- when using an NSS database, skip loading the module database (#743042)
- when using an NSS database, skip loading root certs
- generate SPKAC values when generating CSRs, though we don't do anything with SPKAC values yet
- internally maintain and use challenge passwords, if we have them
- behave better when certificates have shorter lifetimes
- add/recognize/handle notification type "none"
- getcert: error out when "list -c" finds no matching CA (#743488)
- getcert: error out when "list -i" finds no matching request (#743485)
- don't incorrectly assume that CERT_ImportCerts() returns a NULL-terminated array (#742348)
- getcert: distinguish between {stat() succeeds but isn't a directory} and {stat() failed} when printing an error message (#739903)
- getcert resubmit/start-tracking: when we're looking for an existing request by ID, and we don't find one, note that specifically (#741262)
- fix validation check on EKU OIDs in getcert (#691351)
- get session bus mode sorted
- add a list of recognized EKU values to the getcert-request man page
- be more careful about checking if we can read a PIN file successfully
before we even call an API that might need us to try (#688229)
- fix strict aliasing warnings
- fix some use-after-free bugs in the daemon (#689776)
- fix a copy/paste error in certmonger-ipa-submit(8)
- getcert now suppresses error details when not given its new -v option
(#683926, more of #681641/#652047)
- updated translations
- de, es, pl, ru, uk
- indonesian translation is now for "id" rather than "in"
- when canceling a submission request that's being handled by a helper,
reap the child process's status after killing it (#624120)
- update to 0.25
- new translations
- in by Okta Purnama Rahadian!
- fix detection of cases where we can't access a private key in an NSS
database because we don't have the PIN
- teach '*getcert start-tracking' about the -p and -P options which the
'*getcert request' commands already understand (#621670), and also
the -U, -K, -E, and -D flags
- double-check that the nicknames of keys we get back from
PK11_ListPrivKeysInSlot() match the desired nickname before accepting
them as matches, so that our tests won't all blow up on EL5
- fix dynamic addition and removal of CAs implemented through helpers
- init script: ensure that the subsys lock is created whenever we're called to
"start" when we're already running (even more of #596719)
- more gracefully handle manual daemon startups and cleaning up of unexpected
crashes (still more of #596719)
- don't create the daemon pidfile until after we've connected to the D-Bus
(still more of #596719)