Releases: sgallagher/sscg
Releases · sgallagher/sscg
sscg-4.0.3
sscg-4.0.3
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
42a443d
This commit was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
What's Changed
- Better handling of files by @sgallagher in #101
Full Changelog: sscg-4.0.2...sscg-4.0.3
Contributors
sgallagher
Assets 2
sscg-4.0.2
sscg-4.0.2
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
a8c45ef
This commit was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
What's Changed
- Fix regression in 4.0.1 when attempting to use the same file for both the CA and certificate by @sgallagher in #100
Full Changelog: sscg-4.0.1...sscg-4.0.2
Contributors
sgallagher
Assets 2
sscg-4.0.1
sscg-4.0.1
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
9708ebc
This commit was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
What's Changed
- Drop path_utils dependency by @sgallagher in #95
- Rework file opening to avoid TOCTOU issues by @sgallagher in #96
- Minor bugfixes by @sgallagher in #98
Full Changelog: sscg-4.0.0...sscg-4.0.1
Contributors
sgallagher
Assets 2
sscg-4.0.0
sscg-4.0.0
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
SSCG 4.0.0 Release Announcement
We are excited to announce the release of SSCG 4.0.0! This major release brings significant new features, modernization improvements, and important breaking changes.
🎉 Highlights
Post-Quantum Cryptography Support
SSCG now supports ML-DSA (Module-Lattice-Based Digital Signature Algorithm) key generation, bringing post-quantum cryptography capabilities to the tool. This ensures future-readiness against quantum computing threats.
ECDSA Key Support
In addition, SSCG now supports ECDSA (Elliptic Curve Digital Signature Algorithm) key generation, providing modern cryptographic options with smaller key sizes and improved performance.
Enhanced Command-Line Interface
The help output has been completely reorganized into logical groups, making it significantly easier to discover and use the various options available.
✨ New Features
-
ML-DSA Key Generation: Generate post-quantum cryptographic keys with OpenSSL 3.5+
- New command-line arguments for ML-DSA configuration
- Proper handling of ML-DSA signing semantics (digest-less operation)
-
ECDSA Key Generation: Generate elliptic curve keys
- Support for various EC curves
- Enhanced CLI arguments for EC-DSA configuration
-
Enhanced Security: Minimum RSA key strength for private CA raised to 4096 bits (matches service certificate if set higher)
🔧 Internal Improvements
- Refactored Key Creation: Separated key creation logic from certificate creation for better modularity and multi-algorithm support
- Enhanced Testing:
- Separate validity tests for RSA, ECDSA, and ML-DSA certificates
- Extended test coverage for CA and certificate creation with new key types
- Improved Code Organization: Logging functionality split into its own header and implementation files
- Better Code Formatting: Updated clang-format configuration for improved consistency
🚨 Breaking Changes
DH Parameters Changes
- No longer generates DH parameters file by default (Fixes #91)
- DH parameters were always generated by default for backwards compatibility, but this was never the desired behavior
- Use the
--dhparams-fileargument if you explicitly need DH parameters
- Custom DH parameter generation deprecated (Fixes #88)
--dhparams-prime-lenargument still works for now but it is hidden from the documentation- This option will be removed in SSCG 5.0
Removed Options
- Dropped
--packageargument: This option was deprecated in SSCG 3.0 and has been completely removed in 4.0 as it has been meaningless for years
Build Requirements
- Minimum OpenSSL version: 3.x: Dropped compatibility with OpenSSL 1.1 and 2.x
- Updated C standard: Now requires C standard support of C17 + GNU extensions (gcc 11+, clang 6+)
- Removed pkgconfig dependency: Unused dependency has been dropped
🔍 Bug Fixes
- Fixed NULL pointer dereference issues in tests (Coverity #1648023)
- Fixed formatting issues throughout the codebase
- Various code quality improvements
🏗️ Infrastructure
- CI now tests on Fedora ELN in addition to other platforms
- CI runs are no longer restricted to the main branch
- Updated GitHub Actions checkout action to v5
- Build and test processes improved for container environments
📝 Requirements
- OpenSSL 3.x or later
- C compiler with C17 + GNU extensions standard support
- Meson build system
📥 Getting SSCG 4.0.0
Source tarballs and additional information are available at:
- GitHub: https://github.com/sgallagher/sscg
- Releases: https://github.com/sgallagher/sscg/releases/tag/sscg-4.0.0
For bug reports and feature requests, please visit our issue tracker.
For information on contributing to SSCG, please see our CONTRIBUTING.md guide.
Full Changelog: sscg-3.0.8...sscg-4.0.0
sscg-3.0.8
sscg-3.0.8
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
What's Changed
- Minor include fixes by @ptoscano in #76
- Make the test suite more comprehensive by @sgallagher in #77
- Add i18n support and a better README by @sgallagher in #78
- Fix detection of invalid hashes and update test by @sgallagher in #79
- Fix IP address handling in CA certificate SAN constraints by @sgallagher in #81
- Update copyright notices by @sgallagher in #82
- Fix Coverity-discovered issues with new tests by @sgallagher in #83
New Contributors
Full Changelog: sscg-3.0.7...sscg-3.0.8
Contributors
sgallagher and ptoscano
Assets 2
sscg-3.0.7
sscg-3.0.7
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
What's Changed
- Rework CI tests for new Github runners by @sgallagher in #73
- Ensure 'critical' basicConstraint for CA cert by @sgallagher in #75
Full Changelog: sscg-3.0.6...sscg-3.0.7
Contributors
sgallagher
Assets 2
sscg-3.0.6
sscg-3.0.6
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
What's Changed
- Extend maximum DNS name to 255 by @sgallagher in #70
- Fix compatibility with OpenSSL 3.4+
Full Changelog: sscg-3.0.5...sscg-3.0.6
Contributors
sgallagher
Assets 2
sscg-3.0.5
sscg-3.0.5
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
Full Changelog: sscg-3.0.4...sscg-3.0.5
sscg-3.0.4
sscg-3.0.4
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
e87dd74
This commit was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
Full Changelog: sscg-3.0.3...sscg-3.0.4
sscg-3.0.3
sscg-3.0.3
This tag was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
252b115
This commit was signed with the committer’s verified signature.
The key has expired.
sgallagher
Stephen Gallagher
What's Changed
- Debian packaging: Drop obsolete popt paragraph by @martinpitt in #53
- CI: Drop CentOS Linux, long live CentOS Stream! by @sgallagher in #54
- Packit: Drop redundant epel-8 build by @sgallagher in #55
- Get Fedora container images from Quay.io by @sgallagher in #57
- Truncate IP address in SAN by @sgallagher in #56
- Modernize the Packit configuration by @sgallagher in #58
- Increase create_csr_test unit test timeout by @martinpitt in #60
- Add tests for cert validity and key strength by @sgallagher in #61
- dhparams: don't fail if default file can't be created by @sgallagher in #62
- Update Github checkout to v3 by @sgallagher in #63
- Track the latest run-on-arch action by @sgallagher in #64
- Add Ubuntu 22.04 to the test matrix by @sgallagher in #65
Full Changelog: sscg-3.0.2...sscg-3.0.3
Contributors
martinpitt and sgallagher