Skip to content

1.12.0 (2019-04-02)
Compare
Choose a tag to compare
@mathiasertl mathiasertl released this 02 Apr 20:23
1.12.0
This tag was signed with the committer’s verified signature. The key has expired.
mathiasertl Mathias Ertl
GPG key ID: 70BD9664FA3947CD
Expired
Learn about vigilant mode.
c236b77
  • Fix traceback when a certificate that does not exist is viewed in the admin interface.
  • Add support cryptography 2.5 and 2.6.
  • Start using Django storage backends for files used by django-ca. This allows you to store files on a shared storage system (e.g. one from django-storages to support a redundant setup.
  • Add support for PrecertPoison and OCSPNoCheck extensions.
  • Implement the PrecertificateSignedCertificateTimestamps extension, currently can only be used for reading existing certificates.
  • Optimize PrecertificateSignedCertificateTimestamps in Django admin view.
  • Make sure that all extensions are always hashable.
  • Switch Docker image to Alpine Linux 3.9.
  • BACKWARDS INCOMPATIBLE: Drop support for Python 3.4.
  • BACKWARDS INCOMPATIBLE: Drop support for Django 2.0.
  • BACKWARDS INCOMPATIBLE: Drop support for cryptography 2.1.
  • DEPRECATION NOTICE: This is the last release to support cryptography 2.2.
  • DEPRECATION NOTICE: This is the last release to support idna 2.6.

Django File storage API

django-ca now uses the File storage API to store CA private keys as well as files configured for OCSP views. This allows you to use different storage backends (e.g. from django-storages to store files on a filesystem shared between different servers, e.g. to provide a redundant setup.

NOTE: The switch does require some manual intervention when upgrading. The old way of storing files is still supported and will continue to work until version 1.14. Please see the upgrade notes for information on how to upgrade.

  • Use file storage API for reading/writing private keys of CAs.
  • Use file storage API for reading the responder key and certificate for OCSP.
  • New settings CA_FILE_STORAGE and CA_FILE_STORAGE_KWARGS to configure file storage.

OCSP

  • Reimplement OCSP using cryptography, used only if cryptography>=2.4 is installed.
  • django_ca.views.OCSPBaseView.responder_key may now also be a relative path to be used with the Django storage system.
  • django_ca.views.OCSPBaseView.responder_cert may now also be a relative path to be used with the Django storage system.
  • django_ca.views.OCSPBaseView.responder_cert may now also be a pre-loaded certificate. If you still use cryptography<2.4 use a oscrypto.asymmetric.Certificate, for newer versions you must use a cryptography.x509.Certificate.
  • Fix log output string interpolation issue in OCSP responder.
Assets 2
Loading