1.11.0 (2018-12-29)
1.11.0
mathiasertl
Mathias Ertl
This tag was signed with the committer’s verified signature.
The key has expired.
mathiasertl
Mathias Ertl
- Remove colons from CA private keys (fixes #29).
- Filenames for downloading certificates are based on the CommonName (fixes #53).
- Fix certificate bundle order (fixes #55).
- Management commands
dump_caanddump_certcan now dump whole certificate bundles. - New setting CA_DEFAULT_KEY_SIZE to configure the default key size for new CAs.
- Fix display of the NameConstraints extension in the admin interface.
- Further optimize the Docker image size (~235MB -> ~140MB).
Deprecation Notices
This release will be the last release to support some software versions:
- This will be the last release that supports for Python 3.4 (see Status of Python branches).
- This will be the last release that supports for Django 2.0 (see Supported Versions).
- This will be the last release that supports cryptography 2.1.
Python API
- BACKWARDS INCOMPATIBLE: Renamed the
subjectAltNameparameter of Certificate.objects.init() tosubject_alternative_nameto be consistent with other extensions. - Document how to use the
name_constraintsparameter in CertificateAuthority.objects.init(). - Extensions can now always be passed as django_ca.extensions.Extension subclass or as any value accepted by the constructor of the specific class.
- Add ability to add any custom additional extension using the
extra_extensionsparameter. - django_ca.subject.Subject now implements every
dictmethod. - The pre_issue_cert signal will now receive normalized values.
- The pre_issue_cert signal is only invoked after all parameters are verified.
- Implement the AuthorityInformationAccess, BasicConstraints, IssuerAlternativeName, SubjectAlternativeName and NameConstraints extensions.
Testing
- Add cryptography 2.4.2 to the test-suite.
- Add the
docker_testsetup.py command to test the image using various alpine-based images. - Test for certificates that are not yet valid.
- The child CA used for testing now contains more extensions.
- Freeze time in some test cases to avoid test failures when certificates eventually expire.
- Test some documentation pages, to make sure they are actually correct.