Certomancer 0.12.0 beta

The release artifacts have been published to PyPI.

Certomancer 0.11.0 beta

The release artifacts have been published to PyPI.

New features

• Allow generating OCSP responses without nextUpdate

Certomancer 0.10.0 beta

The release artifacts have been published to PyPI.

• Release workflow using GitHub actions and Sigstore.

0.9.1 beta

What's Changed

• Python 3.11 support

Full Changelog: 0.9.0...0.9.1

0.9.0 beta

What's Changed

• Add mypy support by @MatthiasValvekens in #7
• Standardise on black.
• Add rudimentary PKCS#11 writing support ("Alchemist")

Full Changelog: 0.8.3...0.9.0

0.8.3 beta

This is a maintenance release to address a number of bugs and development setup issues.

What's Changed

• password type is Optional[bytes] not str by @peteris-zealid in #3
• provide example for key generation by @peteris-zealid in #1
• AIO test upgrades by @MatthiasValvekens in #6
• Reinstate asn1crypto registration of AA types by @MatthiasValvekens in #5 (see also #4)
• Miscellaneous issues: tzlocal import was corrected, key loading errors were consolidated.

New Contributors

• @peteris-zealid made their first contribution in #3

Full Changelog: 0.8.2...0.8.3

0.8.2 beta

This is a maintenance release to upgrade asn1crypto to 1.5.0, which allows us to drop the compatibility shims for EdDSA and attribute certificate encoding.

0.8.1 beta

This is a bugfix release for 0.8.0, addressing an issue with Certomancers mock TSA server. Previously, sending a timestamp request without a nonce would result in an error. This patch release addresses that issue.

0.8.0 beta

Note: Certomancer's initially planned set of features is now more or less complete. While some reorganisation, minor enhancements and bugfixes may still occur, no major new features will be added between this release and 1.0.0.

This release introduces pluggable certificate profiles as a more convenient way of setting up certificate extensions across many certificates at once. Further details and examples are in the documentation.

The following miscellaneous changes are also part of this release:

• The certomancer.registry module was refactored into a package. Since not all original members are reexported at the package level, there may be some degree of breakage in existing calling code.
• Certomancer now attempts (by default) to ensure that it generates only one copy of any given extension on a given certificate (taking into account templates and profiles), since that's typically what you want when generating test certificates. If you really need duplicate extensions, set unique-extensions: false.
• There was a minor bug with the auto-assignment of authorityKeyIdentifier extension, which could fail in some cases if the issuer's certificate did not have a subjectKeyIdentifier extension. Since Certomancer always provides a value for that extension, this bug could only be triggered on user-imported CA certificates that do not conform to RFC 5280.

0.7.1 alpha

This bugfix release bumps pyhanko-certvalidator to 0.19.2, and patches a bug with the tagging of the issuer field in attribute certificates.