorder combined PEM file output

This will fix issues with mod_ssl, which requires that the service certificate is listed first in the file.

SSCG 2.1.0

Adds support for setting the emailAddress field in the certificate issuer.