xca Activity
Brought to you by:
chris2511
Activity for xca
-
Ryan created ticket #123
Error when opening database from v1.3.4
-
Christian Hohnstaedt posted a comment on ticket #122
I cannot trigger the problem here. Can you provide a database without sensible data that shows the issue?
-
1.4.0 Cannot open DB
-
Jean-Marc created ticket #122
1.4.0 Cannot open DB
-
Harald Dunkel posted a comment on ticket #121
I am not sure if I got you correctly, but if the CA certificate says "the serial numbers must match", then this should be respected by xca on creating a certificate chain (IMHO).
-
Hi Harald, the current behavior of XCA is as described in my comment above. I think this behavior is the most sane. Associating a Certificate to its signing CA happens by the following indicators: CA:Subject == Cert:Issuer and CA:pubkey verifies Cert:signature. Neither the serial number nor the validity time is considered for the "Issuer CA -> Issued cert" relation. XCA does not distinguish why a certificate appears (Signing or import). So the following may happen: A CA certifcate exists and has...
-
Sorry, but I am confused about your response. I don't have a problem with incremental vs. random "serial numbers". Would you mind to elaborate how your changes will fix the GUI issue and how it makes sure the certificate chain includes the (renewed) CA certificate used to renew the client cert?
-
Exported private key from 4096 bit SSH key is wrong
-
Export -> File -> PEM Private exports a PKCS#1 key Export -> Clipboard -> PEM Private exports a PKCS#8 structure puttykeygen apparently can't handle the PKCS#8 structure.
-
configure.patch
-
My small configure has been replaced by the autotools configure bazooka since.
-
outdated :-)
-
patch to build with qt-4.2.1
-
replace path separators in export filenames
-
Integrated differently in xca 1.0.0 commit a1f350d80805aa59ffd037513153a2d7bd6d9b00 Author: Christian Hohnstaedt chohnstaedt@innominate.com Date: Wed Nov 20 08:05:26 2013 +0100 SF Bug #78 replace path separators in export filenames Thanks Andreas for the hint
-
Thales/nCipher nShield PKCS#11 integration - EC generate key CKR_TEMPLATE_INCONSISTENT error
-
Implemented differently for xca 1.4.0 commit 806312800de5ee893720df490a971e494dc984e0 Author: Christian Hohnstaedt chohnstaedt@innominate.com Date: Wed Dec 2 08:48:30 2015 +0100 Thales nCipher key generation changes for EC and DSA keys Developed and tested by Mak, Mcken <Mcken.Mak@thalesesec.com> Thanks!
-
Has long been integrated in xca 1.0.0 commit 4f7cd417320215c8ed3567536cbf2ca008946c38 Author: Oliver Winker oliver@oli1170.net Date: Tue Aug 12 19:08:05 2014 +0200 Fix for openssl 1.0.1i
-
Fixes for openssl 1.0.1i
-
Has long been integrated with xca 1.0.0 commit de7da9a1ed53b0ad866cf928d2017a74a4f09045 Author: Patrick MONNERAT monnerat@users.sf.net Date: Wed Oct 22 21:19:30 2014 +0200 Suppress icon file extension in desktop entry
-
Suppress icon file extension in desktop entry
-
It was an unused gimp XCF image. No functional impact. Will be removed with xca 1.4.1.
-
Revoked.png isn't a valid image
-
Subject Alternative Name box does not accept IPv4 or IPv6 addresses with a subnet declaration
-
Chapter 4.2.1.10. of RFC 5280 is about "CA Name Constraints". The subject alternative name only supports IP addresses.
-
xca silently ignores database items. should show warning in gui.
-
Version 2.0 will handle this better
-
Importing the attached certificate works with 1.3.2. I assume you already had a certificate signed by this CA installed. Which then means it is a duplicate of Bug #120: commit 22b441046aa4be986fc2543a18c87b1d2abdebdc Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Sun Jul 9 20:59:21 2017 +0200 SF: #120 Crash when importing CA certificate for certificates which already exist The QAbstractItemModel is simetimes called with column index -1 Catch those calls.
-
xca crashes on import of latest RapidSSL Root CA
-
Import of StartCom Intermidate Class 1 crashes
-
Duplicate of Bug #120 and fixed with xca 1.4.0: commit 22b441046aa4be986fc2543a18c87b1d2abdebdc Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Sun Jul 9 20:59:21 2017 +0200 SF: #120 Crash when importing CA certificate for certificates which already exist The QAbstractItemModel is simetimes called with column index -1 Catch those calls.
-
Crash while open 'open file dialog'
-
Please reopen if the issue occures again
-
Currently XCA does not support conncurrent access reliably. I will change the database format with version 2.0 to a SQL API. SQLite supports concurrent access. For multi user access over network mysql or postgres should be used then
-
Concurrent database access not supported
-
The serial number is only used to distinguish 2 ccertificates. It is common practice to simply use unique random numbers as serial. XCA will soon remove the increasing serials and always generate random serials. Currently the "CA options" allow to switch to random serials. If more than one possible issuer exist (Issuer name matches CA subject and public key verifies the signature, XCA selects the CA with the latest expiry date (validUntil). This allows smooth CA rollover. There is however one issue...
-
XCA 1.4.0 released
-
Export certificate index (index.txt)
-
Integrated into xca-1.4.0 as: commit 0d34bc1c1ce4bd52cd53ffeab24c14ace260db8c Author: Adam Dawidowski drake_ster@users.sf.net Date: Tue Sep 6 19:32:46 2016 +0200 Extend generating an OpenSSL "index.txt" Updated patch adds another export option automating the creation of multiple index.txt files to be used with multiple ocsp responders. New export option is available via command line (-I index.txt) and the Extras menu (Extra->Export Certificate Index hierarchy). The option causes the creation of an...
-
Change default to SHA256 for signature algorithm / Depricate SHA1
-
In xca 1.4.0 not only the default hash changed to SHA256, but also opening exisiting databases with SHA-1 default hash will issue a warning and propose changing the hash to something more secure. commit 13580262f696aee8bedc3d7b3a7ec4be925a4ddb Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Tue Oct 24 11:56:11 2017 +0200 Change default hash to SHA-256 commit cfc65af48a0404bd0e5f2729525ae720e92d59a9 Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Mon Nov 13 17:51:48 2017 +0100...
-
Merged into xca 1.4.0 as: commit 9a6f03b9160fb1ae18816fbeb5a11cbcffa2d2fb Author: Alon Bar-Lev alon.barlev@gmail.com Date: Fri Jun 3 23:58:01 2016 +0300 build: add --disable-doc to disable doc installation
-
[build] add --disable-doc
-
Merged into xca 1.4.0 as: commit 8fc3ea7a3a3af69d3c7403169c6b6f1d9b51f0e7 Author: Alon Bar-Lev alon.barlev@gmail.com Date: Fri Jun 3 23:15:29 2016 +0300 build: add --with-qt-version to force specific qt linkage Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
-
[build] add --with-qt-version
-
OpenSSL 1.1 support
-
Integrated and amended. Can't stress this too much: Thanks Patrick :-)
-
openssl-1.1 support
-
Fixed in xca 1.4.0 with commit b22d82a3f90586df10d80a6eb268905896ba39ca and many previous ones. Initial heavy work by Patrick Monnerat. Thank You !
-
Fixed in version 1.4.0 commit 4ef4c9ad8739c6503a9aecbaec2e8ecc907cf645 Author: Christian Hohnstaedt chohnstaedt@phoenixcontact.com Date: Mon Jul 10 09:12:37 2017 +0200 SF #116 db_x509.cpp:521: Mismatching allocation and deallocation: cert free(cert) -> delete cert
-
db_x509.cpp:521]: (error) Mismatching allocation and deallocation: cert
-
Crash when importing CA certificate, for certificates, which already exist
-
Fixed in 1.4.0 with commit 22b441046aa4be986fc2543a18c87b1d2abdebdc Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Sun Jul 9 20:59:21 2017 +0200 SF: #120 Crash when importing CA certificate for certificates which already exist The QAbstractItemModel is simetimes called with column index -1 Catch those calls.
-
Minor fixes
-
WIP
-
Improve transactions, fix CA template and CRLdays import
-
Open remote DB
-
Improve database opening
-
Fix indentation error
-
Translation: Also translate validity dates to the configured language
-
Extract app not needed anymore
-
Convert QByteArray.base64() to QString before writing it to the DB
-
Make use of C++ templates for more type-safety
-
WIP mysql
-
WIP Authority table - does not build
-
Tell the user if the SqLite driver is missing
-
Remove xca_db_stat application
-
Fix minor problems during db open and key import
-
Change private key encryption in the database to PKCS#8
-
WIP Connect
-
WIP
-
Implement nested transactions.
-
Several fixes for templates, key encryption etc.
-
No more increasing serials. Only random serials.
-
Add Source column, fix Revocation management
-
Replace printf by qDebug
-
Add "Legacy Database" as additional source
-
Rebase on master
-
Add token as item source, minor fixes
-
Settings are Sql
-
Translation: Re-translate the OID resolver in case of a language change
-
Allow to edit item properties
-
WIP
-
Fix bug in delition order
-
When signing a request note it in the request-comment
-
Avoid updateAfterCrlLoad
-
Improve usecounter performance
-
Add Views