PKI/Security Labs
2008-Oct-9:
* Fixed OpenSolaris Installation Problems (perl and openssl
compatibility issues)
2008-Oct-7:
* Fixed extra refs link problem
* Fixed binary pacakge building (missing files in the distro)
2008-Oct-1:
* Fixed CRL auto generation inter-CRL issuing period calculation
(a bug made the system to issue a crl every minute if 'hours'
period type was selected)
2008-Oct-2:
* Added the 'info' option within the input for certificate requests
(can be used to add information links to the input command).
* Added the possibility to view the LOAs
* Added configuration of the list of request types
* Fixed basic certificate display
2008-Oct-1:
* Fixed IE7 on non-Vista OS (to work with the new request system)
2008-Sep-30:
* Changed the Advanced and Authenticated forms - now the strength
of the Key depends on the LOA selected (from loa.xml config file
in PREFIX/etc)
2008-Sep-25:
* Added Minimum Certificate Validity Period for Expiring email
sending (automatically)
* Added extensive information in the Auto(*) daemon activation
pages - to explain the available configuration options.
2008-Sep-25:
* Finished AutoEmail daemon for automatic E-Mail sending (both
for newly issued certificates and for expiring certificate
warnings)
* Added the possibility for searching for attributes with multiple
values (eg., multiple roles or LOA for certs)
2008-Sep-23:
* Finished AutoCRL daemon for issuing CRL automatically
* Added autoEmail daemon (automatic E-Mail sending)
* Fixed loading/saving of parameters for Auto(*) daemons
* Extended report on the status for Auto(*) daemons
2008-Sep-23:
* Fixed CRL and Certificates auto status update (valid/expired)
* Added AutoCRL daemon (needs additional work)
* Added new functions to misc-utils.lib for managing process status
verification and parameter configuration save/restore.
2008-Sep-21:
* Fixed search of objects and extra-refs for lists
* Fixed DSA and ECDSA e-mail problems (no encryption is supported)
* Fixed retrieval of requested certificates when the key
is generated on the server (eg., a .p12 is returned now)
2008-Sep-12:
* Updated OpenCA.xs to support OpenSSL 0.9.8+
* Added support for ECDSA for Certificate Requests and
CA Certificate generation
2008-Sep-9:
* Ported LDAP, BATCH, PUB, RA to new Interface systems.
2008-Sep-5:
* Fixed CA interface - no more frames
2008-Sep-5:
* Added dynamic Menus to Interfaces (i18n support retained)
2008-Aug-14:
* Fixed default web user for all interfaces (now is admin)
* Fixed incompatibility error with startAutoCA cmd on perl-5.10
2008-Aug-08:
* Changed the default digest algorithm to sha256 (instead of sha1)
* Finished configuration for the new installer interface
* Added "Congratulations!" and Mailing Lists subscription options
for package installation
2008-Jul-05:
* Fixed Agreements default text
2008-Jun-25:
* Fixed DBI 'utf-8' problem with mysql
* Added missing files in CVS repository
* Set default pub interface protocol to http (not https)
* Fixed perl modules installation (error in Makefile)
* Fixed X-Site scripting protection string generation (now
correctly fixes all links in the page)
2008-Jun-23:
* Fixed On-Line CA Daemon status report
* Fixed Error when sending the CRIN - DSA can not encrypt!
2008-Jun-05:
* Added On-Line CA Daemon - Automatic certificate issuing
2008-May-14:
* Fixed lists (REQ, CERTS, etc... ) display (more readable)
2008-May-09:
* Added Level of Assurance Checking (Key Algorithm, Key Generation
Mode and Key Size)
* Added support for requestStatus to request configuration for
automatically approved requests (values can be one of NEW,
PENDING, or APPROVED)
2008-May-09:
* Fixed support for Konqueror for certificate request
* Added support for ldaps and starttls for ldap authenticated
browser requests (datasources.xml)
2008-May-08:
* Added authenticated (ldap) browser request form
(auth_browser_req.xml)
2008-May-06:
* Added a defaul logo page (instead of software version one)
2008-May-05:
* Added support for the new certificate request form for CA
initialization
* Fixed a space-tolerance in RDNs
* Simplified the Certificate Request Page
* Added new certificate request form (first version)
2008-Apr-19:
* Updated script code (no more VB - only javascript)
* Fixes support for IE7 on non-Vista platforms (Win2003,XP, etc..)
2008-Apr-09:
* Finished support for Vista (IE7)
2008-Apr-05:
* Added Vista Support (IE7) for certificate request
2008-Apr-04:
* Added DC fields in CA Certificate Request
* Added possibility to specify the subjectAltName via the CA
interface when self-signing the CA certificate
2008-Mar-30:
* Added Browser and OS recognition in initCGI
* Initial support for IE7+Vista request generation (ieVistaCSR.js)
2008-Mar-27:
* Fixed DN parsing in OpenSSL.pm and REQ.pm to allow bogus DNs
from Windows 2003 server (problem reported by Dmitrij Mironov)
2008-Mar-26:
* Added LDAP protocol version selection in config.xml (default 3)
* Added possibility to generate DSA keys, reqs, and certs via
the web interface (eg., for RA/CA operators)
* Added CRL Revocation Code in CRRs
* Fixed several errors in the default RBAC definitions (ACL)
* Fixed name extension when sending .p12 files to the user
2008-Mar-22:
* Applied patch from Alexander Klink (cross-site scripting security fix)
* Fixed generation of index.txt file (thanks to Diego de Felice)
2008-Mar-21:
* Fixed --with-service-email-account (thanks to Robert Nelson)
* Eliminated debugging info when web-signing (thx to Robert Nelson)
* Added ca_organization, ca_locality, ca_state and ca_country in
etc/config.xml using configure
2008-Mar-20:
* Fixed cleanup of directories and ext-modules dependecies
2007-Nov-07:
* Fixed menu generation issue that would prevent Safari from
correctly navigating the menu
2007-Apr-10:
* v0.9.3-rc2
* Added autoconfig of etc/*.template on openca start
* Fixed an error in configure_etc.sh script
* Added user/password configuration in config.xml
* Added dir OPENCA/var/crypto/crls/ dir (missing in packages) that
caused the issuing of CRLs to fail