"SfR Fresh" - the SfR Freeware/Shareware Archive 
Member "openca-base-1.0.2/RELEASE-NOTES" of archive openca-base-1.0.2.tar.gz:
As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers.
Alternatively you can here view or download the uninterpreted source code file.
That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.
1
2 OpenCA 1.0.1 Release Notes
3 ==========================
4
5 This file documents major changes between releases, including new or
6 modified features and configuration file changes. Only major modifications
7 are listed, primarily those that can affect existing installations.
8
9 Before upgrading from a previous release please consider all changes, in
10 particular configuration file modifications, carefully.
11
12 For more details please refer to the CHANGES file.
13
14 ---------------------------------------------------------------------------
15 2008-Oct-10 - OpenCA 1.0.1 (Ten Ten)
16 Support for new browsers and OSes, DSA/ECDSA algors, new graphic Installer.
17 ---------------------------------------------------------------------------
18
19 Main changes from previous version:
20
21 * Added Minimum Certificate Validity Period for Expiring email sending
22 (automatically)
23 * Added extensive information in the Auto(*) daemon activation
24 pages - to explain the available configuration options.
25 * Finished AutoEmail daemon for automatic E-Mail sending (both
26 for newly issued certificates and for expiring certificate
27 warnings)
28 * Added the possibility for searching for attributes with multiple
29 values (eg., multiple roles or LOA for certs)
30 * Finished AutoCRL daemon for issuing CRL automatically
31 * Added autoEmail daemon (automatic E-Mail sending)
32 * Fixed loading/saving of parameters for Auto(*) daemons
33 * Extended report on the status for Auto(*) daemons
34 * Fixed CRL and Certificates auto status update (valid/expired)
35 * Added AutoCRL daemon (needs additional work)
36 * Added new functions to misc-utils.lib for managing process status
37 verification and parameter configuration save/restore.
38 * Fixed search of objects and extra-refs for lists
39 * Fixed DSA and ECDSA e-mail problems (no encryption is supported)
40 * Fixed retrieval of requested certificates when the key
41 is generated on the server (eg., a .p12 is returned now)
42 * Fixed lists (REQ, CERTS, etc... ) display (more readable)
43 * Added Level of Assurance Checking (Key Algorithm, Key Generation Mode
44 and Key Size)
45 * Added support for requestStatus to request configuration for automatically
46 approved requests (values can be one of NEW, PENDING, or APPROVED)
47 * Added support for ldaps and starttls for ldap authenticated browser
48 requests (etc/datasources.xml)
49 * Added authenticated (via ldap) browser request form (etc/auth_browser_req.xml)
50 * Added a defaul logo page (instead of software version one)
51 * Added support for the new certificate request form for CA initialization
52 * Fixed a space-tolerance in RDNs
53 * Simplified the Certificate Request Page
54 * Added more configurable and simplified certificate request form
55 (etc/browser_req.xml)
56 * Updated script code (no more VB - only javascript)
57 * Added Vista Support (IE7) for certificate request
58 * Added DC fields in CA Certificate Request
59 * Added possibility to specify the subjectAltName via the CA
60 interface when self-signing the CA certificate
61 * Fixed Browser and OS recognition in initCGI
62 * Fixed DN parsing in OpenSSL.pm and REQ.pm to allow bogus DNs
63 from Windows 2003 server (problem reported by Dmitrij Mironov)
64 * Added LDAP protocol version selection in config.xml (default 3)
65 * Added possibility to generate DSA keys, reqs, and certs via
66 the web interface (eg., for RA/CA operators)
67 * Added CRL Revocation Code in CRRs
68 * Fixed several errors in the default RBAC definitions (ACL)
69 * Fixed name extension when sending .p12 files to the user
70 * Applied patch from Alexander Klink (cross-site scripting security fix)
71 * Fixed generation of index.txt file (thanks to Diego de Felice)
72 * Fixed --with-service-email-account (thanks to Robert Nelson)
73 * Eliminated debugging info when web-signing (thx to Robert Nelson)
74 * Added ca_organization, ca_locality, ca_state and ca_country in
75 etc/config.xml using configure
76 * Fixed cleanup of directories and ext-modules dependecies
77 * Fixed menu generation issue that would prevent Safari from
78 correctly navigating the menu
79
80
81 ---------------------------------------------------------------------------
82 2005-Oct-09 - OpenCA 0.9.3-rc1
83 Installation and packaging fixing release
84 ---------------------------------------------------------------------------
85
86 2006-Oct-09: OpenCA 0.9.3-rc1
87 * stripped openca-sv and openca-scep from base package
88 (no more C-related modules inside the base package)
89 * stripped ocspd from openca base package
90 * binary pacakge building fixed (rpms)
91 * package installation fixed
92
93
94 2005-12-22 - OpenCA 0.9.2.5
95 - Improved UTF-8 Support
96 - LDAP Authentication
97 - SCEP improvements (Certificate template request support, authenticated
98 requests)
99
100 Configuration file changes:
101 etc/servers/scep.conf.template
102 modified: ScepAllowEnrollment (new possible value 'VALIDSIGNATURE',
103 backward compatible)
104
105 etc/access_control/*.xml
106 modified: added 'ldap' database to passwd authentication method
107
108 ---------------------------------------------------------------------------
109
110
111 2005-08-12 - OpenCA 0.9.2.4
112 This is a maintenance release and mainly identical to 0.9.2.3.
113 ---------------------------------------------------------------------------
114
115 2005-08-05 - OpenCA 0.9.2.3
116 *** IMPORTANT: This release contains an error in the database layer. ***
117 DO NOT USE THIS RELEASE!
118
119 - Dynamic engine support (required for OpenSSL 0.9.8)
120 - Russian translation
121 - UTF-8 support
122 - Improved SCEP interface (read documentation!)
123
124 Configuration file changes:
125 etc/config.xml
126 new: cert_chars
127 etc/menu.xml.template
128 new: HSM Management
129 new: Russian
130 etc/rbac/acl.xml
131 modified: permission/module
132 etc/servers/ca.conf.template
133 new: lockFile
134 modified: DN_*_CHARACTERSET
135 etc/servers/pub.conf.template
136 modified: DN_*_CHARACTERSET
137 etc/servers/ra.conf.template
138 modified: DN_*_CHARACTERSET
139 etc/servers/scep.conf.template
140 new: ScepAllowEnrollment
141 new: ScepAllowRenewal
142 new: ScepKeepSubjectAltName
143 new: ScepRenewalRDNMatch
144 new: ScepDefaultRole
145 new: ScepDefaultRA
146 new: ScepAutoApprove
147 ---------------------------------------------------------------------------
148
149 2005-03-07 - OpenCA 0.9.2.2
150 - LunaCA3 support
151
152 Configuration file changes:
153 etc/servers/ldap.conf.template
154 new: ModuleID
155 new: ModuleShift
156 etc/servers/node.conf.template
157 modified: SEND_MAIL_DURING_IMPORT
158 ---------------------------------------------------------------------------
159
160 2004-08-28 - OpenCA 0.9.2.1
161 - Greek translation
162
163 Configuration file changes:
164 etc/menu.xml.template
165 new: Greek
166 ---------------------------------------------------------------------------
167
168 2004-10-11 - OpenCA 0.9.2.0
169 Major differences to the 0.9.1 version. It is recommended to perform
170 a fresh install and migrate configuration manually if upgrading
171 from 0.9.1.