rpms
/
sscg
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import sscg-3.0.0-7.el9

Browse Source
c9-beta imports/c9-beta/sscg-3.0.0-7.el9
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
commit d708e29949
8 changed files with 636 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/sscg-3.0.0.tar.xz

1
.sscg.metadata
Unescape View File

@ -0,0 +1 @@
81e3b33e118edff96583314ceb4bfde9a1e6b45c SOURCES/sscg-3.0.0.tar.xz

34
SOURCES/0001-Drop-usage-of-ERR_GET_FUNC.patch
Unescape View File

@ -0,0 +1,34 @@
From d2277e711bb16e3b98f43565e71b7865b5fed423 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Sat, 7 Aug 2021 11:48:04 -0400
Subject: [PATCH 1/2] Drop usage of ERR_GET_FUNC()
This macro was dropped in OpenSSL 3.0 and has actually not been
providing a valid return code for some time.
Related: rhbz#1964837
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
include/sscg.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/include/sscg.h b/include/sscg.h
index faf86ba4f68e186bd35c7bc3ec77b98b8e37d253..851dc93175607e5223a70ef40a5feb24b7b69215 100644
--- a/include/sscg.h
+++ b/include/sscg.h
@@ -94,11 +94,10 @@
if (_sslret != 1) \
{ \
/* Get information about error from OpenSSL */ \
unsigned long _ssl_error = ERR_get_error (); \
if ((ERR_GET_LIB (_ssl_error) == ERR_LIB_UI) && \
- (ERR_GET_FUNC (_ssl_error) == UI_F_UI_SET_RESULT_EX) && \
((ERR_GET_REASON (_ssl_error) == UI_R_RESULT_TOO_LARGE) || \
(ERR_GET_REASON (_ssl_error) == UI_R_RESULT_TOO_SMALL))) \
{ \
fprintf ( \
stderr, \
--
2.33.0

46
SOURCES/0002-Correct-certificate-lifetime-calculation.patch
Unescape View File

@ -0,0 +1,46 @@
From 87604820a935f87a8f533e3f294419d27c0514eb Mon Sep 17 00:00:00 2001
From: Allison Karlitskaya <allison.karlitskaya@redhat.com>
Date: Tue, 26 Oct 2021 12:32:13 +0200
Subject: [PATCH 2/2] Correct certificate lifetime calculation
sscg allows passing the certificate lifetime, as a number of days, as a
commandline argument. It converts this value to seconds using the
formula
days * 24 * 3650
which is incorrect. The correct value is 3600.
This effectively adds an extra 20 minutes to the lifetime of the
certificate for each day as given on the commandline, and was enough to
cause some new integration tests in cockpit to fail.
Interestingly, 3650 is the old default value for the number of days of
certificate validity (~10 years) so this probably slipped in as a sort
of muscle-memory-assisted typo.
Let's just write `24 * 60 * 60` to make things clear.
---
src/x509.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/x509.c b/src/x509.c
index dc1594a4bdcb9d81607f0fe5ad2d4562e5edb533..7c7e4dfe56d5756862f3e0f851941e846ce96f31 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -416,11 +416,11 @@ sscg_sign_x509_csr (TALLOC_CTX *mem_ctx,
X509_set_issuer_name (cert, X509_REQ_get_subject_name (csr));
}
/* set time */
X509_gmtime_adj (X509_get_notBefore (cert), 0);
- X509_gmtime_adj (X509_get_notAfter (cert), days * 24 * 3650);
+ X509_gmtime_adj (X509_get_notAfter (cert), days * 24 * 60 * 60);
/* set subject */
subject = X509_NAME_dup (X509_REQ_get_subject_name (csr));
sslret = X509_set_subject_name (cert, subject);
CHECK_SSL (sslret, X509_set_subject_name);
--
2.33.0

68
SOURCES/0003-Truncate-IP-address-in-SAN.patch
Unescape View File

@ -0,0 +1,68 @@
From 0875cd6169e876c4296a307631d49b801fc686dc Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 8 Mar 2022 16:33:35 -0500
Subject: [PATCH] Truncate IP address in SAN
In OpenSSL 1.1, this was done automatically when addind a SAN extension,
but in OpenSSL 3.0 it is rejected as an invalid input.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
src/x509.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/x509.c b/src/x509.c
index 7c7e4dfe56d5756862f3e0f851941e846ce96f31..e828ec725b23d7ea79393151e7bb436e2f61bdb8 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -131,10 +131,11 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
size_t i;
X509_NAME *subject;
char *alt_name = NULL;
char *tmp = NULL;
char *san = NULL;
+ char *slash = NULL;
TALLOC_CTX *tmp_ctx;
X509_EXTENSION *ex = NULL;
struct sscg_x509_req *csr;
/* Make sure we have a key available */
@@ -265,10 +266,16 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
tmp_ctx, "DNS:%s", certinfo->subject_alt_names[i]);
}
else
{
san = talloc_strdup (tmp_ctx, certinfo->subject_alt_names[i]);
+ /* SAN IP addresses cannot include the subnet mask */
+ if ((slash = strchr (san, '/')))
+ {
+ /* Truncate at the slash */
+ *slash = '\0';
+ }
}
CHECK_MEM (san);
if (strnlen (san, MAXHOSTNAMELEN + 5) > MAXHOSTNAMELEN + 4)
{
@@ -287,11 +294,17 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
alt_name = tmp;
}
}
ex = X509V3_EXT_conf_nid (NULL, NULL, NID_subject_alt_name, alt_name);
- CHECK_MEM (ex);
+ if (!ex)
+ {
+ ret = EINVAL;
+ fprintf (stderr, "Invalid subjectAlternativeName: %s\n", alt_name);
+ goto done;
+ }
+
sk_X509_EXTENSION_push (certinfo->extensions, ex);
/* Set the public key for the certificate */
sslret = X509_REQ_set_pubkey (csr->x509_req, spkey->evp_pkey);
CHECK_SSL (sslret, X509_REQ_set_pubkey (OU));
--
2.35.1

139
SOURCES/0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
Unescape View File

@ -0,0 +1,139 @@
From 282f819bc39c9557ee34f73c6f6623182f680792 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 16 Nov 2022 15:27:58 -0500
Subject: [PATCH] dhparams: don't fail if default file can't be created
Resolves: rhbz#2143206
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
src/arguments.c | 1 -
src/io_utils.c | 12 +++++++++++
src/sscg.c | 55 +++++++++++++++++++++++++++++++++----------------
3 files changed, 49 insertions(+), 19 deletions(-)
diff --git a/src/arguments.c b/src/arguments.c
index 7b9da14a732875b0f33a12e22a97d51a78216839..770d834aacc05d6d92cc0c855852eadb88f8c9bc 100644
--- a/src/arguments.c
+++ b/src/arguments.c
@@ -69,7 +69,6 @@ set_default_options (struct sscg_options *opts)
opts->lifetime = 398;
- opts->dhparams_file = talloc_strdup (opts, "dhparams.pem");
opts->dhparams_group = talloc_strdup (opts, "ffdhe4096");
opts->dhparams_generator = 2;
diff --git a/src/io_utils.c b/src/io_utils.c
index 1b8bc41c3849acbe4657ae14dfe55e3010957129..5d34327bdbe450add5326ac20c337c9399b471dc 100644
--- a/src/io_utils.c
+++ b/src/io_utils.c
@@ -544,6 +544,18 @@ sscg_io_utils_open_output_files (struct sscg_stream **streams, bool overwrite)
{
SSCG_LOG (SSCG_DEBUG, "Opening %s\n", stream->path);
stream->bio = BIO_new_file (stream->path, create_mode);
+ if (!stream->bio)
+ {
+ fprintf (stderr,
+ "Could not write to %s. Check directory permissions.\n",
+ stream->path);
+
+ /* The dhparams file is special, it will be handled later */
+ if (i != SSCG_FILE_TYPE_DHPARAMS)
+ {
+ continue;
+ }
+ }
CHECK_BIO (stream->bio, stream->path);
}
diff --git a/src/sscg.c b/src/sscg.c
index 1bf8019c2dda136abe56acd101dfe8ad0b3d725d..dcff4cd2b8dfd2e11c8612d36ecc94b175e9dc26 100644
--- a/src/sscg.c
+++ b/src/sscg.c
@@ -93,6 +93,7 @@ main (int argc, const char **argv)
int ret, sret;
struct sscg_options *options;
bool build_client_cert = false;
+ char *dhparams_file = NULL;
struct sscg_x509_cert *cacert;
struct sscg_evp_pkey *cakey;
@@ -182,9 +183,19 @@ main (int argc, const char **argv)
options->crl_mode);
CHECK_OK (ret);
+ if (options->dhparams_file)
+ {
+ dhparams_file = talloc_strdup (main_ctx, options->dhparams_file);
+ }
+ else
+ {
+ dhparams_file = talloc_strdup (main_ctx, "./dhparams.pem");
+ }
+ CHECK_MEM (dhparams_file);
+
ret = sscg_io_utils_add_output_file (options->streams,
SSCG_FILE_TYPE_DHPARAMS,
- options->dhparams_file,
+ dhparams_file,
options->dhparams_mode);
CHECK_OK (ret);
@@ -281,28 +292,36 @@ main (int argc, const char **argv)
/* Create DH parameters file */
- bp = GET_BIO (SSCG_FILE_TYPE_DHPARAMS);
- if (options->dhparams_prime_len > 0)
+ if ((bp = GET_BIO (SSCG_FILE_TYPE_DHPARAMS)))
{
- ret = create_dhparams (options->verbosity,
- options->dhparams_prime_len,
- options->dhparams_generator,
- &dhparams);
- CHECK_OK (ret);
+ if (options->dhparams_prime_len > 0)
+ {
+ ret = create_dhparams (options->verbosity,
+ options->dhparams_prime_len,
+ options->dhparams_generator,
+ &dhparams);
+ CHECK_OK (ret);
+ }
+ else
+ {
+ ret = get_params_by_named_group (options->dhparams_group, &dhparams);
+ CHECK_OK (ret);
+ }
+
+ /* Export the DH parameters to the file */
+ sret = PEM_write_bio_Parameters (bp, dhparams);
+ CHECK_SSL (sret, PEM_write_bio_Parameters ());
+ ANNOUNCE_WRITE (SSCG_FILE_TYPE_DHPARAMS);
+ EVP_PKEY_free (dhparams);
}
- else
+ else if (options->dhparams_file)
{
- ret = get_params_by_named_group (options->dhparams_group, &dhparams);
- CHECK_OK (ret);
+ /* A filename was explicitly passed, but it couldn't be created */
+ ret = EPERM;
+ fprintf (stderr, "Could not write to %s: ", options->dhparams_file);
+ goto done;
}
- /* Export the DH parameters to the file */
- sret = PEM_write_bio_Parameters (bp, dhparams);
- CHECK_SSL (sret, PEM_write_bio_Parameters ());
- ANNOUNCE_WRITE (SSCG_FILE_TYPE_DHPARAMS);
- EVP_PKEY_free (dhparams);
-
-
/* Set the final file permissions */
sscg_io_utils_finalize_output_files (options->streams);
--
2.38.1

32
SOURCES/0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
Unescape View File

@ -0,0 +1,32 @@
From e65a507c487a37dd5a8c90b7dbd1ff3274146239 Mon Sep 17 00:00:00 2001
From: Simon Chopin <simon.chopin@canonical.com>
Date: Mon, 13 Dec 2021 15:20:55 +0100
Subject: [PATCH 5/5] dhparams: Fix the FIPS_mode() call for OpenSSL 3.0
This function has been removed from OpenSSL 3.0, replaced by
EVP_default_properties_is_fips_enabled().
Closes #50
---
src/dhparams.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/dhparams.c b/src/dhparams.c
index 5c50128970d48790df910b9f9531e61e1d4c5758..61fd57aeedca47fba49f75d356cd5f42b9586696 100644
--- a/src/dhparams.c
+++ b/src/dhparams.c
@@ -231,7 +231,11 @@ is_valid_named_group (const char *group_name)
}
/* Check non-FIPS groups */
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (!FIPS_mode ())
+#else
+ if (!EVP_default_properties_is_fips_enabled(NULL))
+#endif
{
i = 0;
while (dh_nonfips_groups[i])
--
2.31.1

315
SPECS/sscg.spec
Unescape View File

@ -0,0 +1,315 @@
%global provider github
%global provider_tld com
%global project sgallagher
%global repo sscg
# https://github.com/sgallagher/sscg
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
%global import_path %{provider_prefix}
Name: sscg
Version: 3.0.0
Release: 7%{?dist}
Summary: Simple SSL certificate generator
License: GPLv3+ with exceptions
URL: https://%{provider_prefix}
Source0: https://%{provider_prefix}/releases/download/%{repo}-%{version}/%{repo}-%{version}.tar.xz
BuildRequires: gcc
BuildRequires: libtalloc-devel
BuildRequires: openssl-devel
BuildRequires: popt-devel
BuildRequires: libpath_utils-devel
BuildRequires: meson
BuildRequires: ninja-build
BuildRequires: help2man
Patch: 0001-Drop-usage-of-ERR_GET_FUNC.patch
Patch: 0002-Correct-certificate-lifetime-calculation.patch
Patch: 0003-Truncate-IP-address-in-SAN.patch
Patch: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
Patch: 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
%description
A utility to aid in the creation of more secure "self-signed"
certificates. The certificates created by this tool are generated in a
way so as to create a CA certificate that can be safely imported into a
client machine to trust the service certificate without needing to set
up a full PKI environment and without exposing the machine to a risk of
false signatures from the service certificate.
%prep
%autosetup -p1
%build
%meson
%meson_build
%install
%meson_install
%check
%meson_test -t 10
%files
%license COPYING
%doc README.md
%{_bindir}/%{name}
%{_mandir}/man8/%{name}.8*
%changelog
* Fri Dec 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
- Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
- Related: rhbz#2083879
* Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
- Don't fail if default dhparams file can't be created
- Resolves: rhbz#2149064
* Wed Mar 09 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
- Handle IP addresses in subjectAlternativeName correctly
- Resolves: rhbz#2061923
* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
- Correct certificate lifetime calculation
- Resolves: rhbz#2017667
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Sat Aug 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-2
- Drop usage of removed macro ERR_GET_FUNC()
- Related: rhbz#1964837
* Wed Jul 21 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-1
- Release 3.0.0
- Support for OpenSSL 3.0
- Support for outputting named Diffie-Hellman parameter groups
- Support for CentOS Stream 9
- Resolves: rhbz#1984468
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-8
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Wed May 26 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-7
- OpenSSL 3.0 compatibility: fix RSA key-generation test
- Resolves: rhbz#1964837
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-5
- Fixing incorrect license declaration
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-4
- Updating to rebuild against the latest glibc
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-1
- Update to 2.6.2
- Handle very short and very long passphrases properly (fixes rhbz#1850183)
- Drop upstreamed patch
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-4
- Rebuild with corrected ELN macro definitions
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-3
- Don't bother running clang-format in the RPM build
- Lengthen the test timeout so ARM tests pass
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-1
- Bugfixes from upstream
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-2
- Fix incorrect help description for --client-key-file
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-1
- Update to 2.6.0
- Can now generate an empty CRL file.
- Can now create and store a Diffie-Hellman parameters (dhparams) file.
- Support for setting a password on private keys.
- Support for generating a client authentication certificate and key.
- Better support for OpenSSL 1.0
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.1-1
- Update to 2.5.1
- Fixes discovered by automated testing.
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.0-1
- Update to 2.5.0
- Auto-detect the hash algorithm to use by default.
* Tue Nov 27 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-1
- Update to 2.4.0
- Autodetect the minimum key strength from the system security level.
- Disallow setting a key strength below the system minimum.
- Drop upstreamed patches
* Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
- Add a manpage.
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Feb 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-1
- Update to 2.3.3
- Do not overwrite destination files without --force
* Thu Jan 25 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.2-1
- Update to 2.3.2
- Properly support hostnames up to 64 characters
- Resolves: rhbz#1535537
* Tue Jan 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.1-2
- Skip tests on 32-bit ARM for now
* Tue Jan 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.1-1
- Update to 2.3.1
- Bundle popt 1.16 on older releases like EPEL.
* Mon Dec 18 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.3.0-1
- Update to 2.3.0
- Switch to meson build system
- Add support for non-DNS subjectAlternativeName values (issue #4)
* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.2.0-1
- Reorder combined PEM file
- Resolves: RHBZ#1494208
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.1.0-1
- Add --email argument for setting emailAddress in the issuer
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Apr 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.4-2
- Bump release to perform taskotron tests
* Tue Mar 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.4-1
- Update to 2.0.4
- Addresses a potential race-condition when the key and certificate share the
same file.
* Wed Mar 08 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.3-1
- Update to 2.0.3
- Adds support for setting the file mode on the output certificates
and keys.
* Fri Mar 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.2-1
- Update to 2.0.2
- Always run with umask(077)
* Fri Mar 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.1-1
- Update to 2.0.1
- Fix an issue with passing certificate lifetime explicitly
* Thu Feb 16 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.0-1
- Update to 2.0.0
* Thu Feb 16 2017 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-6
- Exclude PPC64 from the build since it doesn't support linking to OpenSSL
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Nov 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-4
- Use compat-openssl10-devel on F26+
* Thu Jul 21 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-3
- https://fedoraproject.org/wiki/Changes/golang1.7
* Tue May 31 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
- Debundle spacelog
* Wed May 25 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1
- Update to 1.1.0
- Add support for signing service keys with an existing CA
* Wed May 25 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
- Add support for exporting the CA private key
- Fix incorrect output from -version
- Add README.md
* Tue May 24 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
- Only sign certificates after all extensions have been added
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
- Generate x509v3 certificates
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
- Fix issue with temporary file creation
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
- New upstream release 1.0.0
- Rewritten in Go
- Runtime depends only on OpenSSL, no more Python
- Support for writing certificate and key in a single file
* Wed May 18 2016 Stephen Gallagher <sgallagh@redhat.com> - 0.4.1-4
- Add requirement on python-setuptools
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Mar 30 2015 Stephen Gallagher <sgallagh@redhat.com> 0.4.1-1
- Change default CA location to match service certificate
- Improve error handling
* Tue Mar 24 2015 Stephen Gallagher <sgallagh@redhat.com> 0.4.0-1
- Spec file cleanups
- PEP8 Cleanups
- Make location arguments optional
* Mon Mar 23 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.0-1
- Rename to sscg
- Only build with default python interpreter
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2.1-1
- Include the LICENSE file in the tarball
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2-2
- Include the license in the build RPMs
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2-1
- Add support for namedConstraints
- Add support for subjectAltNames
- Fix packaging issues from Fedora package review
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-2
- Update BuildRequires
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
- First packaging
Write Preview
Loading…
Cancel
Save