switch default subject format to RFC 4514

mathiasertl · Jul 2, 2024 · 0c4eff6 · 0c4eff6
1 parent 3b460da
commit 0c4eff6
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/ca/django_ca/management/base.py b/ca/django_ca/management/base.py
@@ -407,12 +407,11 @@ def add_subject_format_option(self, parser: ActionsContainer) -> None:
         parser.add_argument(
             "--subject-format",
             choices=("openssl", "rfc4514"),
-            default="openssl",
+            default="rfc4514",
             help='Format for parsing the subject. Use "openssl" (the default before django-ca 2.0) to pass '
             'slash-separated subjects (e.g. "/C=AT/O=Org/CN=example.com") and "rfc4514" to pass RFC 4514 '
-            'conforming strings (e.g. "C=AT,O=Org,CN=example.com"). The default is %(default)s, but will '
-            "switch to rfc4514 in django-ca 2.0. Support for openssl-style strings will be removed in "
-            "django-ca 2.2.",
+            'conforming strings (e.g. "C=AT,O=Org,CN=example.com"). The default is %(default)s, support for '
+            "openssl-style strings will be removed in django-ca 2.2.",
         )
 
     def parse_x509_name(self, value: str, name_format: SubjectFormats) -> x509.Name:

diff --git a/ca/django_ca/tests/commands/test_init_ca.py b/ca/django_ca/tests/commands/test_init_ca.py
@@ -1172,7 +1172,9 @@ def test_deprecated_subject_format(hostname: str, ca_name: str) -> None:
     stderr = io.StringIO()
 
     with assert_create_ca_signals():
-        out, err = cmd("init_ca", ca_name, f"/CN={hostname}", stdout=stdout, stderr=stderr)
+        out, err = cmd(
+            "init_ca", ca_name, f"/CN={hostname}", subject_format="openssl", stdout=stdout, stderr=stderr
+        )
     assert out == ""
     # message is too long, just make sure it's there:
     assert f"WARNING: /CN={hostname}: openssl-style format is deprecated" in err

diff --git a/docs/source/changelog/TBR_2.0.0.rst b/docs/source/changelog/TBR_2.0.0.rst
@@ -6,6 +6,8 @@
 Command-line utilities
 **********************
 
+* Subjects are now parsed in the RFC 4514 format by default. Subjects in the OpenSSL-style format are still
+  supported via the ``--subject-format=openssl` option, but support for it will be removed in 2.0.0.
 * Removed the ``convert_timestamps`` command (deprecated since 1.28.0).
 
 ************