0.7.1 alpha

This bugfix release bumps pyhanko-certvalidator to 0.19.2, and patches a bug with the tagging of the issuer field in attribute certificates.

0.7.0 alpha

This update adds the following features:

• Attribute certificate support.
• A new subcommand (certomancer seance) to interact with Certomancer's mock OCSP responders from the CLI.

In addition, there are a number of miscellaneous tweaks & bug fixes:

• Fix OCSP request handling for requests without the nonce extension.
• Avoid leaving the extensions field in an OCSP response empty when there are no extensions, and just omit it entirely in that case.
• Improved service merging when using existing PKI architectures as templates.
• Detect instances of self-referential issuer-cert and throw immediately instead of blowing up the stack.
• Be more careful not to pollute certificate templates by storing template information before deriving default values for entries that depend on other entries.

0.6.0 alpha

This update adds the following features:

• Make Certomancer Animator easier to remount in WSGI (through SCRIPT_NAME). For convenience, an optional argument to animate was added as well.
• Added CLI arguments to override the external URL prefix specified in the configuration.
• Support including pregenerated certificates in the configuration
• Support key set templates
• Support reusing entire PKI architectures as templates for other ones.

The following miscellaneous were applied:

• Update pyhanko-certvalidator dependency in tests.
• Added some asynchronous tests (with pytest-aiohttp for compatibility with the pyhanko-certvalidator test suite, though any asyncio plugin for pytest should work)

0.5.0 alpha

Version 0.5.0 of Certomancer has been published on PyPi.

This update adds the following features:

• Backend-based system: Certomancer can now use both pyca/cryptography and oscrypto as backends. The former enables more features.
• EdDSA support (with pyca/cryptography)
• Better PSS support: PSS-exclusive keys, parameters (with pyca/cryptography).
• Allow extension values to be specified as raw DER bytes

The following bug fixes were applied:

• Correctly encode pre-2050 notBefore/notAfter
• Consistently use external URLs in Certomancer web UI

0.4.0 alpha

Version 0.4.0 of Certomancer has been published on PyPi.

This update adds the following two minor features:

• Manipulate Certomancer's (simulated) internal time on a per-request basis using the X-Certomancer-Fake-Time header.
• Make PKCS#12 passphrases controllable from the CLI.

Other than that, the release improves test coverage, fixes a number of minor bugs and improves the documentation.

0.3.0 alpha

Version 0.3.0 of Certomancer has been published on PyPi.

This update doesn't add any new features as such, but refactors and streamlines some of the internals. The way service URLs are computed has also changed (without impact on the end result). The optional "backdoor" API for Certomancer Animator has been re-homed under _certomancer/, to lower the chances of accidental name conflicts.

0.2.0 alpha

Version 0.2.0 of Certomancer has been published on PyPi.

This update fixes a boatload of bugs from the first preliminary release, and adds a more streamlined plugin system. The way keys are loaded also changed slightly: Certomancer now takes all paths relative to the config file location by default.

There's also a brand new docs folder with some documentation on how the config file is structured, and how to write your own plugins.

0.1.1 alpha

Version 0.1.1 of certomancer has been published on PyPi.

This is a (very) preliminary release; its primary purpose is to allow me to use certomancer in GitHub workflows for pyHanko.

The only change since the 0.1.0 tag is a backport fix to make some of the type hackery work under Python 3.7.