Skip to content

0.12.0

Compare
Choose a tag to compare
@cpu cpu released this 06 Dec 15:24
· 261 commits to main since this release
v0.12.0

This release updates to Rustls 0.22, but does not yet expose support for customizing the cryptographic provider. This will be added in a future release, and 0.12.0 continues to use *ring* as the only cryptographic provider.

Added

  • RUSTLS_RESULT_CLIENT_CERT_VERIFIER_BUILDER_NO_ROOT_ANCHORS error code, returned when a client cert verifier is being built that hasn't provided any root trust anchors.
  • The server certificate verifier now supports CRL revocation checking through policy and CRLs provided to the server certificate verifier builder.
  • Client certificate verifier builder now supports controlling CRL revocation status check depth and unknown revocation policy.

Changed

  • The root certificate store constructor (rustls_root_cert_store_new) and the function to add PEM content (rustls_root_cert_store_add_pem) have been replaced with a new rustls_root_cert_store_builder type, constructed with rustls_root_cert_store_builder_new. PEM content can be added with rustls_root_cert_store_builder_add_pem and rustls_root_cert_store_builder_load_roots_from_file.
  • The client verifier builders (rustls_allow_any_anonymous_or_authenticated_client_builder, and rustls_allow_any_authenticated_client_builder) as well as the client verifier types (rustls_allow_any_anonymous_or_authenticated_client_verifier, rustls_allow_any_authenticated_client_verifier) have been replaced with rustls_web_pki_client_cert_verifier_builder and rustls_client_cert_verifier.
  • The server config client verifier setters (rustls_server_config_builder_set_client_verifier and rustls_server_config_builder_set_client_verifier_optional) have been replaced with rustls_server_config_builder_set_client_verifier.
  • The client config builder functions for specifying root trust anchors (rustls_client_config_builder_use_roots and rustls_client_config_builder_load_roots_from_file) have been replaced with a server certificate verifier builder (rustls_web_pki_server_cert_verifier_builder) constructed with rustls_web_pki_server_cert_verifier_builder_new and a rustls_root_cert_store. The built rustls_web_pki_server_cert_verifier can be provided to a client config builder with
    rustls_client_config_builder_set_server_verifier.
  • CRL validation defaults to checking the full certificate chain, and treating unknown revocation status as an error condition.

Removed

  • RUSTLS_RESULT_CERT_SCT_* error codes have been removed.

What's Changed

  • cipher: fix unneeded return statements. by @cpu in #339
  • tests: improve readability of output by @jsha in #337
  • Nightly clippy fixes. by @cpu in #340
  • Shrink unsafe block by @cactter in #271
  • Attempt to fix occasional CI client/server test flakes. by @cpu in #343
  • build(deps): bump actions/checkout from 3 to 4 by @dependabot in #344
  • Commit Cargo.lock to repository by @kpcyrd in #346
  • small test and documentation fixes by @cpu in #347
  • Rewrite Python test helpers in Rust by @cpu in #348
  • build(deps): bump libc from 0.2.148 to 0.2.149 by @dependabot in #351
  • rework CastPtr, CastConstPtr, BoxCastPtr, ArcCastPtr by @cpu in #353
  • docs: various small fixes to the README documentation by @cpu in #355
  • fix build: pin a specific nightly by @jsha in #361
  • Use rustls 0.21.9, revert nightly pin, update version to 0.11.1 by @cpu in #362
  • lib: add try_take! macro, handling AlreadyUsed Options by @cpu in #360
  • rename to_arc to clone_arc by @jsha in #363
  • doc: document handling of dynamically sized types by @jsha in #364
  • track upstream Rustls 0.22.x alpha changes. by @cpu in #341
  • Document helper macros by @jsha in #365
  • track rustls alpha.6 by @cpu in #368
  • v0.12.0: update to rustls 0.22, address breaking changes by @cpu in #371
  • docs: update changelog by @cpu in #372

New Contributors

Full Changelog: v0.11.0...v/0.12.0