1.7.0 (2017-12-14)¶
Django 2.0 is now fully supported. This release still supports Django 1.8, 1.10 and 1.11.
Add support for the TLSFeature extension.
Do sanity checks on the
pathlen
attribute when creating Certificate Authorities.Add sanity checks when creating CAs:
When creating an intermediate CA, check the
pathlen
attribute of the parent CA to make sure that the resulting CA is not invalid.Refuse to add a CRL or OCSP service to root CAs. These attributes are not meaningful there.
Massively update documentation for the command-line interface.
CAs can now be identified using name or serial (previously: only by serial) in CA_OCSP_URLS.
Make
fab init_demo
a lot more useful by signing certificates with the client CA and include CRL and OCSP links.Run
fab init_demo
and documentation generation through Travis-CI.Always display all extensions in the django admin interface.
NameConstraints are now delimited using a
,
instead of a;
, for consistency with other parameters and so no bash special character is used.
Bugfixes¶
Check for permissions when downloading certificates from the admin interface. Previously, users without admin interface access but without permissions to access certificates, where able to guess the URL and download public keys.
Add a missing migration.
Fix the value of the CRLDistributionPoints x509 extension when signing certificates with Python2.
The
Content-Type
header of CRL responses now defaults to the correct value regardless of type (DER or PEM) used.If a wrong CA is specified in CA_OCSP_URLS, an OCSP internal error is returned instead of an uncaught exception.
Fix some edge cases for serial conversion in Python2. Some serials where converted with an “L” prefix in Python 2, because
hex(0L)
returns"0x0L"
.