1.11.0 (2018-12-29)

  • Remove colons from CA private keys (fixes #29).

  • Filenames for downloading certificates are based on the CommonName (fixes #53).

  • Fix certificate bundle order (fixes #55).

  • Management commands dump_ca and dump_cert can now dump whole certificate bundles.

  • New setting CA_DEFAULT_KEY_SIZE to configure the default key size for new CAs.

  • Fix display of the NameConstraints extension in the admin interface.

  • Further optimize the Docker image size (~235MB -> ~140MB).

Deprecation Notices

This release will be the last release to support some software versions:

  • This will be the last release that supports for Python 3.4 (see Status of Python branches).

  • This will be the last release that supports for Django 2.0 (see Supported Versions).

  • This will be the last release that supports cryptography 2.1.

Python API

  • BACKWARDS INCOMPATIBLE: Renamed the subjectAltName parameter of Certificate.objects.init() to subject_alternative_name to be consistent with other extensions.

  • Document how to use the name_constraints parameter in CertificateAuthority.objects.init()

  • Extensions can now always be passed as django_ca.extensions.base.Extension subclass or as any value accepted by the constructor of the specific class.

  • Add ability to add any custom additional extension using the extra_extensions parameter.

  • django_ca.subject.Subject now implements every dict method.

  • The ~django_ca.signals.pre_issue_cert signal will now receive normalized values.

  • The ~django_ca.signals.pre_issue_cert signal is only invoked after all parameters are verified.

  • Implement the django_ca.extensions.AuthorityInformationAccess, django_ca.extensions.BasicConstraints, django_ca.extensions.IssuerAlternativeName, django_ca.extensions.SubjectAlternativeName and django_ca.extensions.NameConstraints extensions.

Testing

  • Add cryptography 2.4.2 to the test-suite.

  • Add the setup.py docker_test command to test the image using various alpine-based images.

  • Test for certificates that are not yet valid.

  • The child CA used for testing now contains more extensions.

  • Freeze time in some test cases to avoid test failures when certificates eventually expire.

  • Test some documentation pages, to make sure they are actually correct.