1.7.0 (2017-12-14)

  • Django 2.0 is now fully supported. This release still supports Django 1.8, 1.10 and 1.11.

  • Add support for the TLSFeature extension.

  • Do sanity checks on the pathlen attribute when creating Certificate Authorities.

  • Add sanity checks when creating CAs:

    • When creating an intermediate CA, check the pathlen attribute of the parent CA to make sure that the resulting CA is not invalid.

    • Refuse to add a CRL or OCSP service to root CAs. These attributes are not meaningful there.

  • Massively update documentation for the command-line interface.

  • CAs can now be identified using name or serial (previously: only by serial) in CA_OCSP_URLS.

  • Make fab init_demo a lot more useful by signing certificates with the client CA and include CRL and OCSP links.

  • Run fab init_demo and documentation generation through Travis-CI.

  • Always display all extensions in the django admin interface.

  • NameConstraints are now delimited using a , instead of a ;, for consistency with other parameters and so no bash special character is used.

Bugfixes

  • Check for permissions when downloading certificates from the admin interface. Previously, users without admin interface access but without permissions to access certificates, where able to guess the URL and download public keys.

  • Add a missing migration.

  • Fix the value of the CRLDistributionPoints x509 extension when signing certificates with Python2.

  • The Content-Type header of CRL responses now defaults to the correct value regardless of type (DER or PEM) used.

  • If a wrong CA is specified in CA_OCSP_URLS, an OCSP internal error is returned instead of an uncaught exception.

  • Fix some edge cases for serial conversion in Python2. Some serials where converted with an “L” prefix in Python 2, because hex(0L) returns "0x0L".