Fifth beta of NewPKI 2.0 Articles / NewPKI Posted by Frédéric Giudicelli on Jul 28, 2004 - 01:55 PM |
|
The fifth beta of NewPKI 2.0 is now available. Beware, it's not possible to uprade from beta3, you will have to destroy your previously created PKI. Next version will be able to upgrade from beta4. The full ChangeLog is available in the rest of this news. The main changes are: - Added support for DN access in extensions. ex. subjectAltName=email:emailAddress:move. The supported actions are move and copy. - Improved the entities' links verification algorithm. (Wolf) - When creating a PKI User certificate, if the private key is of software kind, it's now generated on server side, and a PKCS#12 is sent back to the user. - Improved the inter-repositories configuration synchronization algorithm, the number of connections used to be n*(n-1) where n is the number of repositories, now it is much less. - Fixed a few memory leaks in the repositories. - Improved the synchronization algorithm for a firewalled repository. - Now using SSL sessions cache, to improve performances. - When inserting a profile and the owner is a group, validating that the group exists. - Added the possibility to change a profile's LDAP UID. - Added the possibility to change a profile's Owner. - Added the possibility to change a profile's DN. - Added the possibility to delete a profile and all its associated certificates. - Upgraded to openssl 0.9.7d. - Encapsulated all the ASN1 structures used by NewPKI into classes, this will greatly improve the security of NewPKI, and help the code maintenance. - When an entity fails to load it's now displayed into the Server GUI, which will allow it to be removed if necessary. - Removed a deadlock in ReadersWriter. - Rewrote the full synchronization algorithm for repositories, the old one wasn't adapted to a large number of data. - Added the possibility to view from the RA the end-user certificate as a PKCS#7. - Added the possibility to view the CA certificate as a PKCS#7. - Added automatic database reconnection (Erik Anderson). - Removed "Includes/SQL/SQL_CMD.h". - A CA republishes every 12 hours all its certificates, revocation and CRLs. - The repositories are now "purged", meaning when they synchronize they no more send the list all the known requests/responses, which over time would have used way too many resources. - Improved memory usage in PKI_CRL. - Simplified the synchronization code. - The CA now stores the LDAP UID, it allows the publication to be handled a better way when a certificate is generated/revoked for the CA GUI. - Optimized the repository database. - Fixed a problem in LDAP synchronization, when a RA's DN Spec didn't have a default value, and when the field wasn't present in the LDAP result. - Fixed the problems related to bad translations. (Raphaël Précigout) - Added support for DN access in extensions. ex. subjectAltName=email:<dn>emailAddress:move</dn>. The supported actions are move and copy. - In PKI GUI, disabled "Configure Entity" for entities that had no configuration window. - Moved "Includes/Conf.h" and "Includes/Conf.cpp" to "Server/". - Improved the entities' links verification algorithm. (Wolf) - When creating a PKI User certificate, if the private key is of software kind, it's now generated on server side, and a PKCS#12 is sent back to the user. - Improved the code for PKI Users management on Client Side. - Improved the inter-repositories configuration synchronization algorithm, the number of connections used to be n*(n-1) where n is the number of repositories, now it is much less. - Added the options to specify the path to openssl, in publication_ldap's configure (Paul Freeman). - When the socket server is fully started, It now yields to the rest of the PKI, that it can start working. There is more stupid waiting. - Fixed a few memory leaks in the repositories. - Improved the synchronization algorithm for a firewalled repository. - Removed the global signature for the profiles. - Improved memory usage in SockServerADMIN. - Improved memory usage in PKI_CSR. - If there is an error reading a certificate from the CA GUI, the faulty certificate is displayed. - Optimized SQL::FormatString and SQL::Value. - Fixed a bug where the new users would never show up in the ACL. - Now using SSL sessions cache, to improve performances. - Improved memory usage in the handling of the protocol, to avoid having a list of objects growing up and never being flushed if the repository is temporarly unavailable. - Greatly improved the use of Mutex in AsynchJobs. - When inserting a profile and the owner is a group, validating that the group exists. - Added the possibility to change a profile's LDAP UID. - Added the possibility to change a profile's Owner. - Added the possibility to change a profile's DN. - Added the possibility to delete a profile and all its associated certificates. - Upgraded to openssl 0.9.7d. - Encapsulated all the ASN1 structures used by NewPKI into classes, this will greatly improve the security of NewPKI, and help the code maintenance. - It's no more possible to send two times a request to a repository. - When an entity fails to load it's now displayed into the Server GUI, which will allow it to be removed if necessary. - It's now possible to load/unload an entity from the Server GUI. - Improved speed of PKI_CERT, datas are only loaded/parsed when they're needed. - Removed a deadlock in ReadersWriter. - Added an internalID to NewpkiRequest, this internalID is set by the requester, the repository verifies that it doesn't already know it, this avoids a requester to send two times the same request. - Rewrote the full synchronization algorithm for repositories, the old one wasn't adapted to a large number of data. - Added the possibility to view from the RA the end-user certificate as a PKCS#7. - Added the possibility to view the CA certificate as a PKCS#7. - Saving the inter-repository objects to DB, instead of using a memory list. - Added automatic database reconnection (Erik Anderson). - Added "-version" option. |
|
This article is from NewPKI http://www.newpki.org/ The URL for this story is: http://www.newpki.org/modules.php?op=modload&name=News&file=article&sid=24 |