Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sscg 3.0 #24

Merged
merged 17 commits into from
Jul 21, 2021
Merged

sscg 3.0 #24

merged 17 commits into from
Jul 21, 2021

Conversation

sgallagher
Copy link
Owner

@sgallagher sgallagher commented Jul 21, 2021
edited
Loading

Changes for sscg 3.0

New features

  • Support for OpenSSL 3.0
  • Support for outputting named Diffie-Hellman parameter groups
  • Support for CentOS Stream 9

Major version notes

  • SSCG now requires OpenSSL 1.1.0 or later.
  • sscg will now always output DH parameters to a PEM file. It will default to using the ffdhe4096 group.
  • Generated certificate lifetime now defaults to 398 days, rather than ten years to conform to modern browser expectations.

sgallagher added 12 commits July 16, 2021 10:04
@sgallagher
Drop exponent argument from sscg_generate_rsa_key
239de25 
We always use the same value and OpenSSL 3.0 doesn't even accept
it as an argument anymore.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Add CentOS Stream 9 to tests
4344b54 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Bump version to 3.0.0dev
79fe37b 
Drop support for OpenSSL < 1.1.0

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Separate argument parsing into its own file
702116b 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Use EVP_rsa_gen() on OpenSSL 3.0
060b49b 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Use EVP_PKEY functions for dhparams
0d4b414 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Add support for named DH parameters
4288474 
Fixes #19

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Replace BN_pseudo_rand() with BN_rand()
150aca0 
Since 1.1.0, they have been identical and the former version is now
deprecated in 3.0.0.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Update multiarch tests for switch to ghcr.io
45070b4 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Don't run slow tests in CI
75d36ea 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Reduce default certificate lifetime to 398 days
9cfe08d 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Output ffdhe4096 DH parameters by default
738716f 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher sgallagher added this to the 3.0.0 milestone Jul 21, 2021
@sgallagher
Allow Ubuntu tests to fail
8dd8d6f 
Currently, OpenSSL on Ubuntu 18.04 does not properly verify DH
parameters.

See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1936975
for more details.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
CI: Replace F32 with F35
2201a6e 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
CI: Run on main branch (or PRs) only
1d35d6c 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher sgallagher linked an issue Jul 21, 2021 that may be closed by this pull request
Only generate parameters approved by current crypto-policy #19
Closed
@sgallagher
Display valid named groups
0c5c398 
Reports invalid groups earlier as well, before the certificates
are created.

Also fixes a bug where failure from the argument parser wasn't
noticed.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher
Update docs for 3.0 release
23a37c6 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
@sgallagher sgallagher changed the title WIP: sscg 3.0 sscg 3.0 Jul 21, 2021
@sgallagher sgallagher merged commit d389c52 into main Jul 21, 2021
@sgallagher sgallagher deleted the openssl3 branch July 21, 2021 18:07
@martinpitt martinpitt mentioned this pull request Aug 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.

Only generate parameters approved by current crypto-policy
1 participant
@sgallagher