CHANGES
=======

* Improved readme
* Adding bootstrap to docker container
* Corrected readme
* command of "tox -e docs" failed
* Updated from global requirements
* Typo fix: emited => emitted
* Enable DeprecationWarning in test environments
* Remove link to modindex
* Remove references to Python 3.4
* Updated from global requirements
* Make Anchor compatible with ldap3>=2.0.7
* Updated from global requirements
* Remove discover from test-requirements
* Updated from global requirements
* Anchor can now be installed and invoked as simply "anchor"
* Add __ne__ built-in function
* Remove white space between print and ()
* Fix syntax of a link in the README file
* Fix typo in the certificate_ops file
* Fixes jenkins failing on coverage report generation
* Fix some spelling mistakes
* Add Python 3.5 classifier and venv
* Fix typo in fixups.rst
* Allow custom domain labels
* Ignore bootstrap files
* Force a recent hash in examples
* Better messages for deprecated algos
* Revert "Modified config to bypass standards validation"
* Modified config to bypass standards validation
* Updated from global requirements

0.4.0
-----

* Add bandit to pep8 venv
* Fixed spelling error in certificate.py
* Updated from global requirements
* Fix test coverage on x509/certificate
* Fix typo in certificate.py

0.2.0
-----

* Use oslo_utils constant_time_compare
* Install sample configuration into etc/anchor
* Clean up validator lists
* Don't track autogenerated files
* Anchor is source-only, so build common py2/py3 wheel
* Remove bandit.yaml in favor of default config
* Clarify readme
* Add test for extension internals (set_value)
* Handle missing CA better
* Updated from global requirements
* Add the PKCS11-based signing backend
* Refactor the signing backends
* Make copy of the name
* Raise better error on file read problems
* Correct the bandit test dependency
* Add shiny new badges to anchor README
* Copy key identifier from the available CA
* Add a script for generating CMC requests on Windows
* Convert docs from md to rst
* Add support for CMC requests
* Don't fail on unknown name elements
* Make sure no "empty" extensions are created
* Use new version of x509/pkcs10 definitions
* New asn1 modules for CMC support
* Ignore the 'pep8.txt' file via .gitignore
* Adjust filename to include missing 'n' in backend
* Updated from global requirements
* Updated the Docker readme so that port 5016 is used for anchor
* Replaced the existing Dockerfiles. Tidied up Readme
* Update typo in README
* Replace assertEqual(None, *) with assertIsNone in tests
* Add documentation for audit
* Updated from global requirements
* Add more auth details to the audit message
* Add webob to requirements
* Add support for audit publishing
* Fix typo in comments
* More test coverage
* Enable branch coverage reporting
* Add better names validator and deprecate older one
* Removing the left over config option
* Add key size validator
* Remove bad ca_status validator. Always reject CA
* Add missing extensions to docs
* Remove coverage files after each run
* Fix old comment
* Use hex strings instead of messing with bits
* Use only one test request
* Add mising extensions tests
* Test whole signature module
* Add audit
* Remove debug logging and fix docstring
* Updated from global requirements
* Updated from global requirements
* Validate domain when adding to SAN extension
* Removing some dead code missed off from previous change
* Breaking out validation logic for re-use
* Move validators to separate modules
* Add documentation about supported extensions
* Don't accept unknown extensions
* Add EKU extension validator
* Remove useless tests
* Fix the path of build docs in .gitignore
* Add operations on extended key usage
* Add rfc based validators
* Add fixup enforcing SAN extension
* Fix all the doc build paths
* Fix LDAP auth
* Tests should use reserved example domains
* Created a dockerfile that runs Anchor
* Restore long serial number
* Add NameConstraints extension support
* Replace extension instead of adding duplicate
* Add fixups configuration / processing
* Ignore eggs dir in case setup was run directly
* Return CA for a given instance
* Made some changes to the README.md to better install
* Changes to allow sphinx to build correctly
* Remove old validator
* Changed readme so that example retrieves certificate
* Adding some additional high level content
* Added an installation step that allows Anchor to install
* Abstract / unify CN getter
* Load extensions for tests
* Remove outdated hashing algorithms
* Working config.json
* Add OID support to extensions validator
* Add documentation for validators
* Updated from global requirements
* Updated from global requirements
* Move all plugins to stevedore
* Allow configurable signing backends
* Implement new API format
* Move sample config for tests to one place
* Add signature check as a validator
* Abstract the signing / verification
* Integrate PyASN1 for certificate operations

0.1.0
-----

* Stop mixing IPs and domains
* Update package description to include py3
* Updated from global requirements
* Simplify the tests
* Add stub for Sphinx documentation
* Check for exception code and not type
* Fix Keystone Auth and Tests
* Activate pep8 check that _ is imported
* Finalise py34 compatibility
* Migrate to ldap3 module
* Make sure X509_NAME lives long enough
* Add tests for CA read failures
* Add test for robots file
* Remove unnecessary static auth code
* Add tests for higher coverage
* Update .gitreview file for project rename
* Add tests for utils
* Prevent DNS lookups in tests
* Use NIDs instead of strings
* Implement saving certificate in memory
* Bio mode needs to be passed as bytes
* Make bio operations work with str and bytes
* Use hex, not get_hex() in uuid
* Use range instead of xrange
* Use the right class for open file
* .warn() is deprecated
* Raise correct exception on missing attribute
* Update documentation
* Encode bytes properly in time conversion
* Use standard binascii
* Don't rely on set representation
* Use items() instead of iteritems() for validators
* Make name encoding explicit
* Add explicit decoding to asn1 data
* Force absolute imports rather than relative ones
* Handle omission of CN on CSR
* CA doesn't need to be read-only
* Fix notBefore/notAfter handling in non-UTC time
* Add blacklist validator
* Refactor the alternative name iteration code
* Ignore the coverage file
* Fix entry typo
* Fixed a typo in X509/certificate.py
* Adding more docs strings
* Validator chains now exit on the first error
* Updating config.json to be sha256
* Simplifying the validator config
* Adding Bandit gate test scaffolding
* Added tests to bring coverage up to 100% of validators
* Updating domain validator to pass if given an empty list
* Fixing anchors config path
* Bumpping cryptograpbhy version to match global requirements
* Improved validator logging output to help debugging
* Added validation for CA configuration
* Clean up nits in setup.cfg
* Adding more no-cover pragmas on OpenSSL error handling code
* Removes CA Certificte and CRL signing from the default config
* Added a check for the use of the default user/secret
* Adding more tests against X509 certificate code
* Fixes the "No handler for logger ..." message spam
* Adding functional testing
* Fixing several issues in Anchor startup
* Added tests for the CSR validation functions
* Adding more X509 name tests, now at 100% coverage
* Remove side effects on auth module import
* Cleanup and refactor csr_validate function from certificate_ops
* Fix mock in keystone tests for new config
* Changed config to use json not .py
* Adding tests for auth with Keystone Token
* Wrapping test data more cleanly
* Restore comments that fell out during a rebase
* Remove remaining ignores for flake8
* Make tox flake8 setup a little more strict
* Cleanup parse_csr code in certificate_ops module
* Tests for validate_csr in certificate_ops
* Adding more tests against X509 certificates
* Ensure constant time compare works on older Python
* Changed validator unit tests to use mock for network operations
* Tests for certificate_ops.parse_csr
* Fixed Tox Errors and added validation of domain unit tests
* Make static password checking closer to constant time
* Cleaning up code to pass tox checks
* Fixed a broken validation component and how it is evaluated
* Make certificate_ops use abort, not return values
* Adding check for domains not starting with a period
* Simplify auth code in POST /sign
* Refactor controller code to use RestController
* Allow tox to run without errors / failures
* Changed a misleading variable name in certificate_opts.py Changed misleading set name in config.py
* Added some initial tests of the validators
* Cleanup the test coverage for auth/__init__
* Add requests to requirements
* Add python-ldap to requirements
* Tox now also runs PEP8 on test code
* Test for auth/__init__ validate function
* Adding run_tests.sh following OpenStack Standards
* Change default config to validate only example.com
* Cleanup readme to offer more sane defaults
* accept subjectAltName 'IP Address'
* Adding more tests against the X509 CSR class
* Adding 'no cover' pragmas the stuff I can't test
* Fix missing import that PEP8 erroneously thinks is unused
* Disable py33 testing for now and reorder tests
* Adding tests against X509 name class
* Adding more tests against the X509 certificate class
* Adding tests for reading bad certificate or csr data
* Adding hash algoprithm info and more doc-strings
* Adding tests against the message digest class
* Adding some tests against X509 certificate handling code
* Adding test coverage reporting
* Adding the first tests against X509 CSRs
* Re-enabling more pep8 tests and bringing code inline
* Bringing Anchor project setup inline with OpenStack
* Fixing issued certificate version
* Making anchor use pyca/cryptography
* Improves documentation for test/dev configuration
* Adds check for M2Crypto get_extensions() support
* Added docstrings to auth files
* Tightening up Keystone auth response code handling
* Updated .gitreview file
* Typo
* Refactored for name change from 'Ephemeral CA' to 'Anchor'
* Add startup scripts and apparmor templates
* Handle missing/broken files gracefully
* Version 1.0.0
* Fix trailing commas
* Add uwsgi dependency for production deployment
* Make logging include PID for multi-process servers
* Add request logging and fix config
* Add validation for ip ranges
* Add source ip validation
* Remove the need for validator options
* Allow multiple validation steps
* Allow configuring the static user/pass
* Add some audit information
* Add tox configuration to check the sources
* Make auth backends optional, based on config
* Use example hostname, not hpcloud
* Flake8 fixes
* Handle CA opening errors
* Add Keystone auth backend
* Add .gitreview file
* Add logging for signing errors
* Update description: flask->pecan
* Relative imports
* Move port
* Move to pecan framework
* Allow SKI extension
* Don't crash on missing credentials
* Actually copy the extensions after validation
* Ignore the build directory
* Parametrised CA flags checking
* Config change to go with previous validators change
* Fix the no-extension case
* Add ignore the certificates
* Add a test CA generator
* Add flake8 rules for line length
* Add validation of extensions
* Remove unused import
* Move validators around
* Serial file config not needed anymore
* Fix the ldap filter
* Sort imports
* Switch cert serial to uuid
* Include config in source release
* Ignore the generated files
* Fix escaping
* Add README file
* Some function docstrings
* Cleanup pep8 warnings
* Cleanup imports
* Auth details as class
* Validate service group against ldap group
* Add simple validation
* Add missing exception class
* Configure ldap base
* Small refactoring
* Revert to simple python-ldap, authentication works
* LDAP auth support and flask internal config
* Add serial number handling
* Move CA stuff into a dir
* Initial version
