All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
Trustme 0.8.0 (2021-06-08)
Features
It’s now possible to set an expiry date on server certificates, either with --expires-on in the CLI or with not_after in trustme.CA.issue_cert.
Support Python 3.10
Set correct KeyUsage and ExtendedKeyUsage extensions, per CA/B Forum baseline requirements
Trustme 0.5.0:
Features
Added CA.create_child_ca() to allow for certificate chains
Added CA.private_key_pem to export CA private keys; this allows signing other certs with the same CA outside of trustme.
CAs now include the KeyUsage and ExtendedKeyUsage extensions configured for SSL certificates.
CA.issue_cert now accepts email addresses as a valid form of identity.
It’s now possible to set the “common name” of generated certs; see CA.issue_cert for details
CA.issue_server_cert has been renamed to CA.issue_cert, since it supports both server and client certs. To preserve backwards compatibility, the old name is retained as an undocumented alias.
Bugfixes
Make sure cert expiration dates don’t exceed 2038-01-01, to avoid issues on some 32-bit platforms that suffer from the Y2038 problem.
trustme is a tiny Python package that does one thing: it gives you a fake
certificate authority (CA) that you can use to generate fake TLS certs to use
in your tests. Well, technically they're real certs, they're just signed by
your CA, which nobody trusts. But you can trust it. Trust me.
