Fixed MIME types sent for M$ IE in cgi-bin/get-cert.py
(application/pkix-cert, see
RFC 2585).
cgi-bin/get-cert.py can be called with path info
"extension" specifying the output format
(.der, .pem, .b64).
URLs pointing to get-cert.py have suffix .crt or .crl
for defining a pseudo "file type".
This triggers certificate/CRL handling in older versions
of M$ IE which do not properly use the MIME-type for determining
the file type.
Massive modifications to default configuration file
shipped with package. The default configuration uses
a domainComponent root naming now.
Fixed bug concerning validity interval checking when
issuing sub CA certificates in ca-make.py.
Make use of parameter
caAdminMailAdr in
ca-certreq-mail.py
for forming From: address if CA certificate does not contain
Email attribute in subject DN.
Fixed case-handling of userCertificate atttibute in
certs2ldap.py. The currently used attriute type name is determined
and also used in displayed status messages.
bin/certs2ldap.py:
now handles multi-valued userCertificate
atttibutes correctly, can delete revoked or expired certificates,
can add new LDAP entries.
No LDIF file created by client-enroll.py anymore.
If anyone messed up the ownership and permission
of CA certificate and key file it's restored at the
beginning of ca-make.py while still running as root.
Removed input of parameter userpassword in cgi-bin/client-enroll.py
since it was never used. Well, the lack of a user administration
concept shows here...
Text for confirmation e-mail was altered to avoid the message
being caught by spam filters looking for string
"ignore this" in message body.
Correctly evaluate form field browsertype
in cgi-bin/client-enroll.py.
Applied patch to module vbs contributed by
Reiner Keller for fixing compability issues
with M$ IE 6.x.
Since most people did not configure the CA cert extensions
properly some weird settings were removed.
Removed german umlauts from all Python and HTML sources.
Applied fix to VBScript found in MS Knowledge Base article
Q323172.
This requires a patch from Microsoft to be installed.
Release 0.6.5 (2000-07-30)
Bug fixes
New script bin/ldap2certs for downloading certs
for stunnel
and build relay_clientcerts file for Postfix/TLS.
bin/certs2ldap.py now deletes revoked and expired
certs from LDAP server
cgi-bin/ns-revoke.py works now if web server has write access
to OpenSSL index.txt (not recommended)
Release 0.6.4 (2000-07-07)
Small bug fixes and cosmetic changes
Release 0.6.3 (1999-12-27)
Added parameter --nocrls to bin/ca2ldif.py
Displays SHA-1 fingerprints in view-cert.py and print-cacerts.py now
(mainly for users of M$ IE)
Release 0.6.2 (1999-11-23)
new program view-cert.py for displaying certificates
ca-revoke.py can issue new CRL immediately
Improved support M$ IE (VBScript code for choosing
cryptographic provider by
Michael Konietzka <ca-project@konietzka.de>)
Handling of missing or wrong parameter input
in client-enroll.py is much more user-friendly.
Input field for browser type (to avoid problems with users
coming through proxies).
Got rid of scripts in sbin/ importing pycacnf.py
by using parameters --config and --pycalib.
This might require some changes to an installation
(provide parameter in mail aliases, CRON jobs etc.)
ca-cycle-priv.py can be forced to issue CRLs with parameter
--issuecrls
Release 0.6.1 (1999-10-12)
Switched back to own parsing of cert datetime
since time.strptime() relys on glibc where strptime is broken!
Made certs2ldap.py a little bit more defensive.
Release 0.6.0 (1999-10-10)
Dropped support for configuration parameter caCertFormat!
Support for M$ Internet Explorer
(VBScript-Code inspired by contributions of
contributed by Jordi Floriach <jfloriach@afina.net>)
ns-enroll.py is obsoleted by the more general client-enroll.py
Complete rewrite of certs2ldap.py, the script for uploading
e-mail certificates to a LDAP repository.
Release 0.5.5 (1999-09-02)
Many bugfixes!
generate really unique IDs for cert requests
complete rewrite of ca2ldif.py
Small enhancements in user interface of CGI-BINs.
Release 0.5.4 (1999-07-17)
Minor bugfixes
Small enhancements in user interface of CGI-BINs
Restrictive ownership/permissions setting of files/directories in ca-make.py
Some small handy scripts for doing boring copying of CA certs
Release 0.5.3 (1999-06-19)
upgrade to OpenSSL 0.9.3a necessary
Many bugfixes and small enhancements
some changes to configuration (might be incompatible to previous
versions!!!)
Many improvements and fixes to ca-make.py:
flexible usage of files containing X.509v3 extensions for CA certs
Implemented setting the permissions of various files/dirs.
Better performance by reading configuration from
pre-compiled (pickled) conf file
Release 0.5.1 (1999-06-10)
upgrade to Python 1.5.2 necessary
some bugfixes and code cleaning
better documentation
some changes to configuration (might be incompatible to 0.4.5!!!)
allow defining the request form depending on specific certificate type
configuration of preferred certificate format
automatic publishing of certificates with informing user by e-mail
Release 0.4.5 (1999-05-23)
some minor bugfixes
some rudimental documentation
cgi-bin/browser-check.py for testing cryptographic features of browsers
usage of ca-fix executable to fix CA certs during ca-make.py
usage of DER certs possible to speed up downloading
abandoned get-crl.py, get-cert.py does this either