1.12.0 (2019-04-02)

  • Fix traceback when a certificate that does not exist is viewed in the admin interface.

  • Add support for cryptography 2.5 and 2.6.

  • Start using Django storage backends for files used by django-ca. This allows you to store files on a shared storage system (e.g. one from django-storages) to support a redundant setup.

  • Add support for PrecertPoison and django_ca.extensions.OCSPNoCheck extensions.

  • Implement the django_ca.extensions.PrecertificateSignedCertificateTimestamps extension, currently can only be used for reading existing certificates.

  • Optimize PrecertificateSignedCertificateTimestamps in Django admin view.

  • Make sure that all extensions are always hashable.

  • Switch Docker image to Alpine Linux 3.9.

  • BACKWARDS INCOMPATIBLE: Drop support for Python 3.4.

  • BACKWARDS INCOMPATIBLE: Drop support for Django 2.0.

  • BACKWARDS INCOMPATIBLE: Drop support for cryptography 2.1.

  • DEPRECATION NOTICE: This is the last release to support cryptography 2.2.

  • DEPRECATION NOTICE: This is the last release to support idna 2.6.

Django File storage API

django-ca now uses the File storage API to store CA private keys as well as files configured for OCSP views. This allows you to use different storage backends (e.g. from django-storages) to store files on a file system shared between different servers, e.g. to provide a redundant setup.

Note

The switch does require some manual intervention when upgrading. The old way of storing files is still supported and will continue to work until version 1.14. Please see previous versions for information on how to upgrade.

  • Use file storage API for reading/writing private keys of CAs.

  • Use file storage API for reading the responder key and certificate for OCSP.

  • New settings CA_FILE_STORAGE and CA_FILE_STORAGE_KWARGS to configure file storage.

OCSP

  • Re-implement OCSP using cryptography, used only if cryptography>=2.4 is installed.

  • django_ca.views.OCSPBaseView.responder_key may now also be a relative path to be used with the Django storage system.

  • django_ca.views.OCSPBaseView.responder_cert may now also be a relative path to be used with the Django storage system.

  • django_ca.views.OCSPBaseView.responder_cert may now also be a preloaded certificate. If you still use cryptography<2.4 use a oscrypto.asymmetric.Certificate, for newer versions you must use a cryptography.x509.Certificate.

  • Fix log output string interpolation issue in OCSP responder.