[cargo.git] / vendor / openssl / CHANGELOG.md

# Change Log

## [Unreleased]

## [v0.10.23]

### Fixed

* Fixed session callbacks when an `Ssl`'s context is replaced.

### Added

* Added `SslContextBuilder::add_client_ca`.

## [v0.10.22]

### Added

* Added support for the LibreSSL 2.9.x series.

## [v0.10.21] - 2019-04-30

### Fixed

* Fixed overly conservatifve buffer size checks in `Crypter` when using stream ciphers.

### Added

* Added bindings to envelope encryption APIs.
* Added `PkeyRef::size`.

## [v0.10.20] - 2019-03-20

### Added

* Added `CmsContentInfo::from_der` and `CmsContentInfo::encrypt`.
* Added `X509Ref::verify` and `X509ReqRef::verify`.
* Implemented `PartialEq` and `Eq` for `MessageDigest`.
* Added `MessageDigest::type_` and `EcGroupRef::curve_name`.

## [v0.10.19] - 2019-03-01

### Added

* The openssl-sys build script now logs the values of environment variables.
* Added `ERR_PACK` to openssl-sys.
* The `ERR_*` functions in openssl-sys are const functions when building against newer Rust versions.
* Implemented `Clone` for `Dsa`.
* Added `SslContextRef::add_session` and `SslContextRef::remove_session`.
* Added `SslSessionRef::time`, `SslSessionRef::timeout`, and `SslSessionRef::protocol_version`.
* Added `SslContextBuilder::set_session_cache_size` and `SslContextRef::session_cache_size`.

## [v0.10.18] - 2019-02-22

### Fixed

* Fixed the return type of `ssl::cipher_name`.

## [v0.10.17] - 2019-02-22

### Added

* Implemented `AsRef<str>` and `AsRef<[u8]>` for `OpenSslString`.
* Added `Asn1Integer::from_bn`.
* Added `RsaRef::check_key`.
* Added `Asn1Time::from_str` and `Asn1Time::from_str_x509`.
* Added `Rsa::generate_with_e`.
* Added `Cipher::des_ede3_cfb64`.
* Added `SslCipherRef::standard_name` and `ssl::cipher_name`.

## [v0.10.16] - 2018-12-16

### Added

* Added SHA3 and SHAKE to `MessageDigest`.
* Added `rand::keep_random_devices_open`.
* Added support for LibreSSL 2.9.0.

## [v0.10.15] - 2018-10-22

### Added

* Implemented `DoubleEndedIterator` for stack iterators.

## [v0.10.14] - 2018-10-18

### Fixed

* Made some accidentally exposed internal functions private.

### Added

* Added support for LibreSSL 2.8.

### Changed

* The OpenSSL version used with the `vendored` feature has been upgraded from 1.1.0 to 1.1.1.

## [v0.10.13] - 2018-10-14

### Fixed

* Fixed a double-free in the `SslContextBuilder::set_get_session_callback` API.

### Added

* Added `SslContextBuilder::set_client_hello_callback`.
* Added support for LibreSSL 2.8.1.
* Added `EcdsaSig::from_der` and `EcdsaSig::to_der`.
* Added PKCS#7 support.

## [v0.10.12] - 2018-09-13

### Fixed

* Fixed handling of SNI callbacks during renegotiation.

### Added

* Added `SslRef::get_shutdown` and `SslRef::set_shutdown`.
* Added support for SRTP in DTLS sessions.
* Added support for LibreSSL 2.8.0.

## [v0.10.11] - 2018-08-04

### Added

* The new `vendored` cargo feature will cause openssl-sys to compile and statically link to a
    vendored copy of OpenSSL.
* Added `SslContextBuilder::set_psk_server_callback`.
* Added `DsaRef::pub_key` and `DsaRef::priv_key`.
* Added `Dsa::from_private_components` and `Dsa::from_public_components`.
* Added `X509NameRef::entries`.

### Deprecated

* `SslContextBuilder::set_psk_callback` has been renamed to
    `SslContextBuilder::set_psk_client_callback` and deprecated.

## [v0.10.10] - 2018-06-06

### Added

* Added `SslRef::set_alpn_protos`.
* Added `SslContextBuilder::set_ciphersuites`.

## [v0.10.9] - 2018-06-01

### Fixed

* Fixed a use-after-free in `CmsContentInfo::sign`.
* `SslRef::servername` now returns `None` rather than panicking on a non-UTF8 name.

### Added

* Added `MessageDigest::from_nid`.
* Added `Nid::signature_algorithms`, `Nid::long_name`, and `Nid::short_name`.
* Added early data and early keying material export support for TLS 1.3.
* Added `SslRef::verified_chain`.
* Added `SslRef::servername_raw` which returns a `&[u8]` rather than `&str`.
* Added `SslRef::finished` and `SslRef::peer_finished`.
* Added `X509Ref::digest` to replace `X509Ref::fingerprint`.
* `X509StoreBuilder` and `X509Store` now implement `Sync` and `Send`.

### Deprecated

* `X509Ref::fingerprint` has been deprecated in favor of `X509Ref::digest`.

## [v0.10.8] - 2018-05-20

### Fixed

* `openssl-sys` will now detect Homebrew-installed OpenSSL when installed to a non-default
    directory.
* The `X509_V_ERR_INVALID_CALL`, `X509_V_ERR_STORE_LOOKUP`, and
    `X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION` constants in `openssl-sys` are now only present when
    building against 1.1.0g and up rather than 1.1.0.
* `SslContextBuilder::max_proto_version` and `SslContextBuilder::min_proto_version` are only present
    when building against 1.1.0g and up rather than 1.1.0.

### Added

* Added `CmsContentInfo::sign`.
* Added `Clone` and `ToOwned` implementations to `Rsa` and `RsaRef` respectively.
* The `min_proto_version` and `max_proto_version` methods are available when linking against
    LibreSSL 2.6.1 and up in addition to OpenSSL.
* `X509VerifyParam` is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
* ALPN support is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
* `Stack` and `StackRef` are now `Sync` and `Send`.

## [v0.10.7] - 2018-04-30

### Added

* Added `X509Req::public_key` and `X509Req::extensions`.
* Added `RsaPrivateKeyBuilder` to allow control over initialization of optional components of an RSA
    private key.
* Added DER encode/decode support to `SslSession`.
* openssl-sys now provides the `DEP_OPENSSL_VERSION_NUMBER` and
    `DEP_OPENSSL_LIBRESSL_VERSION_NUMBER` environment variables to downstream build scripts which
    contains the hex-encoded version number of the OpenSSL or LibreSSL distribution being built
    against. The other variables are deprecated.

## [v0.10.6] - 2018-03-05

### Added

* Added `SslOptions::ENABLE_MIDDLEBOX_COMPAT`.
* Added more `Sync` and `Send` implementations.
* Added `PKeyRef::id`.
* Added `Padding::PKCS1_PSS`.
* Added `Signer::set_rsa_pss_saltlen`, `Signer::set_rsa_mgf1_md`, `Signer::set_rsa_pss_saltlen`, and
    `Signer::set_rsa_mgf1_md`
* Added `X509StoreContextRef::verify` to directly verify certificates.
* Added low level ECDSA support.
* Added support for TLSv1.3 custom extensions. (OpenSSL 1.1.1 only)
* Added AES-CCM support.
* Added `EcKey::from_private_components`.
* Added CMAC support.
* Added support for LibreSSL 2.7.
* Added `X509Ref::serial_number`.
* Added `Asn1IntegerRef::to_bn`.
* Added support for TLSv1.3 stateless handshakes. (OpenSSL 1.1.1 only)

### Changed

* The Cargo features previously used to gate access to version-specific OpenSSL APIs have been
    removed. Those APIs will be available automatically when building against an appropriate OpenSSL
    version.
* Fixed `PKey::private_key_from_der` to return a `PKey<Private>` rather than a `PKey<Public>`. This
    is technically a breaking change but the function was pretty useless previously.

### Deprecated

* `X509CheckFlags::FLAG_NO_WILDCARDS` has been renamed to `X509CheckFlags::NO_WILDCARDS` and the old
    name deprecated.

## [v0.10.5] - 2018-02-28

### Fixed

* `ErrorStack`'s `Display` implementation no longer writes an empty string if it contains no errors.

### Added

* Added `SslRef::version2`.
* Added `Cipher::des_ede3_cbc`.
* Added `SslRef::export_keying_material`.
* Added the ability to push an `Error` or `ErrorStack` back onto OpenSSL's error stack. Various
    callback bindings use this to propagate errors properly.
* Added `SslContextBuilder::set_cookie_generate_cb` and `SslContextBuilder::set_cookie_verify_cb`.
* Added `SslContextBuilder::set_max_proto_version`, `SslContextBuilder::set_min_proto_version`,
    `SslContextBuilder::max_proto_version`, and `SslContextBuilder::min_proto_version`.

### Changed

* Updated `SslConnector`'s default cipher list to match Python's.

### Deprecated

* `SslRef::version` has been deprecated. Use `SslRef::version_str` instead.

## [v0.10.4] - 2018-02-18

### Added

* Added OpenSSL 1.1.1 support.
* Added `Rsa::public_key_from_pem_pkcs1`.
* Added `SslOptions::NO_TLSV1_3`. (OpenSSL 1.1.1 only)
* Added `SslVersion`.
* Added `SslSessionCacheMode` and `SslContextBuilder::set_session_cache_mode`.
* Added `SslContextBuilder::set_new_session_callback`,
    `SslContextBuilder::set_remove_session_callback`, and
    `SslContextBuilder::set_get_session_callback`.
* Added `SslContextBuilder::set_keylog_callback`. (OpenSSL 1.1.1 only)
* Added `SslRef::client_random` and `SslRef::server_random`. (OpenSSL 1.1.0+ only)

### Fixed

* The `SslAcceptorBuilder::mozilla_modern` constructor now disables TLSv1.0 and TLSv1.1 in
    accordance with Mozilla's recommendations.

## [v0.10.3] - 2018-02-12

### Added

* OpenSSL is now automatically detected on FreeBSD systems.
* Added `GeneralName` accessors for `rfc822Name` and `uri` variants.
* Added DES-EDE3 support.

### Fixed

* Fixed a memory leak in `X509StoreBuilder::add_cert`.

## [v0.10.2] - 2018-01-11

### Added

* Added `ConnectConfiguration::set_use_server_name_indication` and
    `ConnectConfiguration::set_verify_hostname` for use in contexts where you don't have ownership
    of the `ConnectConfiguration`.

## [v0.10.1] - 2018-01-10

### Added

* Added a `From<ErrorStack> for ssl::Error` implementation.

## [v0.10.0] - 2018-01-10

### Compatibility

* openssl 0.10 still uses openssl-sys 0.9, so openssl 0.9 and 0.10 can coexist without issue.

### Added

* The `ssl::select_next_proto` function can be used to easily implement the ALPN selection callback
    in a "standard" way.
* FIPS mode support is available in the `fips` module.
* Accessors for the Issuer and Issuer Alternative Name fields of X509 certificates have been added.
* The `X509VerifyResult` can now be set in the certificate verification callback via
    `X509StoreContextRef::set_error`.

### Changed

* All constants have been moved to associated constants of their type. For example, `bn::MSB_ONE`
    is now `bn::MsbOption::ONE`.
* Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is
    used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume
    that certain components are present and will segfault trying to use things that aren't there.

    The `pkey` module contains new tag types named `Params`, `Public`, and `Private`, and the
    `Dh`, `Dsa`, `EcKey`, `Rsa`, and `PKey` have a type parameter set to one of those values. This
    allows the `Signer` constructor to indicate that it requires a private key at compile time for
    example. Previously, `Signer` would simply segfault if provided a key without private
    components.
* ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single
    method used for both the server and client sides which performed everything automatically, the
    `SslContextBuilder::set_alpn_protos` and `SslContextBuilder::set_alpn_select_callback` handle
    the client and server sides respectively.
* `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication`
    has been removed in favor of new methods which provide more control. The
    `ConnectConfiguration::use_server_name_indication` method controls the use of Server Name
    Indication (SNI), and the `ConnectConfiguration::verify_hostname` method controls the use of
    hostname verification. These can be controlled independently, and if both are disabled, the
    domain argument to `ConnectConfiguration::connect` is ignored.
* Shared secret derivation is now handled by the new `derive::Deriver` type rather than
    `pkey::PKeyContext`, which has been removed.
* `ssl::Error` is now no longer an enum, and provides more direct access to the relevant state.
* `SslConnectorBuilder::new` has been moved and renamed to `SslConnector::builder`.
* `SslAcceptorBuilder::mozilla_intermediate` and `SslAcceptorBuilder::mozilla_modern` have been
    moved to `SslAcceptor` and no longer take the private key and certificate chain. Install those
    manually after creating the builder.
* `X509VerifyError` is now `X509VerifyResult` and can now have the "ok" value in addition to error
    values.
* `x509::X509FileType` is now `ssl::SslFiletype`.
* Asymmetric key serialization and deserialization methods now document the formats that they
    correspond to, and some have been renamed to better indicate that.

### Removed

* All deprecated APIs have been removed.
* NPN support has been removed. It has been supersceded by ALPN, and is hopefully no longer being
    used in practice. If you still depend on it, please file an issue!
* `SslRef::compression` has been removed.
* Some `ssl::SslOptions` flags have been removed as they no longer do anything.

## Older

Look at the [release tags] for information about older releases.

[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.23...master
[v0.10.23]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23
[v0.10.22]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22
[v0.10.21]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21
[v0.10.20]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20
[v0.10.19]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19
[v0.10.18]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18
[v0.10.17]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17
[v0.10.16]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16
[v0.10.15]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15
[v0.10.14]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14
[v0.10.13]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13
[v0.10.12]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12
[v0.10.11]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11
[v0.10.10]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10
[v0.10.9]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9
[v0.10.8]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8
[v0.10.7]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7
[v0.10.6]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6
[v0.10.5]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5
[v0.10.4]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4
[v0.10.3]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3
[v0.10.2]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2
[v0.10.1]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1
[v0.10.0]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...openssl-v0.10.0
[release tags]: https://github.com/sfackler/rust-openssl/releases
Commit	Line	Data
22758248 XL	1	# Change Log
	2
	3	## [Unreleased]
	4
	5	## [v0.10.23]
	6
	7	### Fixed
	8
	9	* Fixed session callbacks when an `Ssl`'s context is replaced.
	10
	11	### Added
	12
	13	* Added `SslContextBuilder::add_client_ca`.
	14
	15	## [v0.10.22]
	16
	17	### Added
	18
	19	* Added support for the LibreSSL 2.9.x series.
	20
	21	## [v0.10.21] - 2019-04-30
	22
	23	### Fixed
	24
	25	* Fixed overly conservatifve buffer size checks in `Crypter` when using stream ciphers.
	26
	27	### Added
	28
	29	* Added bindings to envelope encryption APIs.
	30	* Added `PkeyRef::size`.
	31
	32	## [v0.10.20] - 2019-03-20
	33
	34	### Added
	35
	36	* Added `CmsContentInfo::from_der` and `CmsContentInfo::encrypt`.
	37	* Added `X509Ref::verify` and `X509ReqRef::verify`.
	38	* Implemented `PartialEq` and `Eq` for `MessageDigest`.
	39	* Added `MessageDigest::type_` and `EcGroupRef::curve_name`.
	40
	41	## [v0.10.19] - 2019-03-01
	42
	43	### Added
	44
	45	* The openssl-sys build script now logs the values of environment variables.
	46	* Added `ERR_PACK` to openssl-sys.
	47	* The `ERR_*` functions in openssl-sys are const functions when building against newer Rust versions.
	48	* Implemented `Clone` for `Dsa`.
	49	* Added `SslContextRef::add_session` and `SslContextRef::remove_session`.
	50	* Added `SslSessionRef::time`, `SslSessionRef::timeout`, and `SslSessionRef::protocol_version`.
	51	* Added `SslContextBuilder::set_session_cache_size` and `SslContextRef::session_cache_size`.
	52
	53	## [v0.10.18] - 2019-02-22
	54
	55	### Fixed
	56
	57	* Fixed the return type of `ssl::cipher_name`.
	58
	59	## [v0.10.17] - 2019-02-22
	60
	61	### Added
	62
	63	* Implemented `AsRef<str>` and `AsRef<[u8]>` for `OpenSslString`.
	64	* Added `Asn1Integer::from_bn`.
65	* Added `RsaRef::check_key`.
66	* Added `Asn1Time::from_str` and `Asn1Time::from_str_x509`.
67	* Added `Rsa::generate_with_e`.
68	* Added `Cipher::des_ede3_cfb64`.
69	* Added `SslCipherRef::standard_name` and `ssl::cipher_name`.
70
71	## [v0.10.16] - 2018-12-16
72
73	### Added
74
75	* Added SHA3 and SHAKE to `MessageDigest`.
76	* Added `rand::keep_random_devices_open`.
77	* Added support for LibreSSL 2.9.0.
78
79	## [v0.10.15] - 2018-10-22
80
81	### Added
82
83	* Implemented `DoubleEndedIterator` for stack iterators.
84
85	## [v0.10.14] - 2018-10-18
86
87	### Fixed
88
89	* Made some accidentally exposed internal functions private.
90
91	### Added
92
93	* Added support for LibreSSL 2.8.
94
95	### Changed
96
97	* The OpenSSL version used with the `vendored` feature has been upgraded from 1.1.0 to 1.1.1.
98
99	## [v0.10.13] - 2018-10-14
100
101	### Fixed
102
103	* Fixed a double-free in the `SslContextBuilder::set_get_session_callback` API.
104
105	### Added
106
107	* Added `SslContextBuilder::set_client_hello_callback`.
108	* Added support for LibreSSL 2.8.1.
109	* Added `EcdsaSig::from_der` and `EcdsaSig::to_der`.
110	* Added PKCS#7 support.
111
112	## [v0.10.12] - 2018-09-13
113
114	### Fixed
115
116	* Fixed handling of SNI callbacks during renegotiation.
117
118	### Added
119
120	* Added `SslRef::get_shutdown` and `SslRef::set_shutdown`.
121	* Added support for SRTP in DTLS sessions.
122	* Added support for LibreSSL 2.8.0.
123
124	## [v0.10.11] - 2018-08-04
125
126	### Added
127
128	* The new `vendored` cargo feature will cause openssl-sys to compile and statically link to a
129	vendored copy of OpenSSL.
130	* Added `SslContextBuilder::set_psk_server_callback`.
131	* Added `DsaRef::pub_key` and `DsaRef::priv_key`.
132	* Added `Dsa::from_private_components` and `Dsa::from_public_components`.
133	* Added `X509NameRef::entries`.
134
135	### Deprecated
136
137	* `SslContextBuilder::set_psk_callback` has been renamed to
138	`SslContextBuilder::set_psk_client_callback` and deprecated.
139
140	## [v0.10.10] - 2018-06-06
141
142	### Added
143
144	* Added `SslRef::set_alpn_protos`.
145	* Added `SslContextBuilder::set_ciphersuites`.
146
147	## [v0.10.9] - 2018-06-01
148
149	### Fixed
150
151	* Fixed a use-after-free in `CmsContentInfo::sign`.
152	* `SslRef::servername` now returns `None` rather than panicking on a non-UTF8 name.
153
154	### Added
155
156	* Added `MessageDigest::from_nid`.
157	* Added `Nid::signature_algorithms`, `Nid::long_name`, and `Nid::short_name`.
158	* Added early data and early keying material export support for TLS 1.3.
159	* Added `SslRef::verified_chain`.
160	* Added `SslRef::servername_raw` which returns a `&[u8]` rather than `&str`.
161	* Added `SslRef::finished` and `SslRef::peer_finished`.
162	* Added `X509Ref::digest` to replace `X509Ref::fingerprint`.
163	* `X509StoreBuilder` and `X509Store` now implement `Sync` and `Send`.
164
165	### Deprecated
166
167	* `X509Ref::fingerprint` has been deprecated in favor of `X509Ref::digest`.
168
169	## [v0.10.8] - 2018-05-20
170
171	### Fixed
172
173	* `openssl-sys` will now detect Homebrew-installed OpenSSL when installed to a non-default
174	directory.
175	* The `X509_V_ERR_INVALID_CALL`, `X509_V_ERR_STORE_LOOKUP`, and
176	`X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION` constants in `openssl-sys` are now only present when
177	building against 1.1.0g and up rather than 1.1.0.
178	* `SslContextBuilder::max_proto_version` and `SslContextBuilder::min_proto_version` are only present
179	when building against 1.1.0g and up rather than 1.1.0.
180
181	### Added
182
183	* Added `CmsContentInfo::sign`.
184	* Added `Clone` and `ToOwned` implementations to `Rsa` and `RsaRef` respectively.
185	* The `min_proto_version` and `max_proto_version` methods are available when linking against
186	LibreSSL 2.6.1 and up in addition to OpenSSL.
187	* `X509VerifyParam` is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
188	* ALPN support is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
189	* `Stack` and `StackRef` are now `Sync` and `Send`.
190
191	## [v0.10.7] - 2018-04-30
192
193	### Added
194
195	* Added `X509Req::public_key` and `X509Req::extensions`.
196	* Added `RsaPrivateKeyBuilder` to allow control over initialization of optional components of an RSA
197	private key.
198	* Added DER encode/decode support to `SslSession`.
199	* openssl-sys now provides the `DEP_OPENSSL_VERSION_NUMBER` and
200	`DEP_OPENSSL_LIBRESSL_VERSION_NUMBER` environment variables to downstream build scripts which
201	contains the hex-encoded version number of the OpenSSL or LibreSSL distribution being built
202	against. The other variables are deprecated.
203
204	## [v0.10.6] - 2018-03-05
205
206	### Added
207
208	* Added `SslOptions::ENABLE_MIDDLEBOX_COMPAT`.
209	* Added more `Sync` and `Send` implementations.
210	* Added `PKeyRef::id`.
211	* Added `Padding::PKCS1_PSS`.
212	* Added `Signer::set_rsa_pss_saltlen`, `Signer::set_rsa_mgf1_md`, `Signer::set_rsa_pss_saltlen`, and
213	`Signer::set_rsa_mgf1_md`
214	* Added `X509StoreContextRef::verify` to directly verify certificates.
215	* Added low level ECDSA support.
216	* Added support for TLSv1.3 custom extensions. (OpenSSL 1.1.1 only)
217	* Added AES-CCM support.
218	* Added `EcKey::from_private_components`.
219	* Added CMAC support.
220	* Added support for LibreSSL 2.7.
221	* Added `X509Ref::serial_number`.
222	* Added `Asn1IntegerRef::to_bn`.
223	* Added support for TLSv1.3 stateless handshakes. (OpenSSL 1.1.1 only)
224
225	### Changed
226
227	* The Cargo features previously used to gate access to version-specific OpenSSL APIs have been
228	removed. Those APIs will be available automatically when building against an appropriate OpenSSL
229	version.
230	* Fixed `PKey::private_key_from_der` to return a `PKey<Private>` rather than a `PKey<Public>`. This
231	is technically a breaking change but the function was pretty useless previously.
232
233	### Deprecated
234
235	* `X509CheckFlags::FLAG_NO_WILDCARDS` has been renamed to `X509CheckFlags::NO_WILDCARDS` and the old
236	name deprecated.
237
238	## [v0.10.5] - 2018-02-28
239
240	### Fixed
241
242	* `ErrorStack`'s `Display` implementation no longer writes an empty string if it contains no errors.
243
244	### Added
245
246	* Added `SslRef::version2`.
247	* Added `Cipher::des_ede3_cbc`.
248	* Added `SslRef::export_keying_material`.
249	* Added the ability to push an `Error` or `ErrorStack` back onto OpenSSL's error stack. Various
250	callback bindings use this to propagate errors properly.
251	* Added `SslContextBuilder::set_cookie_generate_cb` and `SslContextBuilder::set_cookie_verify_cb`.
252	* Added `SslContextBuilder::set_max_proto_version`, `SslContextBuilder::set_min_proto_version`,
253	`SslContextBuilder::max_proto_version`, and `SslContextBuilder::min_proto_version`.
254
255	### Changed
256
257	* Updated `SslConnector`'s default cipher list to match Python's.
258
259	### Deprecated
260
261	* `SslRef::version` has been deprecated. Use `SslRef::version_str` instead.
262
263	## [v0.10.4] - 2018-02-18
264
265	### Added
266
267	* Added OpenSSL 1.1.1 support.
268	* Added `Rsa::public_key_from_pem_pkcs1`.
269	* Added `SslOptions::NO_TLSV1_3`. (OpenSSL 1.1.1 only)
270	* Added `SslVersion`.
271	* Added `SslSessionCacheMode` and `SslContextBuilder::set_session_cache_mode`.
272	* Added `SslContextBuilder::set_new_session_callback`,
273	`SslContextBuilder::set_remove_session_callback`, and
274	`SslContextBuilder::set_get_session_callback`.
275	* Added `SslContextBuilder::set_keylog_callback`. (OpenSSL 1.1.1 only)
276	* Added `SslRef::client_random` and `SslRef::server_random`. (OpenSSL 1.1.0+ only)
277
278	### Fixed
279
280	* The `SslAcceptorBuilder::mozilla_modern` constructor now disables TLSv1.0 and TLSv1.1 in
281	accordance with Mozilla's recommendations.
282
283	## [v0.10.3] - 2018-02-12
284
285	### Added
286
287	* OpenSSL is now automatically detected on FreeBSD systems.
288	* Added `GeneralName` accessors for `rfc822Name` and `uri` variants.
289	* Added DES-EDE3 support.
290
291	### Fixed
292
293	* Fixed a memory leak in `X509StoreBuilder::add_cert`.
294
295	## [v0.10.2] - 2018-01-11
296
297	### Added
298
299	* Added `ConnectConfiguration::set_use_server_name_indication` and
300	`ConnectConfiguration::set_verify_hostname` for use in contexts where you don't have ownership
301	of the `ConnectConfiguration`.
302
303	## [v0.10.1] - 2018-01-10
304
305	### Added
306
307	* Added a `From<ErrorStack> for ssl::Error` implementation.
308
309	## [v0.10.0] - 2018-01-10
310
311	### Compatibility
312
313	* openssl 0.10 still uses openssl-sys 0.9, so openssl 0.9 and 0.10 can coexist without issue.
314
315	### Added
316
317	* The `ssl::select_next_proto` function can be used to easily implement the ALPN selection callback
318	in a "standard" way.
319	* FIPS mode support is available in the `fips` module.
320	* Accessors for the Issuer and Issuer Alternative Name fields of X509 certificates have been added.
321	* The `X509VerifyResult` can now be set in the certificate verification callback via
322	`X509StoreContextRef::set_error`.
323
324	### Changed
325
326	* All constants have been moved to associated constants of their type. For example, `bn::MSB_ONE`
327	is now `bn::MsbOption::ONE`.
328	* Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is
329	used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume
330	that certain components are present and will segfault trying to use things that aren't there.
331
332	The `pkey` module contains new tag types named `Params`, `Public`, and `Private`, and the
333	`Dh`, `Dsa`, `EcKey`, `Rsa`, and `PKey` have a type parameter set to one of those values. This
334	allows the `Signer` constructor to indicate that it requires a private key at compile time for
335	example. Previously, `Signer` would simply segfault if provided a key without private
336	components.
337	* ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single
338	method used for both the server and client sides which performed everything automatically, the
339	`SslContextBuilder::set_alpn_protos` and `SslContextBuilder::set_alpn_select_callback` handle
340	the client and server sides respectively.
341	* `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication`
342	has been removed in favor of new methods which provide more control. The
343	`ConnectConfiguration::use_server_name_indication` method controls the use of Server Name
344	Indication (SNI), and the `ConnectConfiguration::verify_hostname` method controls the use of
345	hostname verification. These can be controlled independently, and if both are disabled, the
346	domain argument to `ConnectConfiguration::connect` is ignored.
347	* Shared secret derivation is now handled by the new `derive::Deriver` type rather than
348	`pkey::PKeyContext`, which has been removed.
349	* `ssl::Error` is now no longer an enum, and provides more direct access to the relevant state.
350	* `SslConnectorBuilder::new` has been moved and renamed to `SslConnector::builder`.
351	* `SslAcceptorBuilder::mozilla_intermediate` and `SslAcceptorBuilder::mozilla_modern` have been
352	moved to `SslAcceptor` and no longer take the private key and certificate chain. Install those
353	manually after creating the builder.
354	* `X509VerifyError` is now `X509VerifyResult` and can now have the "ok" value in addition to error
355	values.
356	* `x509::X509FileType` is now `ssl::SslFiletype`.
357	* Asymmetric key serialization and deserialization methods now document the formats that they
358	correspond to, and some have been renamed to better indicate that.
359
360	### Removed
361
362	* All deprecated APIs have been removed.
363	* NPN support has been removed. It has been supersceded by ALPN, and is hopefully no longer being
364	used in practice. If you still depend on it, please file an issue!
365	* `SslRef::compression` has been removed.
366	* Some `ssl::SslOptions` flags have been removed as they no longer do anything.
367
368	## Older
369
370	Look at the [release tags] for information about older releases.
371
372	[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.23...master
373	[v0.10.23]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23
374	[v0.10.22]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22
375	[v0.10.21]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21
376	[v0.10.20]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20
377	[v0.10.19]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19
378	[v0.10.18]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18
379	[v0.10.17]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17
380	[v0.10.16]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16
381	[v0.10.15]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15
382	[v0.10.14]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14
383	[v0.10.13]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13
384	[v0.10.12]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12
385	[v0.10.11]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11
386	[v0.10.10]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10
387	[v0.10.9]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9
388	[v0.10.8]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8
389	[v0.10.7]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7
390	[v0.10.6]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6
391	[v0.10.5]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5
392	[v0.10.4]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4
393	[v0.10.3]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3
394	[v0.10.2]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2
395	[v0.10.1]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1
396	[v0.10.0]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...openssl-v0.10.0
397	[release tags]: https://github.com/sfackler/rust-openssl/releases