]>
Commit | Line | Data |
---|---|---|
22758248 XL |
1 | # Change Log |
2 | ||
3 | ## [Unreleased] | |
4 | ||
68504ae0 FG |
5 | ## [v0.10.43] - 2022-11-23 |
6 | ||
7 | ### Added | |
8 | ||
9 | * Added `Nid::BRAINPOOL_P256R1`, `Nid::BRAINPOOL_P384R1`, `Nid::BRAINPOOL_P512R1`. | |
10 | * Added `BigNumRef::copy_from_slice`. | |
11 | * Added `Cipher` constructors for Camellia, CAST5, and IDEA ciphers. | |
12 | * Added `DsaSig`. | |
13 | * Added `X509StoreBuilderRef::set_param`. | |
14 | * Added `X509VerifyParam::new`, `X509VerifyParamRef::set_time`, and `X509VerifyParamRef::set_depth`. | |
15 | ||
62c5094d FG |
16 | ## [v0.10.42] - 2022-09-26 |
17 | ||
18 | ### Added | |
19 | ||
20 | * Added `SslRef::psk_identity_hint` and `SslRef::psk_identity`. | |
21 | * Added SHA-3 constants to `Nid`. | |
22 | * Added `SslOptions::PRIORITIZE_CHACHA`. | |
23 | * Added `X509ReqRef::to_text`. | |
24 | * Added `MdCtxRef::size`. | |
25 | * Added `X509NameRef::try_cmp`. | |
26 | * Added `MdCtxRef::reset`. | |
27 | * Added experimental, unstable support for BoringSSL. | |
28 | ||
29 | ### Fixed | |
30 | ||
31 | * Fixed `MdCtxRef::digest_verify_init` to support `PKey`s with only public components. | |
32 | ||
33 | ## [v0.10.41] - 2022-06-09 | |
34 | ||
35 | ### Fixed | |
36 | ||
37 | * Fixed a use-after-free in `Error::function` and `Error::file` with OpenSSL 3.x. | |
38 | ||
39 | ### Added | |
40 | ||
41 | * Added `MessageDigest::block_size` and `MdRef::block_size`. | |
42 | * Implemented `Ord` and `Eq` for `X509` and `X509Ref`. | |
43 | * Added `X509Extension::add_alias`. | |
44 | * Added SM4 support. | |
45 | * Added `EcGroup::from_components` `EcGropuRef::set_generator`, and `EcPointRef::set_affine_coordinates_gfp`. | |
46 | ||
47 | ## [v0.10.40] - 2022-05-04 | |
48 | ||
49 | ### Fixed | |
50 | ||
51 | * Fixed the openssl-sys dependency version. | |
52 | ||
53 | ## [v0.10.39] - 2022-05-02 | |
54 | ||
55 | ### Deprecated | |
56 | ||
57 | * Deprecated `SslContextBuilder::set_tmp_ecdh_callback` and `SslRef::set_tmp_ecdh_callback`. | |
58 | ||
59 | ### Added | |
60 | ||
61 | * Added `SslRef::extms_support`. | |
62 | * Added `Nid::create`. | |
63 | * Added `CipherCtx`, which exposes a more direct interface to `EVP_CIPHER_CTX`. | |
64 | * Added `PkeyCtx`, which exposes a more direct interface to `EVP_PKEY_CTX`. | |
65 | * Added `MdCtx`, which exposes a more direct interface to `EVP_MD_CTX`. | |
66 | * Added `Pkcs12Builder::mac_md`. | |
67 | * Added `Provider`. | |
68 | * Added `X509Ref::issuer_name_hash`. | |
69 | * Added `Decrypter::set_rsa_oaep_label`. | |
70 | * Added `X509Ref::to_text`. | |
71 | ||
72 | ## [v0.10.38] - 2021-10-31 | |
73 | ||
74 | ### Added | |
75 | ||
76 | * Added `Pkey::ec_gen`. | |
77 | ||
78 | ## [v0.10.37] - 2021-10-27 | |
79 | ||
80 | ### Fixed | |
81 | ||
82 | * Fixed linkage against OpenSSL distributions built with `no-chacha`. | |
83 | ||
84 | ### Added | |
85 | ||
86 | * Added `BigNumRef::to_vec_padded`. | |
87 | * Added `X509Name::from_der` and `X509NameRef::to_der`. | |
88 | * Added `BigNum::new_secure`, `BigNumReef::set_const_time`, `BigNumref::is_const_time`, and `BigNumRef::is_secure`. | |
89 | ||
c8d4b494 XL |
90 | ## [v0.10.36] - 2021-08-17 |
91 | ||
92 | ### Added | |
93 | ||
94 | * Added `Asn1Object::as_slice`. | |
95 | * Added `PKeyRef::{raw_public_key, raw_private_key, private_key_to_pkcs8_passphrase}` and | |
96 | `PKey::{private_key_from_raw_bytes, public_key_from_raw_bytes}`. | |
97 | * Added `Cipher::{seed_cbc, seed_cfb128, seed_ecb, seed_ofb}`. | |
98 | ||
99 | ## [v0.10.35] - 2021-06-18 | |
100 | ||
101 | ### Fixed | |
102 | ||
103 | * Fixed a memory leak in `Deriver`. | |
104 | ||
105 | ### Added | |
106 | ||
107 | * Added support for OpenSSL 3.x.x. | |
108 | * Added `SslStream::peek`. | |
109 | ||
110 | ## [v0.10.34] - 2021-04-28 | |
111 | ||
112 | ### Added | |
113 | ||
114 | * Added `Dh::set_private_key` and `DhRef::private_key`. | |
115 | * Added `EcPointRef::affine_coordinates`. | |
116 | * Added `TryFrom` implementations to convert between `PKey` and specific key types. | |
117 | * Added `X509StoreBuilderRef::set_flags`. | |
118 | ||
119 | ## [v0.10.33] - 2021-03-13 | |
120 | ||
121 | ### Fixed | |
122 | ||
123 | * `Dh::generate_params` now uses `DH_generate_params_ex` rather than the deprecated `DH_generated_params` function. | |
124 | ||
125 | ### Added | |
126 | ||
127 | * Added `Asn1Type`. | |
128 | * Added `CmsContentInfoRef::decrypt_without_cert_check`. | |
129 | * Added `EcPointRef::{is_infinity, is_on_curve}`. | |
130 | * Added `Encrypter::set_rsa_oaep_label`. | |
131 | * Added `MessageDigest::sm3`. | |
132 | * Added `Pkcs7Ref::signers`. | |
133 | * Added `Cipher::nid`. | |
134 | * Added `X509Ref::authority_info` and `AccessDescription::{method, location}`. | |
135 | * Added `X509NameBuilder::{append_entry_by_text_with_type, append_entry_by_nid_with_type}`. | |
136 | ||
137 | ## [v0.10.32] - 2020-12-24 | |
138 | ||
139 | ### Fixed | |
140 | ||
141 | * Fixed `Ssl::new` to take a `&SslContextRef` rather than `&SslContext`. | |
142 | ||
143 | ### Added | |
144 | ||
145 | * Added the `encrypt` module to support asymmetric encryption and decryption with `PKey`s. | |
146 | * Added `MessageDigest::from_name`. | |
147 | * Added `ConnectConfiguration::into_ssl`. | |
148 | * Added the ability to create unconnected `SslStream`s directly from an `Ssl` and transport stream | |
149 | without performing any part of the handshake with `SslStream::new`. | |
150 | * Added `SslStream::{read_early_data, write_early_data, connect, accept, do_handshake, stateless}`. | |
151 | * Implemented `ToOwned` for `SslContextRef`. | |
152 | * Added `SslRef::{set_connect_state, set_accept_state}`. | |
153 | ||
154 | ### Deprecated | |
155 | ||
156 | * Deprecated `SslStream::from_raw_parts` in favor of `Ssl::from_ptr` and `SslStream::new`. | |
157 | * Deprecated `SslStreamBuilder` in favor of methods on `Ssl` and `SslStream`. | |
158 | ||
159 | ## [v0.10.31] - 2020-12-09 | |
160 | ||
161 | ### Added | |
162 | ||
163 | * Added `Asn1Object::from_str`. | |
164 | * Added `Dh::from_pgq`, `DhRef::prime_p`, `DhRef::prime_q`, `DhRef::generator`, `DhRef::generate_params`, | |
165 | `DhRef::generate_key`, `DhRef::public_key`, and `DhRef::compute_key`. | |
166 | * Added `Pkcs7::from_der` and `Pkcs7Ref::to_der`. | |
167 | * Added `Id::X25519`, `Id::X448`, `PKey::generate_x25519`, and `PKey::generate_x448`. | |
168 | * Added `SrtpProfileId::SRTP_AEAD_AES_128_GCM` and `SrtpProfileId::SRTP_AEAD_AES_256_GCM`. | |
169 | * Added `SslContextBuilder::verify_param` and `SslContextBuilder::verify_param_mut`. | |
170 | * Added `X509Ref::subject_name_hash` and `X509Ref::version`. | |
171 | * Added `X509StoreBuilderRef::add_lookup`, and the `X509Lookup` type. | |
172 | * Added `X509VerifyFlags`, `X509VerifyParamRef::set_flags`, `X509VerifyParamRef::clear_flags` | |
173 | `X509VerifyParamRef::get_flags`. | |
174 | ||
f5bb8b5f XL |
175 | ## [v0.10.30] - 2020-06-25 |
176 | ||
177 | ### Fixed | |
178 | ||
179 | * `DsaRef::private_key_to_pem` can no longer be called without a private key. | |
180 | ||
181 | ### Changed | |
182 | ||
183 | * Improved the `Debug` implementations of many types. | |
184 | ||
185 | ### Added | |
186 | ||
187 | * Added `is_empty` implementations for `Asn1StringRef` and `Asn1BitStringRef`. | |
188 | * Added `EcPointRef::{to_pem, to_dir}` and `EcKeyRef::{public_key_from_pem, public_key_from_der}`. | |
189 | * Added `Default` implementations for many types. | |
190 | * Added `Debug` implementations for many types. | |
c8d4b494 | 191 | * Added `SslStream::from_raw_parts`. |
f5bb8b5f XL |
192 | * Added `SslRef::set_mtu`. |
193 | * Added `Cipher::{aes_128_ocb, aes_192_ocb, aes_256_ocb}`. | |
194 | ||
195 | ### Deprecated | |
196 | ||
197 | * Deprecated `SslStreamBuilder::set_dtls_mtu_size` in favor of `SslRef::set_mtu`. | |
198 | ||
7c421261 XL |
199 | ## [v0.10.29] - 2020-04-07 |
200 | ||
201 | ### Fixed | |
202 | ||
203 | * Fixed a memory leak in `X509Builder::append_extension`. | |
204 | ||
205 | ### Added | |
206 | ||
207 | * Added `SslConnector::into_context` and `SslConnector::context`. | |
208 | * Added `SslAcceptor::into_context` and `SslAcceptor::context`. | |
209 | * Added `SslMethod::tls_client` and `SslMethod::tls_server`. | |
210 | * Added `SslContextBuilder::set_cert_store`. | |
211 | * Added `SslContextRef::verify_mode` and `SslRef::verify_mode`. | |
212 | * Added `SslRef::is_init_finished`. | |
213 | * Added `X509Object`. | |
214 | * Added `X509StoreRef::objects`. | |
215 | ||
216 | ## [v0.10.28] - 2020-02-04 | |
217 | ||
218 | ### Fixed | |
219 | ||
220 | * Fixed the mutability of `Signer::sign_oneshot` and `Verifier::verify_oneshot`. This is unfortunately a breaking | |
221 | change, but a necessary soundness fix. | |
222 | ||
223 | ## [v0.10.27] - 2020-01-29 | |
224 | ||
225 | ### Added | |
226 | ||
227 | * Added `MessageDigest::null`. | |
228 | * Added `PKey::private_key_from_pkcs8`. | |
229 | * Added `SslOptions::NO_RENEGOTIATION`. | |
230 | * Added `SslStreamBuilder::set_dtls_mtu_size`. | |
231 | ||
217acde9 XL |
232 | ## [v0.10.26] - 2019-11-22 |
233 | ||
234 | ### Fixed | |
235 | ||
236 | * Fixed improper handling of the IV buffer in `envelope::{Seal, Unseal}`. | |
237 | ||
238 | ### Added | |
239 | ||
240 | * Added `Asn1TimeRef::{diff, compare}`. | |
241 | * Added `Asn1Time::from_unix`. | |
242 | * Added `PartialEq` and `PartialOrd` implementations for `Asn1Time` and `Asn1TimeRef`. | |
243 | * Added `base64::{encode_block, decode_block}`. | |
244 | * Added `EcGroupRef::order_bits`. | |
245 | * Added `Clone` implementations for `Sha1`, `Sha224`, `Sha256`, `Sha384`, and `Sha512`. | |
246 | * Added `SslContextBuilder::{set_sigalgs_list, set_groups_list}`. | |
247 | ||
248 | ## [v0.10.25] - 2019-10-02 | |
249 | ||
250 | ### Fixed | |
251 | ||
252 | * Fixed a memory leak in `EcdsaSig::from_private_components` when using OpenSSL 1.0.x. | |
253 | ||
254 | ### Added | |
255 | ||
256 | * Added support for Ed25519 and Ed448 keys. | |
257 | * Implemented `ToOwned` for `PKeyRef` and `Clone` for `PKey`. | |
258 | ||
259 | ## [v0.10.24] - 2019-07-19 | |
260 | ||
261 | ### Fixed | |
262 | ||
263 | * Worked around an OpenSSL 1.0.x bug triggered by code calling `SSL_set_app_data`. | |
264 | ||
265 | ### Added | |
266 | ||
267 | * Added `aes::{wrap_key, unwrap_key}`. | |
268 | * Added `CmsContentInfoRef::to_pem` and `CmsContentInfo::from_pem`. | |
269 | * Added `DsaRef::private_key_to_pem`. | |
270 | * Added `EcGroupRef::{cofactor, generator}`. | |
271 | * Added `EcPointRef::to_owned`. | |
272 | * Added a `Debug` implementation for `EcKey`. | |
273 | * Added `SslAcceptor::{mozilla_intermediate_v5, mozilla_modern_v5}`. | |
274 | * Added `Cipher::{aes_128_ofb, aes_192_ecb, aes_192_cbc, aes_192_ctr, aes_192_cfb1, aes_192_cfb128, aes_192_cfb8, | |
275 | aes_192_gcm, aes_192_ccm, aes_192_ofb, aes_256_ofb}`. | |
276 | ||
277 | ## [v0.10.23] - 2019-05-18 | |
22758248 XL |
278 | |
279 | ### Fixed | |
280 | ||
281 | * Fixed session callbacks when an `Ssl`'s context is replaced. | |
282 | ||
283 | ### Added | |
284 | ||
285 | * Added `SslContextBuilder::add_client_ca`. | |
286 | ||
217acde9 | 287 | ## [v0.10.22] - 2019-05-08 |
22758248 XL |
288 | |
289 | ### Added | |
290 | ||
291 | * Added support for the LibreSSL 2.9.x series. | |
292 | ||
293 | ## [v0.10.21] - 2019-04-30 | |
294 | ||
295 | ### Fixed | |
296 | ||
297 | * Fixed overly conservatifve buffer size checks in `Crypter` when using stream ciphers. | |
298 | ||
299 | ### Added | |
300 | ||
301 | * Added bindings to envelope encryption APIs. | |
302 | * Added `PkeyRef::size`. | |
303 | ||
304 | ## [v0.10.20] - 2019-03-20 | |
305 | ||
306 | ### Added | |
307 | ||
308 | * Added `CmsContentInfo::from_der` and `CmsContentInfo::encrypt`. | |
309 | * Added `X509Ref::verify` and `X509ReqRef::verify`. | |
310 | * Implemented `PartialEq` and `Eq` for `MessageDigest`. | |
311 | * Added `MessageDigest::type_` and `EcGroupRef::curve_name`. | |
312 | ||
313 | ## [v0.10.19] - 2019-03-01 | |
314 | ||
315 | ### Added | |
316 | ||
317 | * The openssl-sys build script now logs the values of environment variables. | |
318 | * Added `ERR_PACK` to openssl-sys. | |
319 | * The `ERR_*` functions in openssl-sys are const functions when building against newer Rust versions. | |
320 | * Implemented `Clone` for `Dsa`. | |
321 | * Added `SslContextRef::add_session` and `SslContextRef::remove_session`. | |
322 | * Added `SslSessionRef::time`, `SslSessionRef::timeout`, and `SslSessionRef::protocol_version`. | |
323 | * Added `SslContextBuilder::set_session_cache_size` and `SslContextRef::session_cache_size`. | |
324 | ||
325 | ## [v0.10.18] - 2019-02-22 | |
326 | ||
327 | ### Fixed | |
328 | ||
329 | * Fixed the return type of `ssl::cipher_name`. | |
330 | ||
331 | ## [v0.10.17] - 2019-02-22 | |
332 | ||
333 | ### Added | |
334 | ||
335 | * Implemented `AsRef<str>` and `AsRef<[u8]>` for `OpenSslString`. | |
336 | * Added `Asn1Integer::from_bn`. | |
337 | * Added `RsaRef::check_key`. | |
338 | * Added `Asn1Time::from_str` and `Asn1Time::from_str_x509`. | |
339 | * Added `Rsa::generate_with_e`. | |
340 | * Added `Cipher::des_ede3_cfb64`. | |
341 | * Added `SslCipherRef::standard_name` and `ssl::cipher_name`. | |
342 | ||
343 | ## [v0.10.16] - 2018-12-16 | |
344 | ||
345 | ### Added | |
346 | ||
347 | * Added SHA3 and SHAKE to `MessageDigest`. | |
348 | * Added `rand::keep_random_devices_open`. | |
349 | * Added support for LibreSSL 2.9.0. | |
350 | ||
351 | ## [v0.10.15] - 2018-10-22 | |
352 | ||
353 | ### Added | |
354 | ||
355 | * Implemented `DoubleEndedIterator` for stack iterators. | |
356 | ||
357 | ## [v0.10.14] - 2018-10-18 | |
358 | ||
359 | ### Fixed | |
360 | ||
361 | * Made some accidentally exposed internal functions private. | |
362 | ||
363 | ### Added | |
364 | ||
365 | * Added support for LibreSSL 2.8. | |
366 | ||
367 | ### Changed | |
368 | ||
369 | * The OpenSSL version used with the `vendored` feature has been upgraded from 1.1.0 to 1.1.1. | |
370 | ||
371 | ## [v0.10.13] - 2018-10-14 | |
372 | ||
373 | ### Fixed | |
374 | ||
375 | * Fixed a double-free in the `SslContextBuilder::set_get_session_callback` API. | |
376 | ||
377 | ### Added | |
378 | ||
379 | * Added `SslContextBuilder::set_client_hello_callback`. | |
380 | * Added support for LibreSSL 2.8.1. | |
381 | * Added `EcdsaSig::from_der` and `EcdsaSig::to_der`. | |
382 | * Added PKCS#7 support. | |
383 | ||
384 | ## [v0.10.12] - 2018-09-13 | |
385 | ||
386 | ### Fixed | |
387 | ||
388 | * Fixed handling of SNI callbacks during renegotiation. | |
389 | ||
390 | ### Added | |
391 | ||
392 | * Added `SslRef::get_shutdown` and `SslRef::set_shutdown`. | |
393 | * Added support for SRTP in DTLS sessions. | |
394 | * Added support for LibreSSL 2.8.0. | |
395 | ||
396 | ## [v0.10.11] - 2018-08-04 | |
397 | ||
398 | ### Added | |
399 | ||
400 | * The new `vendored` cargo feature will cause openssl-sys to compile and statically link to a | |
401 | vendored copy of OpenSSL. | |
402 | * Added `SslContextBuilder::set_psk_server_callback`. | |
403 | * Added `DsaRef::pub_key` and `DsaRef::priv_key`. | |
404 | * Added `Dsa::from_private_components` and `Dsa::from_public_components`. | |
405 | * Added `X509NameRef::entries`. | |
406 | ||
407 | ### Deprecated | |
408 | ||
409 | * `SslContextBuilder::set_psk_callback` has been renamed to | |
410 | `SslContextBuilder::set_psk_client_callback` and deprecated. | |
411 | ||
412 | ## [v0.10.10] - 2018-06-06 | |
413 | ||
414 | ### Added | |
415 | ||
416 | * Added `SslRef::set_alpn_protos`. | |
417 | * Added `SslContextBuilder::set_ciphersuites`. | |
418 | ||
419 | ## [v0.10.9] - 2018-06-01 | |
420 | ||
421 | ### Fixed | |
422 | ||
423 | * Fixed a use-after-free in `CmsContentInfo::sign`. | |
424 | * `SslRef::servername` now returns `None` rather than panicking on a non-UTF8 name. | |
425 | ||
426 | ### Added | |
427 | ||
428 | * Added `MessageDigest::from_nid`. | |
429 | * Added `Nid::signature_algorithms`, `Nid::long_name`, and `Nid::short_name`. | |
430 | * Added early data and early keying material export support for TLS 1.3. | |
431 | * Added `SslRef::verified_chain`. | |
432 | * Added `SslRef::servername_raw` which returns a `&[u8]` rather than `&str`. | |
433 | * Added `SslRef::finished` and `SslRef::peer_finished`. | |
434 | * Added `X509Ref::digest` to replace `X509Ref::fingerprint`. | |
435 | * `X509StoreBuilder` and `X509Store` now implement `Sync` and `Send`. | |
436 | ||
437 | ### Deprecated | |
438 | ||
439 | * `X509Ref::fingerprint` has been deprecated in favor of `X509Ref::digest`. | |
440 | ||
441 | ## [v0.10.8] - 2018-05-20 | |
442 | ||
443 | ### Fixed | |
444 | ||
445 | * `openssl-sys` will now detect Homebrew-installed OpenSSL when installed to a non-default | |
446 | directory. | |
447 | * The `X509_V_ERR_INVALID_CALL`, `X509_V_ERR_STORE_LOOKUP`, and | |
448 | `X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION` constants in `openssl-sys` are now only present when | |
449 | building against 1.1.0g and up rather than 1.1.0. | |
450 | * `SslContextBuilder::max_proto_version` and `SslContextBuilder::min_proto_version` are only present | |
451 | when building against 1.1.0g and up rather than 1.1.0. | |
452 | ||
453 | ### Added | |
454 | ||
455 | * Added `CmsContentInfo::sign`. | |
456 | * Added `Clone` and `ToOwned` implementations to `Rsa` and `RsaRef` respectively. | |
457 | * The `min_proto_version` and `max_proto_version` methods are available when linking against | |
458 | LibreSSL 2.6.1 and up in addition to OpenSSL. | |
459 | * `X509VerifyParam` is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL. | |
460 | * ALPN support is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL. | |
461 | * `Stack` and `StackRef` are now `Sync` and `Send`. | |
462 | ||
463 | ## [v0.10.7] - 2018-04-30 | |
464 | ||
465 | ### Added | |
466 | ||
467 | * Added `X509Req::public_key` and `X509Req::extensions`. | |
468 | * Added `RsaPrivateKeyBuilder` to allow control over initialization of optional components of an RSA | |
469 | private key. | |
470 | * Added DER encode/decode support to `SslSession`. | |
471 | * openssl-sys now provides the `DEP_OPENSSL_VERSION_NUMBER` and | |
472 | `DEP_OPENSSL_LIBRESSL_VERSION_NUMBER` environment variables to downstream build scripts which | |
473 | contains the hex-encoded version number of the OpenSSL or LibreSSL distribution being built | |
474 | against. The other variables are deprecated. | |
475 | ||
476 | ## [v0.10.6] - 2018-03-05 | |
477 | ||
478 | ### Added | |
479 | ||
480 | * Added `SslOptions::ENABLE_MIDDLEBOX_COMPAT`. | |
481 | * Added more `Sync` and `Send` implementations. | |
482 | * Added `PKeyRef::id`. | |
483 | * Added `Padding::PKCS1_PSS`. | |
484 | * Added `Signer::set_rsa_pss_saltlen`, `Signer::set_rsa_mgf1_md`, `Signer::set_rsa_pss_saltlen`, and | |
485 | `Signer::set_rsa_mgf1_md` | |
486 | * Added `X509StoreContextRef::verify` to directly verify certificates. | |
487 | * Added low level ECDSA support. | |
488 | * Added support for TLSv1.3 custom extensions. (OpenSSL 1.1.1 only) | |
489 | * Added AES-CCM support. | |
490 | * Added `EcKey::from_private_components`. | |
491 | * Added CMAC support. | |
492 | * Added support for LibreSSL 2.7. | |
493 | * Added `X509Ref::serial_number`. | |
494 | * Added `Asn1IntegerRef::to_bn`. | |
495 | * Added support for TLSv1.3 stateless handshakes. (OpenSSL 1.1.1 only) | |
496 | ||
497 | ### Changed | |
498 | ||
499 | * The Cargo features previously used to gate access to version-specific OpenSSL APIs have been | |
500 | removed. Those APIs will be available automatically when building against an appropriate OpenSSL | |
501 | version. | |
502 | * Fixed `PKey::private_key_from_der` to return a `PKey<Private>` rather than a `PKey<Public>`. This | |
503 | is technically a breaking change but the function was pretty useless previously. | |
504 | ||
505 | ### Deprecated | |
506 | ||
507 | * `X509CheckFlags::FLAG_NO_WILDCARDS` has been renamed to `X509CheckFlags::NO_WILDCARDS` and the old | |
508 | name deprecated. | |
509 | ||
510 | ## [v0.10.5] - 2018-02-28 | |
511 | ||
512 | ### Fixed | |
513 | ||
514 | * `ErrorStack`'s `Display` implementation no longer writes an empty string if it contains no errors. | |
515 | ||
516 | ### Added | |
517 | ||
518 | * Added `SslRef::version2`. | |
519 | * Added `Cipher::des_ede3_cbc`. | |
520 | * Added `SslRef::export_keying_material`. | |
521 | * Added the ability to push an `Error` or `ErrorStack` back onto OpenSSL's error stack. Various | |
522 | callback bindings use this to propagate errors properly. | |
523 | * Added `SslContextBuilder::set_cookie_generate_cb` and `SslContextBuilder::set_cookie_verify_cb`. | |
524 | * Added `SslContextBuilder::set_max_proto_version`, `SslContextBuilder::set_min_proto_version`, | |
525 | `SslContextBuilder::max_proto_version`, and `SslContextBuilder::min_proto_version`. | |
526 | ||
527 | ### Changed | |
528 | ||
529 | * Updated `SslConnector`'s default cipher list to match Python's. | |
530 | ||
531 | ### Deprecated | |
532 | ||
533 | * `SslRef::version` has been deprecated. Use `SslRef::version_str` instead. | |
534 | ||
535 | ## [v0.10.4] - 2018-02-18 | |
536 | ||
537 | ### Added | |
538 | ||
539 | * Added OpenSSL 1.1.1 support. | |
540 | * Added `Rsa::public_key_from_pem_pkcs1`. | |
541 | * Added `SslOptions::NO_TLSV1_3`. (OpenSSL 1.1.1 only) | |
542 | * Added `SslVersion`. | |
543 | * Added `SslSessionCacheMode` and `SslContextBuilder::set_session_cache_mode`. | |
544 | * Added `SslContextBuilder::set_new_session_callback`, | |
545 | `SslContextBuilder::set_remove_session_callback`, and | |
546 | `SslContextBuilder::set_get_session_callback`. | |
547 | * Added `SslContextBuilder::set_keylog_callback`. (OpenSSL 1.1.1 only) | |
548 | * Added `SslRef::client_random` and `SslRef::server_random`. (OpenSSL 1.1.0+ only) | |
549 | ||
550 | ### Fixed | |
551 | ||
552 | * The `SslAcceptorBuilder::mozilla_modern` constructor now disables TLSv1.0 and TLSv1.1 in | |
553 | accordance with Mozilla's recommendations. | |
554 | ||
555 | ## [v0.10.3] - 2018-02-12 | |
556 | ||
557 | ### Added | |
558 | ||
559 | * OpenSSL is now automatically detected on FreeBSD systems. | |
560 | * Added `GeneralName` accessors for `rfc822Name` and `uri` variants. | |
561 | * Added DES-EDE3 support. | |
562 | ||
563 | ### Fixed | |
564 | ||
565 | * Fixed a memory leak in `X509StoreBuilder::add_cert`. | |
566 | ||
567 | ## [v0.10.2] - 2018-01-11 | |
568 | ||
569 | ### Added | |
570 | ||
571 | * Added `ConnectConfiguration::set_use_server_name_indication` and | |
572 | `ConnectConfiguration::set_verify_hostname` for use in contexts where you don't have ownership | |
573 | of the `ConnectConfiguration`. | |
574 | ||
575 | ## [v0.10.1] - 2018-01-10 | |
576 | ||
577 | ### Added | |
578 | ||
579 | * Added a `From<ErrorStack> for ssl::Error` implementation. | |
580 | ||
581 | ## [v0.10.0] - 2018-01-10 | |
582 | ||
583 | ### Compatibility | |
584 | ||
585 | * openssl 0.10 still uses openssl-sys 0.9, so openssl 0.9 and 0.10 can coexist without issue. | |
586 | ||
587 | ### Added | |
588 | ||
589 | * The `ssl::select_next_proto` function can be used to easily implement the ALPN selection callback | |
590 | in a "standard" way. | |
591 | * FIPS mode support is available in the `fips` module. | |
592 | * Accessors for the Issuer and Issuer Alternative Name fields of X509 certificates have been added. | |
593 | * The `X509VerifyResult` can now be set in the certificate verification callback via | |
594 | `X509StoreContextRef::set_error`. | |
595 | ||
596 | ### Changed | |
597 | ||
598 | * All constants have been moved to associated constants of their type. For example, `bn::MSB_ONE` | |
599 | is now `bn::MsbOption::ONE`. | |
600 | * Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is | |
601 | used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume | |
602 | that certain components are present and will segfault trying to use things that aren't there. | |
603 | ||
604 | The `pkey` module contains new tag types named `Params`, `Public`, and `Private`, and the | |
605 | `Dh`, `Dsa`, `EcKey`, `Rsa`, and `PKey` have a type parameter set to one of those values. This | |
606 | allows the `Signer` constructor to indicate that it requires a private key at compile time for | |
607 | example. Previously, `Signer` would simply segfault if provided a key without private | |
608 | components. | |
609 | * ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single | |
610 | method used for both the server and client sides which performed everything automatically, the | |
611 | `SslContextBuilder::set_alpn_protos` and `SslContextBuilder::set_alpn_select_callback` handle | |
612 | the client and server sides respectively. | |
613 | * `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication` | |
614 | has been removed in favor of new methods which provide more control. The | |
615 | `ConnectConfiguration::use_server_name_indication` method controls the use of Server Name | |
616 | Indication (SNI), and the `ConnectConfiguration::verify_hostname` method controls the use of | |
617 | hostname verification. These can be controlled independently, and if both are disabled, the | |
618 | domain argument to `ConnectConfiguration::connect` is ignored. | |
619 | * Shared secret derivation is now handled by the new `derive::Deriver` type rather than | |
620 | `pkey::PKeyContext`, which has been removed. | |
621 | * `ssl::Error` is now no longer an enum, and provides more direct access to the relevant state. | |
622 | * `SslConnectorBuilder::new` has been moved and renamed to `SslConnector::builder`. | |
623 | * `SslAcceptorBuilder::mozilla_intermediate` and `SslAcceptorBuilder::mozilla_modern` have been | |
624 | moved to `SslAcceptor` and no longer take the private key and certificate chain. Install those | |
625 | manually after creating the builder. | |
626 | * `X509VerifyError` is now `X509VerifyResult` and can now have the "ok" value in addition to error | |
627 | values. | |
628 | * `x509::X509FileType` is now `ssl::SslFiletype`. | |
629 | * Asymmetric key serialization and deserialization methods now document the formats that they | |
630 | correspond to, and some have been renamed to better indicate that. | |
631 | ||
632 | ### Removed | |
633 | ||
634 | * All deprecated APIs have been removed. | |
635 | * NPN support has been removed. It has been supersceded by ALPN, and is hopefully no longer being | |
636 | used in practice. If you still depend on it, please file an issue! | |
637 | * `SslRef::compression` has been removed. | |
638 | * Some `ssl::SslOptions` flags have been removed as they no longer do anything. | |
639 | ||
640 | ## Older | |
641 | ||
642 | Look at the [release tags] for information about older releases. | |
643 | ||
68504ae0 FG |
644 | [Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.43...master |
645 | [v0.10.43]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.42...openssl-v0.10.43 | |
62c5094d FG |
646 | [v0.10.42]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.42 |
647 | [v0.10.41]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.40...openssl-v0.10.41 | |
648 | [v0.10.40]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.39...openssl-v0.10.40 | |
649 | [v0.10.39]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.38...openssl-v0.10.39 | |
650 | [v0.10.38]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.37...openssl-v0.10.38 | |
651 | [v0.10.37]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.37 | |
c8d4b494 XL |
652 | [v0.10.36]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.35...openssl-v0.10.36 |
653 | [v0.10.35]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.34...openssl-v0.10.35 | |
654 | [v0.10.34]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.33...openssl-v0.10.34 | |
655 | [v0.10.33]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.32...openssl-v0.10.33 | |
656 | [v0.10.32]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.31...openssl-v0.10.32 | |
657 | [v0.10.31]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.30...openssl-v0.10.31 | |
f5bb8b5f | 658 | [v0.10.30]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.29...openssl-v0.10.30 |
7c421261 XL |
659 | [v0.10.29]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.28...openssl-v0.10.29 |
660 | [v0.10.28]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.27...openssl-v0.10.28 | |
661 | [v0.10.27]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.26...openssl-v0.10.27 | |
217acde9 XL |
662 | [v0.10.26]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.25...openssl-v0.10.26 |
663 | [v0.10.25]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.24...openssl-v0.10.25 | |
664 | [v0.10.24]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.23...openssl-v0.10.24 | |
22758248 XL |
665 | [v0.10.23]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23 |
666 | [v0.10.22]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22 | |
667 | [v0.10.21]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21 | |
668 | [v0.10.20]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20 | |
669 | [v0.10.19]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19 | |
670 | [v0.10.18]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18 | |
671 | [v0.10.17]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17 | |
672 | [v0.10.16]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16 | |
673 | [v0.10.15]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15 | |
674 | [v0.10.14]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14 | |
675 | [v0.10.13]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13 | |
676 | [v0.10.12]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12 | |
677 | [v0.10.11]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11 | |
678 | [v0.10.10]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10 | |
679 | [v0.10.9]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9 | |
680 | [v0.10.8]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8 | |
681 | [v0.10.7]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7 | |
682 | [v0.10.6]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6 | |
683 | [v0.10.5]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5 | |
684 | [v0.10.4]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4 | |
685 | [v0.10.3]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3 | |
686 | [v0.10.2]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2 | |
687 | [v0.10.1]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1 | |
688 | [v0.10.0]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...openssl-v0.10.0 | |
689 | [release tags]: https://github.com/sfackler/rust-openssl/releases |