1.14.0 (2019-11-03)¶
regenerate_ocsp_keys
now has a quiet mode and only generates keys where the CA private key is available.Minor changes to make the release compatible with Django 3.0a1.
Introduce a new, more flexible format for the The format of the CA_PROFILES setting. The new Profiles page provides more information.
New dependency: six, since Django 3.0 no longer includes it.
New dependency: asn1crypto, since cryptography no longer depends on it.
Serials are now zero-padded when output so that the last element always consists of two characters.
More consistently output serials with colons, use a monospace font in the admin interface.
Fix profile selection in the admin interface.
Fix display of values from CSR in the admin interface.
Add a copy-button next to values from the CSR to enable easy copy/paste from the CSR.
Test suite now includes Selenium tests for all JavaScript functionality.
dev.py coverage
can now output a text summary using--format=text
.
Backwards incompatible changes¶
Drop support for cryptography 2.3 and 2.4.
Drop support for idna 2.7.
Extensions now always expect a dict or a cryptography extension as a value. Anything else was unused in practice.
django_ca.extensions.KeyUsage
,django_ca.extensions.ExtendedKeyUsage
anddjango_ca.extensions.TLSFeature
now behave like an ordered set and support all operators that a set does.Running an OCSP responder using
oscrypto
/ocspbuilder
is no longer supported.
Extensions¶
django_ca.extensions.KeyUsage
is now marked as critical by default.django_ca.extensions.ExtendedKeyUsage
now supports theanyExtendedKeyUsage
OID.
Deprecation notices¶
This is the last release to support Python 2.7.
This is the last release to support cryptography 2.5 and 2.6.
This is the last release to be tested with Alpine 3.7.
This is the last release to support updating CA private keys to the filestorage API. manage.py migrate_ca will be removed in the next release.
This will be the last release to support the
ca_crl
setting inCertificateRevocationListView
.Certificate.objects.init()
has been deprecated in favor ofCertificate.objects.create_cert()
. The old method will be removed indjango-ca==1.16
.get_cert_profile_kwargs()
was only used byCertificate.objects.init()
and will thus also be removed indjango-ca==1.16
.The old format for
CA_PROFILES
will be supported untildjango-ca==1.16
. Please see previous versions for migration instructions.