Changelog

xca 2.8.0 Sun Oct 13 2024

• Add SHA3 algorithms to the select box

• Close #593: App freezes/crashes when trying to export certain keys

• Close #306 #537: Allow Database-driver options in config file

• Close #537: macos: Compile mariadb-connector and qsqlmysql

• Close #152: How can we specify the Cryptographic Service Provider

• Close #590: MacOS OpenSSL legacy provider not loaded

• Close #199: Templates and Key Identifiers

• Close #239: Check existing Name Constraints

• Add OpenSSL PURPOSE and validation results

• Close #587: Incomplete refactoring of adapt_explicit_subj

• Combine #90 and #315 and support UPN in name constraints

• Close #90, #361: Name Constraints (RFC5280 section 4.2.1.10)

• Close #296: Proper plurals

• Close #88: Export to multiple files with common or individual password

• Close #313: Support JWK export format of certificates

• Close #359: Symlink to PKCS#11 lib resolved

• Close #552: issues with icons in gnome dock

• Close #315 Support UPN type for EAP/802.1X certificate

• Add korean translation

• Close #287: template don’t save/restore correctly

• Close #351: a1int::getLong() doesn’t handle all error cases

• Close #401: Write PEM data to a file especially for crlgen

• Close #548: export certificate: error using child folder

• Close #391: hide expired and revoked certificates

xca 2.7.0 Tue Aug 27 2024

• Close #311: Install QT translation files again

• Close #304: oids.txt not found etc if prefix non-standard

• Add cmdline option to disable native dialogs

• Close #364: Export ED25519 private key with password

• Switch encryption in “Cert+PKCS#8” and “Database dump mode from DES3-EDE to AES-256

• Drop support of encrypted PVK files.

• Windows/Mac build: switch to QT 6.6.3

• Close #554: Missing option to disable file association in Windows setup

• Close #395: Flexible Clipboard Export

• Close #550: Fix compiling tests issue by providing -pthread link flag.

• Fix calendar export for CAs

• Support importing existing OpenVPN TLS Auth keys

• Fix “Copy extensions from request” function

• Fix login via PinPad on e.g ReinerSCT

• Extend #383: tag insecure PFX/PKCS#12 algorithms

• Close #536: macos include OpenSSL legacy provider

• Close #532: XCA not in English on macos

• Close #89: ta.key for OpenVPN tls-auth

• Close #496: PKCS11 access to AWS CloudHSM failed

• Yubikey improvements

xca 2.6.0 Mon Feb 26 2024

• Update documentation of certificate export and remote databases

• Close #520: Fix permanent processor load

• Close #518: Export certificates for ovpn file

• Close #512 #474 #481 #506 #509: SHA1 based MAC for PKCS12

• Close #458 #511 #503 #500 #494 #484 #482 #475: Support legacy keys and automatically transform them if possible.

• Close #493: Renew Certificate freeze XCA

• Close #477: paste an encrypted private key results in a crash

• Fix crash when deleting CA certificates

• Close #480: add flatpak build information and github action

• Close #402: Subject Alternative Name not filled by all CN

• Improve import: Finish multi import when empty

• Add File extensions in Info.plist supported by XCA

• Close #384: Quick view of certificates without trying to open XCA

• Close #459: pass private key password

• Close #465: Export PEM + Key in one File

• Close #460: Impossible to import PKCS#12 (RC40_CBC)

• Make XCA AppStore compliant with -DAPPSTORE_COMPLIANT=ON

xca 2.5.0 Sun Sep 24 2023

• Close #423: parameter –name is not respected when running with CLI

• Close #457: Support Qt5 < 5.12 / python3-sphinxcontrib.qthelp

• Close #440: yellow background makes date text hard to read in dark themes

• Close #437: loading CRL at startup generates an error

• Close #444 cannot update template internal name

• Close #442: asan checks failed

• Close #446: show more information in Recent Databases

• Improve/Fix database loading

• Document vCalendar/ics feature #456

• Fix possible segfault caused by wrong free()

• Add Bulgarian translation

• Close #368: error while creating CRL with CA using EC key (ed25519)

• Treat CKA_ID as byte array, not Bignum

• Fix #321 - decryptKey shows OpenSSL error

• Merge #325 Update entitlement.plist

• Close #366: Not Responding after upgrade

• Add Persian translation .ts file to XCA.

• Close #327: “Dump database” dumps everything to everywhere

• Close #317: “Please insert card: …” message

• Add Indonesian translation

• Close #283 Nitrokey HSM2 can’t create EC keys on 2.4.0

• Switch from autotools/qmake to cmake

• Close #278: Miss components to connect remote database

• Commandline: Add “–list-items” to print a list of database items

• Close #67: possibility to ignore password prompt from CLI

• Close #259: Follow the XDG base directory specification

• Add support for Qt6 and OpenSSL 3.x

• Drop support for Qt4

• Drop support for old XCA < 2.0.0 databases

• Drop support for OpenSSL < 1.1.0

xca 2.4.0 Fri May 07 2021

• Unify XCA icon (certificate) on all platforms

• Close #247: Apple silicon (M1) configure fixes

• Add Microsoft BitLocker extended key usage

• Disregard OpenSSL 0.9.8 compatibility

• Add bash completion script

• Add context sensitive help

• Convert documentation from linuxdoc/SGML to sphinxdoc

• Close #258: xca aborts on exit and on access to own templates

• Close #142: Support Ed25519 Import / Export private SSH2 key

• Close #142: Support Ed25519: Key-generation, import, export

• Close #251: AuthorityKeyIdentifier: use issuer:always

• Change language maintainer of brazilian portuguese

• Close #230: Change PKCS12 export extension from .p12 to .pfx

• Close #208: XCA hung when importing EC keys. For example prime256v1

• Close #210: Make dialog to edit SAN less strict

• Close #224: Store original path/filename on import

• Close #213: configure.ac: add description to AC_DEFINE_UNQUOTED

• Close #172 #46: Multiple OCSP Responders

• Store default database and recently opened file as UTF8

• Close #157 Generate and export CRLs from commandline

• Add command line support for creating CRLs, keys and analyzing items

xca 2.3.0 Wed Apr 29 2020

• Close #191 OID LN differs warning popups at startup

• Close #189 Database compaction #189

• Improve PKCS11 library loading for portable app

• Refactor native separators / and on windows.

• Support TLS encrypted MariaDB and PostgreSQL connection

• Close #182: UI not using Windows native theme in 2.2.1 portable

• Close #70: cant open ics file in ical on macos mojave

• Close #72: Add checkbox for OCSP staple feature

• Use DESTDIR instead of destdir when installing. Follows autotools convention.

• Close #172 #46: Multiple OCSP Responders

• Close #170 xca-portable-2.2.1 cannot change language

• Fix certificate assignment when importing a CA certificate

• Close #163: Show key type/size on column of Certificates tab

xca 2.2.1 Thu Jan 30 2020

• Close #159 Opening existing database

xca 2.2.0 Wed Jan 29 2020

• Switch to MSI installer

• Close #129 Unattended Installation

• Rename HTTPS templates to TLS and support KU/EKU extensions needed by OpenVPN

• Close #93 Default output folder / Improve Portable App usability

• Improve EC Curve selection for key generation.

• Close #21 Support for ODBC (MSSQL)

• Close #136 Provide 64bit version of xca

• Close #156 secp256k1, secp256r1 and NIST-P256

• Transfer Key Usage and Extended Key Usage critical flags

• Improve item loading. Inspired by #153

• Add japanese translation

• Close #138: Portable Version does not remember paths

• Close #83: Token selection should not insist on name or serial of the token

• Close #95: Copy mysql and psql windows dll files into portable app

• Close #144: Database export has issues with wildcards in internal names

• Close #143: Hotkey for import

• Close #140: Certificate renewal with option to preserved serial number

• Fix possible XCA crash

• Add Dutch translation

• Add Chinese translation

• Add Italian language

• CLose #120: Mark signed a request doesn’t work

• Close #119: Rename “PostgreSQL 6 and 7” to just “PostgreSQL”

• Close #116: Duplicate extensions erroneously shown

• Close #114: SAN - IPv6 address input not working

• Close #68 Generating large DH params freezes UI

• Support concurrent database access.

• Close #91: Change order of “PKCS#11 provider”

• Extend PEM files by human readable information about the item

• Support ecdsa SSH public keys

• Close #98 Add comment at import/export RSA keys from/to SSH public key

• Close #101: Finish Rename with Enter shows Property Dialog

• Close #104: Also show sha256 digests of public keys

• Close #82: Renew CA ROOT Cert

• Verify imported keys thoroughly

xca 2.1.2 Wed Nov 07 2018

• Close #40 macOS: Crash after xca v2.0.1 quit

• Close #37: XCA 2: EVP_DecryptFinal_ex:bad decrypt

• Close #74: Exiting XCA 2.1.1 corrupts database

• Make PKCS11 libs, working dir and main-window size host-dependent

• Support for XCA as portable App

• Close #69 Library not loaded: @rpath/ contains local directory

• Close #60: Fix MacOSX 2.1.1 binary

• Add new maintained languages: Polish, Spanish, Portuguese

xca 2.1.1 Thu Sep 13 2018

• Allow manual override of the CSR signed flag

• Close #56: Duplicate Serials after Upgrade 2.1.0

• Close #57: SAN IP not working in 2.1.0

• Close #55: Calculate “CSR signed” information from legacy database

• Close #55: Add Certificate counter column for CSR

• Fix slovak translation

• Close #50: Hang while importing 1.4.1 database into 2.1.0

xca 2.1.0 Tue Jul 24 2018

• Close #48: The SKI tickbox isn’t generating an SKI extension for CSRs

• Fix translation of dates

• Add private key icon to the key name

• Inspired by #42: display dates relative (seconds ago, yesterday, …) while column ordering is still strict by age. The ToolTip shows date and time.

• Related to #39: Dynamically adjust explicit DN entries

• Close #39: Subject entries shuffled

• Close #36: Support adding CN to X509v3 SAN automatically

• Close #35: Configurable size of serial number.

• Close #34: Improve Mac OSX installation

• Close #27: Configurable certificate expiry warning threshold

• Generate calender (.ics) files for certificate and CRL expiries

xca 2.0.1 Tue May 08 2018

• Close #32: Version field contains “Created by Qt/QMake” on MacOSX

• Review and update russian ltranslation

• Close #31: Closing certificate details window toggles tree folding

• Close #25: Certificates are no longer coloured

• Close #24: Add LibreSSL support. Tested with LibreSSL 2.7.2

• Close #23: Improve limiting to pattern in certificate tree view

• Close #20: Unable to chose remote database type (dropdown empty)

• Close #19: Replace 3DES encryption by AES-256 during key export

xca 2.0.0 Tue Apr 10 2018

• Open database before starting a transaction

• Fix default hash during startup

• Fix Importing PKCS#12 and PKCS#7 files

• Improve automatic setting of the certificate internal name

• Don’t use remote DB descriptor as local database filename proposal

• Usability: Preset remote database input values with previous ones

• Add another missing windows postgres library

xca 2.0.0-pre04 Thu Mar 22 2018

• Accept drivers that don’t support transactions

• Install MySQL and PostgreSQL drivers on windows

• Closes #10: Warn if certificate without any extension is created

• Add table prefix to be prepended to each table for remote SQL DB

• Update translations

xca 2.0.0-pre03 Thu Mar 15 2018

• Fix installation of sql plugins in the Windows installer

• Fix opening, importing and dropping databases

xca 2.0.0-pre02 Tue Mar 13 2018

• Fix crash during PKCS#12 export

• Update HTTPS_server template and add example SAN

• Acceppt empty password for private key decryption

• Fix legacy database-without-password import

xca 2.0.0-pre01 Sun Mar 11 2018

• Close GitHub Bug #5: Exporting a private key results in too-permissive permissions

• Close GitHub Bug #4: Workaround QT bug of editing in QDateTimeEdit

• Fix display of dates in the Certificate details (local time displayed a GMT)

• The internal name is not neccessarily unique anymore and can be edited in the details dialog as well as the comment.

• CSR signing is now statically stored in the database and the comment of the issued certificate.

• Private keys in the database are PKCS#8 encrypted and can be exported and decrypted without XCA.

• No more incrementing serials. Only unique random serial numbers.

• “xca_db_stat” application removed. Use the SQLite3 browser “sqlitebrowser”.

• “xca extract” functionality removed. SQL views may be used instead.

• Each item may be commented. XCA itself comments important events in the item.

• Each item knows its time and origin of appearance.

• Change database format to SQL(ite) and support MySQL and PostgreSQL.

xca 1.4.1 Sat Mar 3 2018

• Replace links to XCA on Sourceforge in the software and documentation by links to my Site.

xca 1.4.1-pre02 Thu Mar 1 2018

• SF Bug #122 isValid() tried to convert the serial to 64 bit

• Beautify mandatory distinguished name entry errors

• Support dragging certificates and other items as PEM text

• Show User settings and installation path in the about dialog

xca 1.4.1-pre01 Sun Feb 18 2018

• Remove SPKAC support. Netscape is not of this world anymore.

• SF bug #124 Wrong assumptions about slots returned by PKCS11 library

• Cleanup and improve the OID text files, remove senseless aia.txt

• Update HTML documentation

• Refine and document Entropy gathering

• Indicate development and release version by git commit hash

• Fix dumping private keys during “Dump database”

• Fix Null pointer exception when importing PKCS#12 with OpenSSL 1.1.0

• SF Bug #110 Exported private key from 4096 bit SSH key is wrong

• SF Bug #109 Revoked.png isn’t a valid image

• SF Bug #121 CA serial number is ignored in hierarchical view

• Improve speed of Bulk import.

• Fix starting xca with a database as first arg

xca 1.4.0 Thu Jan 4 2018

• Update OpenSSL version for MacOSX and W32 to 1.1.0g

• Change default hash to SHA-256 and add a warning if the default hash algorithm is SHA1 or less

• Switch to Qt5 for Windows build and installation

• Do not apply the default template when creating a similar cert

• Close SF #120 Crash when importing CA certificate

• Close SF #116 db_x509.cpp:521: Mismatching allocation and deallocation

• Add support for OpenSSL 1.1 (by Patrick Monnerat)

• Support generating an OpenSSL “index.txt” (by Adam Dawidowski)

• Thales nCipher key generation changes for EC and DSA keys

• Add Slovak translation

xca 1.3.2 Sat Oct 10 2015

• Gentoo Bug #562288 linking fails

• Add OID resolver, move some Menu items to “Extra”

• SF. Bug. #81 Make xca qt5 compatible

• SF. Bug. #107 error:0D0680A8:asn1 encoding

• Don’t validate notBefore and notAfter if they are disabled.

xca 1.3.1 Fri Aug 21 2015

• Fix endless loop while searching for a signer of a CRL

xca 1.3.0 Thu Aug 11 2015

• Update to OpenSSL 1.0.2d for Windows and MAC

• SF Bug #105 1.2.0 OS X Retina Display Support

• Digitaly sign Windows and MAC binaries with a valid certificate

• Refactor the context menu. Exporting many selected items to the clipboard or a PEM file now works. Certificate renewal and revocation may now be performed on a batch of certificates.

• Feat. Reg. #83 Option to revoke old certificate when renewing

• Refactor revocation handling. All revocation information is stored with the CA and may be modified. Revoked certificates may now be deleted from the database

• Support nameConstraints, policyMappings, InhibitAnyPolicy, PolicyConstraint and (OSCP)noCheck when transforming certificates to templates or OpenSSL configs

• Fix SF Bug #104 Export to template introduces spaces

• Add option for disabling legacy Netscape extensions

• Support exporting SSH2 public key to the clipboard

• SF Bug #102 Weak entropy source used for key generation: Use /dev/random, mouse/kbd entropy, token RNG

• SF Feat. Req. #80 Create new certificate, based on existing certificate, same for requests

• Add Cert/Req Column for Signature Algorithm

• SF Feat. Req. #81 Show key size in New Certificate dialog

• Distinguish export from transform: - Export writes to an external file, - Transform generates another XCA item

xca 1.2.0 Sat Mar 21 2015

• Update to OpenSSL 1.0.2a for Windows and MAC drop brainpool extra builds

• Use CTRL +/- to change the font size in the view

• Add Row numbering for easy item counting

• Support SSH2 public key format for import and export

• Add support for SHA-224

• add “xca extract” to export items from the database on the commandline

xca 1.1.0 Sat Nov 22 2014

• SF Bug #79 Template export from WinXP cannot be imported in Linux and Mac OS X

• Support for Brainpool windows and MacOSX binaries

• SF Feat. Req. #70 ability to search certificates

• SF Feat. Req. #75 show SHA-256 digest

• RedHat Bug #1164340 - segfault when viewing a RHEL entitlement certificate

• Database hardening - Delete invalid items (on demand) - Be more tolerant against database errors - Gracefully handle and repair corrupt databases - Add “xca_db_stat(.exe)” binary to all installations

• Translation updates

• Optionally allow hash algos not supported by the token

• Select whether to translate established x509 terms

• Finish Token EC and DSA support - generate, import, export, sign

• SF Feat. Req. #57 More options for Distinguished Name

• Switch to autoconf for the configure script

• SF Feature Req. #76 Export private keys to clipboard

• EC Keys: show Curve name in table

• Support EC key generation on PKCS#11 token

• PKCS#11: Make EC and RSA signatures work

• PKCS#11: Fix reading EC keys from card

• SF Bug #82 Certificate Creation out of Spec

• SF Bug #95 XCA 1.0 only runs in French on a UK English Mac

xca 1.0.0 Wed Oct 22 2014

• SF Bug #89 Validating CRL distribution point results in error

• SF Feature Req. #69 Create “Recent databases…” file menu item

• SF Bug #75 authorityInfoAccess set error

• SF Bug #88 Minor spelling error

• SF Bug #87 Unable to set default key length The Key generation dialog now allows to remember the current settings

• Do not interpret HTML tags in message boxes

• Overwite extensions from the PKCS#10 request by local extensions This avoids duplication errors and allows to overwrite some extensions from the request

• SF Bug #78 replace path separators in export filenames

• SF Feature Req. #71 Add KDC Authentication OIDs to default files

• SF Bug #82 Certificate Creation out of Spec

• Add Croatian translation

• SF Bug #83 Inappropriate gcc argument order in configure script

xca 0.9.3 Sat May 12 2012

• Fix double free in a1time resulting in random crashes

xca 0.9.2 Sun May 6 2012

• Support for Local timezone dates. Differentiate between invalid and undefined dates.

• Fix Bug #3461403 Error when create certificate with CRL distribution point User error -> Improve user-friendlyness

• Fix Bug #3485139 Exception when creating certificates in passwordless db

• Avoid very long names resulting in duplicate names in the database.

• Add warning colors for expired dates.

xca 0.9.1 Fri Oct 21 2011

• Close bug [ 3372449 ] All numeric names cannot be used

• add search functionality for PKCS#11 libraries

• fix ASN.1 encoding of PKCS#10 request

• Close bug [ 3318203 ] Build failure with GNU gold linker

• Add x509v3 extensions to the list of selectable columns

• Close bug [ 3314262 ] Incorrect “Path length” template parameter handling

• Close bug [ 3314263 ] Unrevoking a certificate does not make it “Trusted”

• Feature Request [3286442] Make success/import messges optional

• improve Password entry

• Improve SPKAC import

• add french translation by Patrick Monnerat

• Export requests or certificates as openssl config file

• Support building with EC disabled

• Close bug [3091576] Private key export is always PKCS#8 encoded

• Feature Request [3058196] Autoload database

• Feature Request [3058195] Export directly to the clipboard

• Close bug [3062711] Additional OIDs

• Close bug [3062708] Invalid user configuration file path name

• Fix PKCS#11 library handling

xca 0.9.0 Sun Aug 29 2010

• support loading more than one PKCS#11 library

• remove the need for engine_pkcs11 now more than one PKCS#11 library can be loaded and used in parallel

• Add de/selection of columns and add a lot of new possible columns All Subject entries, the subject hash and whole name, Certificate fingerprints, dates, CA info, CRL number, corresponding key of certs and requests

• Improve CRL generation [3035294] CRLNumber, CRLReason

• improve creating templates from cert - enhance parsing of CRL-DP, SAN, IAN and AuthInfoAcc - add support for CertificatePolicies - unknown extension are written as generic DER

• improve date handling. “notBefore” is not reset to now anymore when applying a time range

• Support dropping files onto the application

• russian translation by Pavel Belly

• support loading DER formatted PKCS#8 keys

• ease commandline use

• add DH param generation menu entry

• improve token handling and PIN changing dialogs

• improve key-value table input for “additional DN entries”

• PIN and PUK changing implemented

• apply partial template-contents - applying the subject only or the extensions only is possible now

• add informational messageboxes - whenever an item was successfully created or imported

• add support for random serial numbers

• improve messages, usability and german translation

• improve token support - token initializing - creating keys on a token - store existing keys on a token - delete keys and certs from a token

xca 0.8.1 Tue Jan 5 2010

• fix string conversion from QString to ASN1

xca 0.8.0 Thu Dec 10 2009

• improve documentation

• improve file-dialog handling

• Generate Template from certificate or PKCS#10 request -> Feature request [2213094] and [1108304]

• add hash algos “ripemd160” and “SHA384”

• add the “no well-defined date” from RFC 5280 as checkbox

• Feature request [1996192] Include “OCSPSigning” in misc/eku.txt

• Support for EC keys

• Update Step-by-step documentation Thanks Devin Reade

• Support for Smart Cards

• set proper file-extension .xdb on opening databases

xca 0.7.0 Fri Sep 11 2009

• support modifying the CSR subject during signing

• update key images

• fix date settings in Certificate renewal dialog

• fix certificate request verification

• check for duplicate x509 v3 extensions Bug [ 1881482 ] and [ 1998815 ]

• make sha1 the default hash to avoid problems with other software Bug [ 1751397 ]

• add validation button to see all extensions before creating the cert

• change the hashing for the default password. this makes it incompatible to older versions

• Major changes for MAC OS X

• extend template format for nconf settings

• add nconf input field for arbitrary OpenSSL extensions and a “validate” button to check the settings before applying

• fix xca.desktop Bug [ 1837956 ]

• fix item-export error handling

• add PEM paste import feature

• extend PEM import to import all items from a PEM file

xca 0.6.4 Mon Aug 13 2007

• Bug “tree view loose track” fixed

• check for certificate errors and display them instead of crashing

• move used-keys-button form options to NewX509 dialog

• Set string options in options dialog

• remove extension and attribute tab in details dialog if no extensions or attributes available

• documentation updated

• X509 request attributes (like challange password) can be set and viewed.

xca 0.6.3 Thu May 17 2007

• show CRL signature algorithm information

• Add options dialog to set the default hash algo, mandatory distinguished name entries and allow duplicate key use as requested by some users

• make cert, crl and key details copy&paste able

• fix background color of clicklabels Bug [ 1704699 ]

• remove missleading tooltips Bug [ 1704700 ]

• fix segfault

• switch string handling to UTF8

xca 0.6.2 Mon Apr 9 2007

• break endless loop in chain building Bug [ 1696878 ]

xca 0.6.1 Thu Apr 5 2007

• minor documentation updates

• Fix openssl-cross patch

• recognize certificates with circular references [ xca-Bugs-1693027 ]

• be compatibile to QT-4.1 (thanks Tamas TEVESZ)

• remove all usages of QT3 backward lib [ xca-Feature Requests-1692800 ]

xca 0.6.0 Fri Mar 16 2007

• set initial sorting to ascending order

• add RFC2253 representation of subject and issuer to copy & paste

• fix dialog sizes for long DNs

• move hash algo into signer box [ 1656260 ]

• make QA serial a compile time option

• fix date generation and warn if generalized time is used

• autodetect and load any type of PEM files

• fix version number in exported .xca template

• fix import of older XCA templates

• add support for predefined templates as there was in 0.5.1

• fix cmdline import of crypto items

• add undelete feature for deleted items

• fix database shrinking of curent db during opening of new db

xca 0.6.0-beta02 Fri Feb 2 2007

• correct and fixate the order of x509name entries

• Add CRL properties dialog to select the dates and the signing algo

• Add SHA256 and SHA512

• Certificate export for apache and OpenSSH+X509

• Default templates for client, server, CA removed

• template duplication added

• sort serial numbers numerically and not lexicographically Bug [1166075]

• add build support for cygwin and mingw-cross

• delete rpm/ and debian/ subdirs

• Port to QT4 and openssl 0.9.8 remove the need of Berkeley DB importing of old database dump possible

• finish support for Mac OS X

• add X509 V3 extensions to PKCS#10 requests

• add “validation” function for editable extensions below

• add “edit” buttons for subject/issuer alt. name, crl dist. point and cert. auth. info access

• add DB-dump function into subdirs

• Support for DSA keys

• Fix error in template changing

• change storage-format of keys: store the public unencrypted and the private additionally encrypted.

• Allow different passwords for keys

xca 0.5.1 Tue Jul 13 2004

• support for different languages on WIN platform (Thanks Ilya)

• better installation and deinstallation on WIN platform

• documentation updated

xca 0.5.0 Sun Jun 13 2004

• orthographical changes

• more translations

• segfault in CRL import removed

• manpage and documentation updated

• store “midnight” in template

xca 0.4.7-RC2 Fri Apr 16 2004

• open db if explicit mentioned, otherwise do not.

• Errormessage on a wrong pkcs12 password more comprehensive

• postinst and postrm do update-menu

• search more intensive for the CRL signer

• add /etc/xca/nid.txt to OID search path

• debian build enhanced, lintian satisfied, manpage added.

• AuthorityInfoAccess enhanced “aia.txt” as oid list added

• allow empty passwords on PKCS#12 import

xca 0.4.7-RC1 Thu Feb 5 2004

• debian menu-entry added

• Open and closing of different databases

• Menu added

• German translation

• CRLs will revoke existing certs

• memory leaks removed

• support for other compiled in basedir on unix

• Authority info access added

  Certificate policies still pending :-(

• additional (private) oids can be registered in oids.txt

• OIDs for extended key usage and Distinguished name are now read from eku.txt and dn.txt respectively.

• About dialog and help window added.

• Requestdetail is now tabdialog

xca 0.4.6 Tue Nov 25 2003

• Country is State or Province

• xca.dsp: WIN32 changes from Ilya

• New configure added, Makefile.in’s purged and one configuration: “Local.mak” for flags and compilers. supports parallel builds (make -j)

• SmartCard Logon OID added

• Fixed bugs:

• [ 846052 ] Tab order in Certificate Netscape extensions is wrong

• [ 845800 ] CRL Generation problem for Netscape

• [ 836967 ] Unable to specify alternate database

• [ 843725 ] xca dies when opened with a pem key as argument

• [ 789374 ] Bad encoding in misc/xca.desktop

• by Wolfgang Glas <wolfgang.glas@ev-i.at>: - Support for UTF8 in x509name - Netscape SPKAC support added

xca 0.4.5 Wed Aug 13 2003

• more german translations

• [ 737036 ] make error texts copiable from pop-up-windows to clipboard by adding a button doing this

• [ 767603 ] Key sizes Implemented by making the Key-size ComboBox editable to enter arbitrary key sizes.

• [ 765774 ] change password for database

xca 0.4.4 Wed Aug 6 2003

• [ 783853 ] renewal uses ‘notBefore’ as ‘notAfter’ date

• [ 783830 ] GeneralizedTime-format breaks browsers

xca 0.4.3 Tue Aug 5 2003

• remove Certificate creation bug (AuthKeyId)

• always take the right cert for signing

• critical flag in key usage and extended key usage works now

• Import of Multiple items is done and works [ 739726 ] extend description of -p option [ 775529 ] Import of PKCS#7 item not shown

• made the details dialogs internal name read only

• some segmentation faults removed

• VPN OIDs added to Ext. Keyusage

xca 0.4.2 Sun Jul 20 2003

• Memory leak removed

• Template import and export added

• fix bug [ 773056 ] Duplicate ‘All files (.)’ selection on import menus

• import of PKCS#12 keys repaired

• crl icon added to W32 installation

• /usr/local/include removed from CPP flags

• Buttons “Export Cert” and “Change Template” reconnected.

• Authority Key identifier repaired

xca 0.4.1 Tue Jul 15 2003

• some compiling issues removed

• Import via commandline repaired,

• signing of requests without key fixed

• Changes for WIN32 version from Ilya added

• solved bug: [ 770120 ] Attempting to export private key results in no file exported

• implemented feature request: [ 755599 ] add PFX import button to Keytab

xca 0.4.0 Tue Jul 8 2003

• Solved bugs:

• [ 752111 ] Cannot handle dates past 32-bit boundary (2038)

• [ 744227 ] Bug in handling of 3rd. party CRLs

• The following Feature requests were implemented:

• [ 743152 ] Attributes in subject name

• [ 755853 ] select the hash algorithm for signing.

• The code was completely rewritten to remove many unpretty codefragements and get a more stable codebase

• The names of certs and keys in the detailsview of Certs, CRLs and Requests are clickable.

• xca desktopfile added and will be installed in applications, key.xpm will be installed as xca.xpm in pixmaps ([ 763954 ] xca.desktop file) Thanks to Enrico Scholz

xca 0.3.2 Thu May 15 2003

• Optimizations, icon for WIN32 platform

• MS Registry and %USERPROFILE% support

• Support for PKCS#7 certs (im/export)

• small UI changes

xca 0.3.1 Thu Apr 24 2003

• Tool Tips added

• CRL handling (import, export, details) added

xca 0.3.0 Fri Apr 25 2003

• several bugfixes and memoryleaks removed

• export to TinyCA and “openssl ca” added

• switch between tree/plain view in certificate list

• notAfter dates in certificate view can be sorted reasonably

• libdb-4.1.24 and higher is supported

• The certificate details dialog was redesigned to be a smaller tab-dialog

• Mainwindow dialog shrinked

• Item viewing and import via the commandline is possible

• documentation littlebit updated

• changes in configure

• The wizard invokes the key generation process only if really needed

xca 0.2.12 Mon Jan 6 2003

• PKCS#7 encryption and signing of files added

• First attempt of documentation added

• Several export targets added

• Certificate renewal repaired

xca 0.2.11 Wed Dec 4 2002

• Certificate export enhanced, increase signer-serial on certimport.

• interpretation of serial as hex and not as dezimal.

• configure continues even if qt lib is absent.

• $HOME/xca is created if it does not exist.

xca 0.2.10 Tue Oct 29 2002

• shows not After time and serial in listview

• some segfaults removed

• Certificate renewal implemented

• extension-bug removed

• request-kontextmenu contains signing

• create request from certificate

• FreeBSD paths and libs recognized by configure

xca 0.2.9 Mon Oct 21 2002

• several segfaults eliminated

• key-use counter corrected

• initial truststate fixed

• remembers Im/Export directories

• import of mutiple certs/keys/requests/pkcs12

• database transactions activated

• exception-handling completed

xca 0.2.8 Sun Oct 13 2002

• consistency checks for Iss-alt-name and Sub-alt-name

• Check for certificate dates to not exceed those of the signer

• defines for libdb >4.1.x

• default templates added

• package-builder do build without printf-debugging

• key-use counter works now well

xca 0.2.7 Tue Oct 8 2002

• segfaults removed

• minor wizard changes

xca 0.2.6 Mon Sep 30 2002

• show common name in request list and certificate list

• CRL generation added

• Key-export fixed

• signing-template, CRL date and CRL time interval adjustable

• Fix for windows filenames

xca 0.2.5 Tue Sep 24 2002

• Certificate and Template Wizard completed

• CA-serial can be changed and is stored with the cert

• Passwordboxes set focus right (Andrey Brindeew <abr@abr.pp.ru>)

• configure enhanced with error and success messages

• x509 v3 extensions completed inc. Netscape extensions

• Templates implemented

• Files for MS Visual C++ added (yes, it compiles on MS Windows)

• Windows Installer added (Nullsoft)

xca 0.2.4 Tue Sep 10 2002

• PKCS#12 import added

• bugfixes fileview, requestgeneration

xca 0.2.3 Wed Sep 4 2002

• icons changed

• context menu on right mousebutton

• trust state settings added

• dialogboxes are resizeable

• extended keyusage added to v3 extensions when creating new cert

• all dialogs translated to english

• no more images in .ui files

xca 0.2.2 Thu Jul 18 2002

• basic constraints, key usage and subject/authority key identifier

• signing wizard…

• Signatures can be done with requests and from scratch

• Certificate for signing can be self or foreign,

• password is saved as md5sum

xca 0.1.12 Thu Jul 11 2002

• icons added

• treeview for Certificates

• private keys are triple DES encrypted in db

• program asks for initial password on startup

• some segfaulting bugs removed

xca 0.1.11 Wed Jul 3 2002

• RSA Keys are generated and stored to or loaded from a file in either DER or PEM format.

• They get stored in a local Berkeley DB.

• Changing their description and viewing their contents, as well as deleting them from local DB is possible.