From 0cddb04217bec12fdebaeb034e6635f09a58b71b Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 1 Sep 2023 08:21:27 -0400 Subject: [PATCH] Update README.md with latest usage Signed-off-by: Stephen Gallagher --- 0001-Extend-maximum-DNS-name-to-255.patch | 14 +-- ...DME.md-with-latest-usage-information.patch | 109 ++++++++++++++++++ 2 files changed, 116 insertions(+), 7 deletions(-) create mode 100644 0002-Update-README.md-with-latest-usage-information.patch diff --git a/0001-Extend-maximum-DNS-name-to-255.patch b/0001-Extend-maximum-DNS-name-to-255.patch index de809fa..7ce5725 100644 --- a/0001-Extend-maximum-DNS-name-to-255.patch +++ b/0001-Extend-maximum-DNS-name-to-255.patch @@ -1,7 +1,7 @@ -From 00fb4ba6ae29ed94b88675fa752f1c3e5c6fa85f Mon Sep 17 00:00:00 2001 +From 750dee2eded3b1c16e0434fa387d35a869545d9e Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 15 Feb 2023 15:49:38 -0500 -Subject: [PATCH] Extend maximum DNS name to 255 +Subject: [PATCH 1/2] Extend maximum DNS name to 255 The hostname part is still restricted to 63 characters @@ -17,7 +17,7 @@ Signed-off-by: Stephen Gallagher 5 files changed, 61 insertions(+), 14 deletions(-) diff --git a/include/sscg.h b/include/sscg.h -index 0f35631..f0c6d93 100644 +index 0f35631018dc2745e986cd1e7e094e3e37be8e54..f0c6d93b871e4bd3f2c805be8dfa7485ec34746a 100644 --- a/include/sscg.h +++ b/include/sscg.h @@ -313,6 +313,9 @@ enum sscg_cert_type @@ -31,7 +31,7 @@ index 0f35631..f0c6d93 100644 int sscg_handle_arguments (TALLOC_CTX *mem_ctx, diff --git a/src/arguments.c b/src/arguments.c -index 0b7a060..2f412be 100644 +index 0b7a060d31bed97130c7cb9b7feacf0876e25c0d..2f412bee1bee9620f28b6e84aed4aef17aee3a6a 100644 --- a/src/arguments.c +++ b/src/arguments.c @@ -786,10 +786,19 @@ sscg_handle_arguments (TALLOC_CTX *mem_ctx, @@ -99,7 +99,7 @@ index 0b7a060..2f412be 100644 { fprintf (stderr, diff --git a/src/authority.c b/src/authority.c -index 4efaa9e..f509fd4 100644 +index 4efaa9e730964b9762b59d0e6698c1623901ccfe..f509fd4316c3b7b230f99de6464491c319fc5d45 100644 --- a/src/authority.c +++ b/src/authority.c @@ -56,6 +56,7 @@ create_private_CA (TALLOC_CTX *mem_ctx, @@ -151,7 +151,7 @@ index 4efaa9e..f509fd4 100644 if (options->subject_alt_names) diff --git a/src/cert.c b/src/cert.c -index 99d9109..e36de71 100644 +index 99d9109f5981ef408aeb7d05a8327e1a38d5700a..e36de71e7ca9b34f87734542d5646b466cd61d4c 100644 --- a/src/cert.c +++ b/src/cert.c @@ -31,6 +31,7 @@ @@ -181,7 +181,7 @@ index 99d9109..e36de71 100644 if (options->subject_alt_names) { diff --git a/src/x509.c b/src/x509.c -index 4f3f11c..9f6f21b 100644 +index 4f3f11cd3411f00cf6de3a72ba897adc97944e35..9f6f21b49c2dd70629fed67d327027374eb21b15 100644 --- a/src/x509.c +++ b/src/x509.c @@ -290,12 +290,12 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx, diff --git a/0002-Update-README.md-with-latest-usage-information.patch b/0002-Update-README.md-with-latest-usage-information.patch new file mode 100644 index 0000000..4294050 --- /dev/null +++ b/0002-Update-README.md-with-latest-usage-information.patch @@ -0,0 +1,109 @@ +From ff2cf0e789cb62c1efbb95ee3f6ccd1958a9d10e Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Fri, 1 Sep 2023 08:19:01 -0400 +Subject: [PATCH 2/2] Update README.md with latest usage information + +Signed-off-by: Stephen Gallagher +--- + README.md | 55 +++++++++++++++++++++++++------------------------------ + 1 file changed, 25 insertions(+), 30 deletions(-) + +diff --git a/README.md b/README.md +index d15c3d955d03026e8a68c04870a5f97a20eb03d9..4d57138895443f228212a6c77209350432eecbd7 100644 +--- a/README.md ++++ b/README.md +@@ -26,8 +26,8 @@ Usage of sscg: + Usage: sscg [OPTION...] + -q, --quiet Display no output unless there is an error. + -v, --verbose Display progress messages. +- -d, --debug Enable logging of debug messages. Implies verbose. Warning! This will print +- private key information to the screen! ++ -d, --debug Enable logging of debug messages. Implies verbose. Warning! This will print private key information to the ++ screen! + -V, --version Display the version number and exit. + -f, --force Overwrite any pre-existing files in the requested locations + --lifetime=1-3650 Certificate lifetime (days). (default: 398) +@@ -37,57 +37,52 @@ Usage: sscg [OPTION...] + --organization=My Company Certificate DN: Organization (O). (default: "Unspecified") + --organizational-unit=Engineering, etc. Certificate DN: Organizational Unit (OU). + --email=myname@example.com Certificate DN: Email Address (Email). +- --hostname=server.example.com The valid hostname of the certificate. Must be an FQDN. (default: current system +- FQDN) +- --subject-alt-name alt.example.com Optional additional valid hostnames for the certificate. In addition to hostnames, +- this option also accepts explicit values supported by RFC 5280 such as +- IP:xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy May be specified multiple times. ++ --hostname=server.example.com The valid hostname of the certificate. Must be an FQDN. (default: current system FQDN) ++ --subject-alt-name alt.example.com Optional additional valid hostnames for the certificate. In addition to hostnames, this option also accepts ++ explicit values supported by RFC 5280 such as IP:xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy May be specified multiple ++ times. + --package=STRING Unused. Retained for compatibility with earlier versions of sscg. + --key-strength=2048 or larger Strength of the certificate private keys in bits. (default: 2048) + --hash-alg={sha256,sha384,sha512} Hashing algorithm to use for signing. (default: "sha256") + --cipher-alg={des-ede3-cbc,aes-256-cbc} Cipher to use for encrypting key files. (default: "aes-256-cbc") + --ca-file=STRING Path where the public CA certificate will be stored. (default: "./ca.crt") + --ca-mode=0644 File mode of the created CA certificate. +- --ca-key-file=STRING Path where the CA's private key will be stored. If unspecified, the key will be +- destroyed rather than written to the disk. ++ --ca-key-file=STRING Path where the CA's private key will be stored. If unspecified, the key will be destroyed rather than written ++ to the disk. + --ca-key-mode=0600 File mode of the created CA key. +- --ca-key-password=STRING Provide a password for the CA key file. Note that this will be visible in the +- process table for all users, so it should be used for testing purposes only. Use +- --ca-keypassfile or --ca-key-password-prompt for secure password entry. ++ --ca-key-password=STRING Provide a password for the CA key file. Note that this will be visible in the process table for all users, so ++ it should be used for testing purposes only. Use --ca-keypassfile or --ca-key-password-prompt for secure ++ password entry. + --ca-key-passfile=STRING A file containing the password to encrypt the CA key file. + -C, --ca-key-password-prompt Prompt to enter a password for the CA key file. +- --crl-file=STRING Path where an (empty) Certificate Revocation List file will be created, for +- applications that expect such a file to exist. If unspecified, no such file will +- be created. ++ --crl-file=STRING Path where an (empty) Certificate Revocation List file will be created, for applications that expect such a ++ file to exist. If unspecified, no such file will be created. + --crl-mode=0644 File mode of the created Certificate Revocation List. + --cert-file=STRING Path where the public service certificate will be stored. (default "./service.pem") + --cert-mode=0644 File mode of the created certificate. + --cert-key-file=STRING Path where the service's private key will be stored. (default "service-key.pem") + --cert-key-mode=0600 File mode of the created certificate key. +- -p, --cert-key-password=STRING Provide a password for the service key file. Note that this will be visible in the +- process table for all users, so this flag should be used for testing purposes +- only. Use --cert-keypassfile or --cert-key-password-prompt for secure password +- entry. ++ -p, --cert-key-password=STRING Provide a password for the service key file. Note that this will be visible in the process table for all users, ++ so this flag should be used for testing purposes only. Use --cert-keypassfile or --cert-key-password-prompt for ++ secure password entry. + --cert-key-passfile=STRING A file containing the password to encrypt the service key file. + -P, --cert-key-password-prompt Prompt to enter a password for the service key file. + --client-file=STRING Path where a client authentication certificate will be stored. + --client-mode=0644 File mode of the created certificate. + --client-key-file=STRING Path where the client's private key will be stored. (default is the client-file) + --client-key-mode=0600 File mode of the created certificate key. +- --client-key-password=STRING Provide a password for the client key file. Note that this will be visible in the +- process table for all users, so this flag should be used for testing purposes +- only. Use --client-keypassfile or --client-key-password-prompt for secure password +- entry. ++ --client-key-password=STRING Provide a password for the client key file. Note that this will be visible in the process table for all users, ++ so this flag should be used for testing purposes only. Use --client-keypassfile or --client-key-password-prompt ++ for secure password entry. + --client-key-passfile=STRING A file containing the password to encrypt the client key file. + --client-key-password-prompt Prompt to enter a password for the client key file. + --dhparams-file=STRING A file to contain a set of Diffie-Hellman parameters. (Default: "./dhparams.pem") +- --dhparams-named-group=STRING Output well-known DH parameters. The available named groups are: ffdhe2048, +- ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp_2048, modp_3072, modp_4096, +- modp_6144, modp_8192, modp_1536, dh_1024_160, dh_2048_224, dh_2048_256. (Default: +- "ffdhe4096") +- --dhparams-prime-len=INT The length of the prime number to generate for dhparams, in bits. If set to +- non-zero, the parameters will be generated rather than using a well-known group. +- (default: 0) ++ --no-dhparams-file Do not create the dhparams file ++ --dhparams-named-group=STRING Output well-known DH parameters. The available named groups are: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ++ ffdhe8192, modp_2048, modp_3072, modp_4096, modp_6144, modp_8192, modp_1536, dh_1024_160, dh_2048_224, ++ dh_2048_256. (Default: "ffdhe4096") ++ --dhparams-prime-len=INT The length of the prime number to generate for dhparams, in bits. If set to non-zero, the parameters will be ++ generated rather than using a well-known group. (default: 0) + --dhparams-generator={2,3,5} The generator value for dhparams. (default: 2) + + Help options: +-- +2.41.0 +