Trustme 0.5.0:
Features
Added CA.create_child_ca() to allow for certificate chains
Added CA.private_key_pem to export CA private keys; this allows signing other certs with the same CA outside of trustme.
CAs now include the KeyUsage and ExtendedKeyUsage extensions configured for SSL certificates.
CA.issue_cert now accepts email addresses as a valid form of identity.
It’s now possible to set the “common name” of generated certs; see CA.issue_cert for details
CA.issue_server_cert has been renamed to CA.issue_cert, since it supports both server and client certs. To preserve backwards compatibility, the old name is retained as an undocumented alias.
Bugfixes
Make sure cert expiration dates don’t exceed 2038-01-01, to avoid issues on some 32-bit platforms that suffer from the Y2038 problem.
843cfe403b