1.15.0 (2020-01-11)¶
Add support for Django 3.0.
The Docker image is now based on Alpine Linux 3.11.
The default project now supports configuring django-ca using YAML configuration files. Configuration using
localsettings.py
is now deprecated and will be removed indjango-ca>=1.18.0
.Start supporting Celery tasks to allow running tasks in a distributed, asynchronous task queue. Some tasks will automatically be run with Celery if it is enabled. Celery is used automatically if installed, but can always be disabled by setting
CA_USE_CELERY=False
.Drop dependency
six
(since we no longer support Python 2.7).Allow caching of CRLs via manage.py cache_crls.
The manage.py init_ca command will now automatically cache CRLs and generate OCSP keys for the new CA.
Support
POSTGRES_*
andMYSQL_*
environment variables to configure database access credentials in the same way as the Docker images for PostgreSQL and MySQL do.There now are setuptools extras for
redis
andcelery
, so you can install all required dependencies at once.Add
CA_PASSWORDS
setting to allow you to set the passwords for CAs with encrypted private keys. This is required for automated tasks where the private key is required.Add
CA_CRL_PROFILES
setting to configure automatically generated CRLs. Note that this setting will likely be moved to a more general setting for automatic tasks in future releases.django_ca.extensions.AuthorityKeyIdentifier
now also supports issuers and serials.parse_general_name()
now returns aGeneralName
unchanged, but throws an error if the name isn’t astr
otherwise.New class
django_ca.utils.GeneralNameList
for extensions that store a list of general names.Add support for the
django_ca.extensions.FreshestCRL
extension.Store CA private keys in the
ca/
subdirectory by default, the directory can be configured usingmanage.py init_ca --path=...
.
Backwards incompatible changes¶
Drop support for Python 2.7.
Drop support for cryptography 2.5 and 2.6.
Drop support for Alpine 3.8 (because PostgreSQL and MySQL depend on LibreSSL).
Removed the
manage.py migrate_ca
command. If you upgrade from before 1.12.0, upgrade to 1.14.0 first and update the file storage setting.Removed the
ca_crl
setting inCertificateRevocationListView
, usescope
instead.
Docker¶
Add a docker-compose.yml file to quickly launch a complete service stack.
Add support for Celery, MySQL, PostgreSQL and Redis.
Change the working directory to
/usr/src/django-ca/ca
, so manage.py can now be invoked usingpython manage.py
instead ofpython ca/manage.py
.Add a Celery startup script (
./celery.sh
).Add a NGINX configuration template at
nginx/default.template
.Static files are now included in a “collected” form, so they don’t have to collected on startup.
Generate OCSP keys and cache CRLs on startup.
Use BuildKit to massively speed up the Docker image build.
Bugfixes¶
Fix generation of CRLs and OCSP keys for CAs with a DSA private key.
Fix storing an empty list of CRL URLs in some corner cases (when the function receives an empty list).
Fix naming CAs via serial on the command line if the serial starts with a zero.
Consistently style serials in a monospace font in admin interface.
The
ocsp
profile used for OCSP keys no longer copies the CommonName (which is the same as in the CA) to to the SubjectAlternativeName extension. The CommonName is frequently a human-readable name in CAs.
Deprecation notices¶
This is the last release to support Django 1.11 and 2.1.
The Django project included in this git repository will stop loading
localsetttings.py
files indjango-ca>=1.18.0
.Certificate.objects.init()
andget_cert_profile_kwargs()
were deprecated in 1.14.0 and will be removed indjango-ca==1.16.0
. UseCertificate.objects.create_cert()
instead.The format for the
CA_PROFILES
setting has changed in 1.14.0. Support for the old format will be removed indjango-ca==1.17.0
. Please see previous versions for migration instructions.