0.101.5

• Path building complexity is now limited to a maximum budget of path finding operations, avoiding exponential processing time when encountering certificate chains containing many certificates with the same subject/issuer distinguished name but different subject public key information.
• Name constraints evaluation is now limited to a maximum number of comparison operations, avoiding exponential processing time when encountering certificate chains containing many name constraints and subject alternate names.
• Subject common names are no longer parsed for name iteration, or applying name constraints. Webpki only uses Subject Alternate Names when validating certificates, and the common name handling was buggy, producing Error::BadDer when iterating certificates with printable string subject common names, or omitted common names encoded as an empty sequence.

What's Changed

The following PRs were backported to the rel-0.101 branch in #170:

• Further limits on expensive path building (#163)
• Budget tweaks (#164)
• Bound name constraint comparisons (#165)
• Remove subject common name parsing (#169, thanks to @hawkw)
• Correct handling of fatal errors (#168)

Thanks to all who have contributed, on behalf of the rustls team (@ctz, @cpu and @djc)!