]>
Commit | Line | Data |
---|---|---|
22758248 XL |
1 | # Change Log |
2 | ||
3 | ## [Unreleased] | |
4 | ||
5 | ## [v0.10.23] | |
6 | ||
7 | ### Fixed | |
8 | ||
9 | * Fixed session callbacks when an `Ssl`'s context is replaced. | |
10 | ||
11 | ### Added | |
12 | ||
13 | * Added `SslContextBuilder::add_client_ca`. | |
14 | ||
15 | ## [v0.10.22] | |
16 | ||
17 | ### Added | |
18 | ||
19 | * Added support for the LibreSSL 2.9.x series. | |
20 | ||
21 | ## [v0.10.21] - 2019-04-30 | |
22 | ||
23 | ### Fixed | |
24 | ||
25 | * Fixed overly conservatifve buffer size checks in `Crypter` when using stream ciphers. | |
26 | ||
27 | ### Added | |
28 | ||
29 | * Added bindings to envelope encryption APIs. | |
30 | * Added `PkeyRef::size`. | |
31 | ||
32 | ## [v0.10.20] - 2019-03-20 | |
33 | ||
34 | ### Added | |
35 | ||
36 | * Added `CmsContentInfo::from_der` and `CmsContentInfo::encrypt`. | |
37 | * Added `X509Ref::verify` and `X509ReqRef::verify`. | |
38 | * Implemented `PartialEq` and `Eq` for `MessageDigest`. | |
39 | * Added `MessageDigest::type_` and `EcGroupRef::curve_name`. | |
40 | ||
41 | ## [v0.10.19] - 2019-03-01 | |
42 | ||
43 | ### Added | |
44 | ||
45 | * The openssl-sys build script now logs the values of environment variables. | |
46 | * Added `ERR_PACK` to openssl-sys. | |
47 | * The `ERR_*` functions in openssl-sys are const functions when building against newer Rust versions. | |
48 | * Implemented `Clone` for `Dsa`. | |
49 | * Added `SslContextRef::add_session` and `SslContextRef::remove_session`. | |
50 | * Added `SslSessionRef::time`, `SslSessionRef::timeout`, and `SslSessionRef::protocol_version`. | |
51 | * Added `SslContextBuilder::set_session_cache_size` and `SslContextRef::session_cache_size`. | |
52 | ||
53 | ## [v0.10.18] - 2019-02-22 | |
54 | ||
55 | ### Fixed | |
56 | ||
57 | * Fixed the return type of `ssl::cipher_name`. | |
58 | ||
59 | ## [v0.10.17] - 2019-02-22 | |
60 | ||
61 | ### Added | |
62 | ||
63 | * Implemented `AsRef<str>` and `AsRef<[u8]>` for `OpenSslString`. | |
64 | * Added `Asn1Integer::from_bn`. | |
65 | * Added `RsaRef::check_key`. | |
66 | * Added `Asn1Time::from_str` and `Asn1Time::from_str_x509`. | |
67 | * Added `Rsa::generate_with_e`. | |
68 | * Added `Cipher::des_ede3_cfb64`. | |
69 | * Added `SslCipherRef::standard_name` and `ssl::cipher_name`. | |
70 | ||
71 | ## [v0.10.16] - 2018-12-16 | |
72 | ||
73 | ### Added | |
74 | ||
75 | * Added SHA3 and SHAKE to `MessageDigest`. | |
76 | * Added `rand::keep_random_devices_open`. | |
77 | * Added support for LibreSSL 2.9.0. | |
78 | ||
79 | ## [v0.10.15] - 2018-10-22 | |
80 | ||
81 | ### Added | |
82 | ||
83 | * Implemented `DoubleEndedIterator` for stack iterators. | |
84 | ||
85 | ## [v0.10.14] - 2018-10-18 | |
86 | ||
87 | ### Fixed | |
88 | ||
89 | * Made some accidentally exposed internal functions private. | |
90 | ||
91 | ### Added | |
92 | ||
93 | * Added support for LibreSSL 2.8. | |
94 | ||
95 | ### Changed | |
96 | ||
97 | * The OpenSSL version used with the `vendored` feature has been upgraded from 1.1.0 to 1.1.1. | |
98 | ||
99 | ## [v0.10.13] - 2018-10-14 | |
100 | ||
101 | ### Fixed | |
102 | ||
103 | * Fixed a double-free in the `SslContextBuilder::set_get_session_callback` API. | |
104 | ||
105 | ### Added | |
106 | ||
107 | * Added `SslContextBuilder::set_client_hello_callback`. | |
108 | * Added support for LibreSSL 2.8.1. | |
109 | * Added `EcdsaSig::from_der` and `EcdsaSig::to_der`. | |
110 | * Added PKCS#7 support. | |
111 | ||
112 | ## [v0.10.12] - 2018-09-13 | |
113 | ||
114 | ### Fixed | |
115 | ||
116 | * Fixed handling of SNI callbacks during renegotiation. | |
117 | ||
118 | ### Added | |
119 | ||
120 | * Added `SslRef::get_shutdown` and `SslRef::set_shutdown`. | |
121 | * Added support for SRTP in DTLS sessions. | |
122 | * Added support for LibreSSL 2.8.0. | |
123 | ||
124 | ## [v0.10.11] - 2018-08-04 | |
125 | ||
126 | ### Added | |
127 | ||
128 | * The new `vendored` cargo feature will cause openssl-sys to compile and statically link to a | |
129 | vendored copy of OpenSSL. | |
130 | * Added `SslContextBuilder::set_psk_server_callback`. | |
131 | * Added `DsaRef::pub_key` and `DsaRef::priv_key`. | |
132 | * Added `Dsa::from_private_components` and `Dsa::from_public_components`. | |
133 | * Added `X509NameRef::entries`. | |
134 | ||
135 | ### Deprecated | |
136 | ||
137 | * `SslContextBuilder::set_psk_callback` has been renamed to | |
138 | `SslContextBuilder::set_psk_client_callback` and deprecated. | |
139 | ||
140 | ## [v0.10.10] - 2018-06-06 | |
141 | ||
142 | ### Added | |
143 | ||
144 | * Added `SslRef::set_alpn_protos`. | |
145 | * Added `SslContextBuilder::set_ciphersuites`. | |
146 | ||
147 | ## [v0.10.9] - 2018-06-01 | |
148 | ||
149 | ### Fixed | |
150 | ||
151 | * Fixed a use-after-free in `CmsContentInfo::sign`. | |
152 | * `SslRef::servername` now returns `None` rather than panicking on a non-UTF8 name. | |
153 | ||
154 | ### Added | |
155 | ||
156 | * Added `MessageDigest::from_nid`. | |
157 | * Added `Nid::signature_algorithms`, `Nid::long_name`, and `Nid::short_name`. | |
158 | * Added early data and early keying material export support for TLS 1.3. | |
159 | * Added `SslRef::verified_chain`. | |
160 | * Added `SslRef::servername_raw` which returns a `&[u8]` rather than `&str`. | |
161 | * Added `SslRef::finished` and `SslRef::peer_finished`. | |
162 | * Added `X509Ref::digest` to replace `X509Ref::fingerprint`. | |
163 | * `X509StoreBuilder` and `X509Store` now implement `Sync` and `Send`. | |
164 | ||
165 | ### Deprecated | |
166 | ||
167 | * `X509Ref::fingerprint` has been deprecated in favor of `X509Ref::digest`. | |
168 | ||
169 | ## [v0.10.8] - 2018-05-20 | |
170 | ||
171 | ### Fixed | |
172 | ||
173 | * `openssl-sys` will now detect Homebrew-installed OpenSSL when installed to a non-default | |
174 | directory. | |
175 | * The `X509_V_ERR_INVALID_CALL`, `X509_V_ERR_STORE_LOOKUP`, and | |
176 | `X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION` constants in `openssl-sys` are now only present when | |
177 | building against 1.1.0g and up rather than 1.1.0. | |
178 | * `SslContextBuilder::max_proto_version` and `SslContextBuilder::min_proto_version` are only present | |
179 | when building against 1.1.0g and up rather than 1.1.0. | |
180 | ||
181 | ### Added | |
182 | ||
183 | * Added `CmsContentInfo::sign`. | |
184 | * Added `Clone` and `ToOwned` implementations to `Rsa` and `RsaRef` respectively. | |
185 | * The `min_proto_version` and `max_proto_version` methods are available when linking against | |
186 | LibreSSL 2.6.1 and up in addition to OpenSSL. | |
187 | * `X509VerifyParam` is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL. | |
188 | * ALPN support is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL. | |
189 | * `Stack` and `StackRef` are now `Sync` and `Send`. | |
190 | ||
191 | ## [v0.10.7] - 2018-04-30 | |
192 | ||
193 | ### Added | |
194 | ||
195 | * Added `X509Req::public_key` and `X509Req::extensions`. | |
196 | * Added `RsaPrivateKeyBuilder` to allow control over initialization of optional components of an RSA | |
197 | private key. | |
198 | * Added DER encode/decode support to `SslSession`. | |
199 | * openssl-sys now provides the `DEP_OPENSSL_VERSION_NUMBER` and | |
200 | `DEP_OPENSSL_LIBRESSL_VERSION_NUMBER` environment variables to downstream build scripts which | |
201 | contains the hex-encoded version number of the OpenSSL or LibreSSL distribution being built | |
202 | against. The other variables are deprecated. | |
203 | ||
204 | ## [v0.10.6] - 2018-03-05 | |
205 | ||
206 | ### Added | |
207 | ||
208 | * Added `SslOptions::ENABLE_MIDDLEBOX_COMPAT`. | |
209 | * Added more `Sync` and `Send` implementations. | |
210 | * Added `PKeyRef::id`. | |
211 | * Added `Padding::PKCS1_PSS`. | |
212 | * Added `Signer::set_rsa_pss_saltlen`, `Signer::set_rsa_mgf1_md`, `Signer::set_rsa_pss_saltlen`, and | |
213 | `Signer::set_rsa_mgf1_md` | |
214 | * Added `X509StoreContextRef::verify` to directly verify certificates. | |
215 | * Added low level ECDSA support. | |
216 | * Added support for TLSv1.3 custom extensions. (OpenSSL 1.1.1 only) | |
217 | * Added AES-CCM support. | |
218 | * Added `EcKey::from_private_components`. | |
219 | * Added CMAC support. | |
220 | * Added support for LibreSSL 2.7. | |
221 | * Added `X509Ref::serial_number`. | |
222 | * Added `Asn1IntegerRef::to_bn`. | |
223 | * Added support for TLSv1.3 stateless handshakes. (OpenSSL 1.1.1 only) | |
224 | ||
225 | ### Changed | |
226 | ||
227 | * The Cargo features previously used to gate access to version-specific OpenSSL APIs have been | |
228 | removed. Those APIs will be available automatically when building against an appropriate OpenSSL | |
229 | version. | |
230 | * Fixed `PKey::private_key_from_der` to return a `PKey<Private>` rather than a `PKey<Public>`. This | |
231 | is technically a breaking change but the function was pretty useless previously. | |
232 | ||
233 | ### Deprecated | |
234 | ||
235 | * `X509CheckFlags::FLAG_NO_WILDCARDS` has been renamed to `X509CheckFlags::NO_WILDCARDS` and the old | |
236 | name deprecated. | |
237 | ||
238 | ## [v0.10.5] - 2018-02-28 | |
239 | ||
240 | ### Fixed | |
241 | ||
242 | * `ErrorStack`'s `Display` implementation no longer writes an empty string if it contains no errors. | |
243 | ||
244 | ### Added | |
245 | ||
246 | * Added `SslRef::version2`. | |
247 | * Added `Cipher::des_ede3_cbc`. | |
248 | * Added `SslRef::export_keying_material`. | |
249 | * Added the ability to push an `Error` or `ErrorStack` back onto OpenSSL's error stack. Various | |
250 | callback bindings use this to propagate errors properly. | |
251 | * Added `SslContextBuilder::set_cookie_generate_cb` and `SslContextBuilder::set_cookie_verify_cb`. | |
252 | * Added `SslContextBuilder::set_max_proto_version`, `SslContextBuilder::set_min_proto_version`, | |
253 | `SslContextBuilder::max_proto_version`, and `SslContextBuilder::min_proto_version`. | |
254 | ||
255 | ### Changed | |
256 | ||
257 | * Updated `SslConnector`'s default cipher list to match Python's. | |
258 | ||
259 | ### Deprecated | |
260 | ||
261 | * `SslRef::version` has been deprecated. Use `SslRef::version_str` instead. | |
262 | ||
263 | ## [v0.10.4] - 2018-02-18 | |
264 | ||
265 | ### Added | |
266 | ||
267 | * Added OpenSSL 1.1.1 support. | |
268 | * Added `Rsa::public_key_from_pem_pkcs1`. | |
269 | * Added `SslOptions::NO_TLSV1_3`. (OpenSSL 1.1.1 only) | |
270 | * Added `SslVersion`. | |
271 | * Added `SslSessionCacheMode` and `SslContextBuilder::set_session_cache_mode`. | |
272 | * Added `SslContextBuilder::set_new_session_callback`, | |
273 | `SslContextBuilder::set_remove_session_callback`, and | |
274 | `SslContextBuilder::set_get_session_callback`. | |
275 | * Added `SslContextBuilder::set_keylog_callback`. (OpenSSL 1.1.1 only) | |
276 | * Added `SslRef::client_random` and `SslRef::server_random`. (OpenSSL 1.1.0+ only) | |
277 | ||
278 | ### Fixed | |
279 | ||
280 | * The `SslAcceptorBuilder::mozilla_modern` constructor now disables TLSv1.0 and TLSv1.1 in | |
281 | accordance with Mozilla's recommendations. | |
282 | ||
283 | ## [v0.10.3] - 2018-02-12 | |
284 | ||
285 | ### Added | |
286 | ||
287 | * OpenSSL is now automatically detected on FreeBSD systems. | |
288 | * Added `GeneralName` accessors for `rfc822Name` and `uri` variants. | |
289 | * Added DES-EDE3 support. | |
290 | ||
291 | ### Fixed | |
292 | ||
293 | * Fixed a memory leak in `X509StoreBuilder::add_cert`. | |
294 | ||
295 | ## [v0.10.2] - 2018-01-11 | |
296 | ||
297 | ### Added | |
298 | ||
299 | * Added `ConnectConfiguration::set_use_server_name_indication` and | |
300 | `ConnectConfiguration::set_verify_hostname` for use in contexts where you don't have ownership | |
301 | of the `ConnectConfiguration`. | |
302 | ||
303 | ## [v0.10.1] - 2018-01-10 | |
304 | ||
305 | ### Added | |
306 | ||
307 | * Added a `From<ErrorStack> for ssl::Error` implementation. | |
308 | ||
309 | ## [v0.10.0] - 2018-01-10 | |
310 | ||
311 | ### Compatibility | |
312 | ||
313 | * openssl 0.10 still uses openssl-sys 0.9, so openssl 0.9 and 0.10 can coexist without issue. | |
314 | ||
315 | ### Added | |
316 | ||
317 | * The `ssl::select_next_proto` function can be used to easily implement the ALPN selection callback | |
318 | in a "standard" way. | |
319 | * FIPS mode support is available in the `fips` module. | |
320 | * Accessors for the Issuer and Issuer Alternative Name fields of X509 certificates have been added. | |
321 | * The `X509VerifyResult` can now be set in the certificate verification callback via | |
322 | `X509StoreContextRef::set_error`. | |
323 | ||
324 | ### Changed | |
325 | ||
326 | * All constants have been moved to associated constants of their type. For example, `bn::MSB_ONE` | |
327 | is now `bn::MsbOption::ONE`. | |
328 | * Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is | |
329 | used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume | |
330 | that certain components are present and will segfault trying to use things that aren't there. | |
331 | ||
332 | The `pkey` module contains new tag types named `Params`, `Public`, and `Private`, and the | |
333 | `Dh`, `Dsa`, `EcKey`, `Rsa`, and `PKey` have a type parameter set to one of those values. This | |
334 | allows the `Signer` constructor to indicate that it requires a private key at compile time for | |
335 | example. Previously, `Signer` would simply segfault if provided a key without private | |
336 | components. | |
337 | * ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single | |
338 | method used for both the server and client sides which performed everything automatically, the | |
339 | `SslContextBuilder::set_alpn_protos` and `SslContextBuilder::set_alpn_select_callback` handle | |
340 | the client and server sides respectively. | |
341 | * `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication` | |
342 | has been removed in favor of new methods which provide more control. The | |
343 | `ConnectConfiguration::use_server_name_indication` method controls the use of Server Name | |
344 | Indication (SNI), and the `ConnectConfiguration::verify_hostname` method controls the use of | |
345 | hostname verification. These can be controlled independently, and if both are disabled, the | |
346 | domain argument to `ConnectConfiguration::connect` is ignored. | |
347 | * Shared secret derivation is now handled by the new `derive::Deriver` type rather than | |
348 | `pkey::PKeyContext`, which has been removed. | |
349 | * `ssl::Error` is now no longer an enum, and provides more direct access to the relevant state. | |
350 | * `SslConnectorBuilder::new` has been moved and renamed to `SslConnector::builder`. | |
351 | * `SslAcceptorBuilder::mozilla_intermediate` and `SslAcceptorBuilder::mozilla_modern` have been | |
352 | moved to `SslAcceptor` and no longer take the private key and certificate chain. Install those | |
353 | manually after creating the builder. | |
354 | * `X509VerifyError` is now `X509VerifyResult` and can now have the "ok" value in addition to error | |
355 | values. | |
356 | * `x509::X509FileType` is now `ssl::SslFiletype`. | |
357 | * Asymmetric key serialization and deserialization methods now document the formats that they | |
358 | correspond to, and some have been renamed to better indicate that. | |
359 | ||
360 | ### Removed | |
361 | ||
362 | * All deprecated APIs have been removed. | |
363 | * NPN support has been removed. It has been supersceded by ALPN, and is hopefully no longer being | |
364 | used in practice. If you still depend on it, please file an issue! | |
365 | * `SslRef::compression` has been removed. | |
366 | * Some `ssl::SslOptions` flags have been removed as they no longer do anything. | |
367 | ||
368 | ## Older | |
369 | ||
370 | Look at the [release tags] for information about older releases. | |
371 | ||
372 | [Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.23...master | |
373 | [v0.10.23]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23 | |
374 | [v0.10.22]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22 | |
375 | [v0.10.21]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21 | |
376 | [v0.10.20]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20 | |
377 | [v0.10.19]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19 | |
378 | [v0.10.18]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18 | |
379 | [v0.10.17]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17 | |
380 | [v0.10.16]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16 | |
381 | [v0.10.15]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15 | |
382 | [v0.10.14]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14 | |
383 | [v0.10.13]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13 | |
384 | [v0.10.12]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12 | |
385 | [v0.10.11]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11 | |
386 | [v0.10.10]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10 | |
387 | [v0.10.9]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9 | |
388 | [v0.10.8]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8 | |
389 | [v0.10.7]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7 | |
390 | [v0.10.6]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6 | |
391 | [v0.10.5]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5 | |
392 | [v0.10.4]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4 | |
393 | [v0.10.3]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3 | |
394 | [v0.10.2]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2 | |
395 | [v0.10.1]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1 | |
396 | [v0.10.0]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...openssl-v0.10.0 | |
397 | [release tags]: https://github.com/sfackler/rust-openssl/releases |