###################
1.12.0 (2019-04-02)
###################

* Fix traceback when a certificate that does not exist is viewed in the admin interface.
* Add support for cryptography 2.5 and 2.6.
* Start using `Django storage backends <https://docs.djangoproject.com/en/2.1/ref/files/storage/>`_ for files
  used by django-ca. This allows you to store files on a shared storage system (e.g. one from `django-storages
  <https://django-storages.readthedocs.io/>`_) to support a redundant setup.
* Add support for ``PrecertPoison`` and ``django_ca.extensions.OCSPNoCheck`` extensions.
* Implement the ``django_ca.extensions.PrecertificateSignedCertificateTimestamps`` extension, currently can
  only be used for reading existing certificates.
* Optimize PrecertificateSignedCertificateTimestamps in Django admin view.
* Make sure that all extensions are always hashable.
* Switch Docker image to `Alpine Linux 3.9 <https://www.alpinelinux.org/posts/Alpine-3.9.0-released.html>`_.
* **BACKWARDS INCOMPATIBLE:** Drop support for Python 3.4.
* **BACKWARDS INCOMPATIBLE:** Drop support for Django 2.0.
* **BACKWARDS INCOMPATIBLE:** Drop support for cryptography 2.1.
* **DEPRECATION NOTICE:** This is the last release to support cryptography 2.2.
* **DEPRECATION NOTICE:** This is the last release to support idna 2.6.

***********************
Django File storage API
***********************

**django-ca** now uses the `File storage API <https://docs.djangoproject.com/en/2.1/ref/files/storage/>`_ to
store CA private keys as well as files configured for OCSP views. This allows you to use different storage
backends (e.g. from `django-storages <https://django-storages.readthedocs.io/>`_) to store files on a
file system shared between different servers, e.g. to provide a redundant setup.

.. NOTE::

   The switch does require some manual intervention when upgrading. The old way of storing files is still
   supported and will continue to work until version 1.14. Please see previous versions for information on how
   to upgrade.

* Use file storage API for reading/writing private keys of CAs.
* Use file storage API for reading the responder key and certificate for OCSP.
* New settings :ref:`CA_FILE_STORAGE <settings-ca-file-storage>` and :ref:`CA_FILE_STORAGE_KWARGS
  <settings-ca-file-storage-kwargs>` to configure file storage.

****
OCSP
****

* Re-implement OCSP using cryptography, used only if cryptography>=2.4 is installed.
* ``django_ca.views.OCSPBaseView.responder_key`` may now also be a relative path to be used with the
  Django storage system.
* ``django_ca.views.OCSPBaseView.responder_cert`` may now also be a relative path to be used with the
  Django storage system.
* ``django_ca.views.OCSPBaseView.responder_cert`` may now also be a preloaded certificate. If you still use
  ``cryptography<2.4`` use a ``oscrypto.asymmetric.Certificate``, for newer versions you must use a
  :py:class:`cg:cryptography.x509.Certificate`.
* Fix log output string interpolation issue in OCSP responder.