* Tue Jul 27 2004 Frédéric Giudicelli Version 2.0.0-beta4 - Removed "Includes/SQL/SQL_CMD.h". - A CA republishes every 12 hours all its certificates, revocation and CRLs. - The repositories are now "purged", meaning when they synchronize they no more send the list all the known requests/responses, which over time would have used way too many resources. - Improved memory usage in PKI_CRL. - Simplified the synchronization code. - The CA now stores the LDAP UID, it allows the publication to be handled a better way when a certificate is generated/revoked for the CA GUI. - Optimized the repository database. - Fixed a problem in LDAP synchronization, when a RA's DN Spec didn't have a default value, and when the field wasn't present in the LDAP result. - Fixed the problems related to bad translations. (Raphaël Précigout) - Added support for DN access in extensions. ex. subjectAltName=email:emailAddress:move. The supported actions are move and copy. - In PKI GUI, disabled "Configure Entity" for entities that had no configuration window. - Moved "Includes/Conf.h" and "Includes/Conf.cpp" to "Server/". - Improved the entities' links verification algorithm. (Wolf) - When creating a PKI User certificate, if the private key is of software kind, it's now generated on server side, and a PKCS#12 is sent back to the user. - Improved the code for PKI Users management on Client Side. - Improved the inter-repositories configuration synchronization algorithm, the number of connections used to be n*(n-1) where n is the number of repositories, now it is much less. - Added the options to specify the path to openssl, in publication_ldap's configure (Paul Freeman). - When the socket server is fully started, It now yields to the rest of the PKI, that it can start working. There is more stupid waiting. - Fixed a few memory leaks in the repositories. - Improved the synchronization algorithm for a firewalled repository. - Removed the global signature for the profiles. - Improved memory usage in SockServerADMIN. - Improved memory usage in PKI_CSR. - If there is an error reading a certificate from the CA GUI, the faulty certificate is displayed. - Optimized SQL::FormatString and SQL::Value. - Fixed a bug where the new users would never show up in the ACL. - Now using SSL sessions cache, to improve performances. - Improved memory usage in the handling of the protocol, to avoid having a list of objects growing up and never being flushed if the repository is temporarly unavailable. - Greatly improved the use of Mutex in AsynchJobs. - When inserting a profile and the owner is a group, validating that the group exists. - Added the possibility to change a profile's LDAP UID. - Added the possibility to change a profile's Owner. - Added the possibility to change a profile's DN. - Added the possibility to delete a profile and all its associated certificates. - Upgraded to openssl 0.9.7d. - Encapsulated all the ASN1 structures used by NewPKI into classes, this will greatly improve the security of NewPKI, and help the code maintenance. - It's no more possible to send two times a request to a repository. - When an entity fails to load it's now displayed into the Server GUI, which will allow it to be removed if necessary. - It's now possible to load/unload an entity from the Server GUI. - Improved speed of PKI_CERT, datas are only loaded/parsed when they're needed. - Removed a deadlock in ReadersWriter. - Added an internalID to NewpkiRequest, this internalID is set by the requester, the repository verifies that it doesn't already know it, this avoids a requester to send two times the same request. - Rewrote the full synchronization algorithm for repositories, the old one wasn't adapted to a large number of data. - Added the possibility to view from the RA the end-user certificate as a PKCS#7. - Added the possibility to view the CA certificate as a PKCS#7. - Saving the inter-repository objects to DB, instead of using a memory list. - Added automatic database reconnection (Erik Anderson). - Added "-version" option. * Fri Jan 23 2004 Frédéric Giudicelli Version 2.0.0-beta3.1 - Fixed a bug when adding a link between 2 repositories. (Wolf) * Fri Jan 9 2004 Frédéric Giudicelli Version 2.0.0-beta3 - Rewrote the extension syntax parser to allow the use of commas (",") inside it, to have a comma (",") inside an extension value, you nee to double it (",,"). - Added a log entry for certification on CA side. - Added a log entry when receiving a request on CA side. - Fixed a minor bug in links synchronization. - Added the Publication Entity. - Created a LDAP publication module. - Added multilanguage support in GUIs. - Removed old and unused error messages. - Added a real error message when trying to use a CA that hasn't been initialized yet. - Minor improvements of code structure. - Updated to wxWindows 2.4.2. - Certificates that have been revoked from the CA GUI, are now displayed, back in the RA, as revoked. - LDAP connection is made by the server, the LDAP search in RA is processed by the server, not the client. The LDAP info is blanked when the RA conf is sent to the RA GUI. - Improved memory usage. - Added auto synchronization between LDAP entries and RA profiles. - Added the possibility to send the PKCS#12 password to the end user. - Added the possibility to make the RA randomly generate the PKCS#12 password. - The mails are temporally saved in DB, to make sure they don't get lost if the server shuts down unexpectedly. - Generally improved the mails handling. - Improved the statistics display. - Added logs export in XML format. - Added the possibility to check logs global integrity. - Added the "Change Password" functionality in the Server GUI. - Compiled against openssl 0.9.7c. - Added some logs, when the responses come back to the RA. - Fixed a bug when setting filters for the visualization of the logs. - Added a "debug" level for logging. - The PKI Admins can now access all the profiles and their certificates, in the RA. - Fixed the bug where the log entry for a user notification email showed up as an administrative email. - Added the possibility to save the entities links picture to a file. - The entities links window can now be as big as desired, the scroll bars expand according to the objects position. - It's now impossible to revoke the last PKI Admin certificate. - Fixed a memory leak in the Server Admin GUI when displaying a context menu. - Added a test in the linux client's "configure" to check for "wx-config". - Added the OCSP responder, inside the publication entity. - Replaced the obsolete Configuration structures to classes. - Fixed a bug in Configuration parser, where the error message wasn't displayed in WIN32. - Fixed a bug when stopping 2 times the server (ex. sending 2 SIGTERM in a row). - Rewrote the thread codes, and improved thread related code's readability. - In the Repository store, the hash for the requests and the responses, get recreated if they have been erased. - It's now possible to send an attachment along with an administrative mail. - Improved the RA Store's code readability. - The RA now sends the requests that were not sent before an unexpected event. - Initialize the OpenSSL MUTEX context, used by internal functions. - Tremendously improved the speed of mString::sprintf. - Improved the mail code. - Removed all occurrences of HashTable_Any. - Transformed PkiClient::THREAD_ERROR into a class. - Optimized the handling of transaction IDs, by making them a maximum length. - The entities are now deleted in another thread. - Fixed a problem with MIME format under Linux. - Introduced the concept of firewalled Repository, meaning that the normal synchronization behavior is modified, normally each repository would connect to each other to send each other the new PKI Conf and the new Objects. ex. We have RepositoryLAN in the LAN and RepositoryDMZ in the DMZ, RepositoryDMZ cannot connect to RepositoryLAN due to the LAN firewall, so we declare RepositoryLAN has being firewalled in regard of RepositoryDMZ, which will allow RepositoryLAN to gets the new Objects of RepositoryDMZ, exactly as if RepositoryDMZ did the synchronization connection itself. - Fixed a few potential MUTEX deadlocks. * Wed Sep 24 2003 Frédéric Giudicelli Version 2.0.0-beta2 - Corrected the bug in the CA GUI. - Corrected a bug in the RA store handler. - Added admin mail notification, when a request gets back to the RA. - Added the possibility to send the certificate/PKCS#12 directly to the user by mail, when it gets back to the RA. - Added the "Delete PKCS#12" functionality in the RA GUI. - The certificate can now be imported back to a CSP in the RA GUI. - Corrected a bug in CA when a certificate's DN had an accented letter. * Wed Sep 24 2003 Frédéric Giudicelli Version 2.0.0-beta1 - Added the RA entity. - Corrected some minor bugs. * Thu Jul 24 2003 Frédéric Giudicelli Version 2.0.0-beta0 - Well nothing much to say, NewPKI as be redeveloped.