1.9.0

This crate now contains a stand-alone PEM decoder. This removes a dependency on the base64 crate, and also means PEM decoding of private key data is now done in constant time and avoids secret-dependent branches and memory accesses (at some performance cost).

The function of the rustls-pemfile crate is incorporated into this one. We will shortly make an apex release of rustls-pemfile which maintains the same API as before, using the new API in this crate.

What's Changed

• actions/checkout: v3 -> v4 by @ctz in #52
• feat: more from impls for ServerName and IpAddr by @nanoqsh in #55
• feat: derive Ord on UnixTime by @devanlai in #57
• Direct support for PEM-decoding of this crate's types by @ctz in #53
• Fix documentation referring to private item by @ctz in #58
• Support PEM decoding for EchConfigListBytes by @ctz in #54

New Contributors

• @nanoqsh made their first contribution in #55
• @devanlai made their first contribution in #57

Full Changelog: v/1.8.0...v/1.9.0

1.8.0

• New const CertificateDer::from_slice() function for creating a CertificateDer instance from a slice of DER.

What's Changed

• Fix some new 1.79 clippy findings by @cpu in #50
• add const-friendly CertificateDer::from_slice by @cpu in #51

Full Changelog: v/1.7.0...v/1.8.0

1.7.0

• SubjectPublicKeyInfo was renamed to SubjectPublicKeyInfoDer, and a deprecated type alias under the old name was added.

What's Changed

• v1.7.0 prep, SubjectPublicKeyInfo -> SubjectPublicKeyInfoDer by @cpu in #48

Full Changelog: v/1.6.0...v/1.7.0

1.6.0

What's Changed

• Add SubjectPublicKeyInfo DER newtype by @lvkv in #47

v/1.5.0

• A new EchConfigListBytes type is added for representing TLS encoded Encrypted Client Hello (ECH) configuration lists. See draft-ietf-tls-esni-18 §4 for more information.

What's Changed

• Move test keys into tests by @djc in #44
• Move key type determination tests into tests/ by @djc in #45
• add EchConfigListBytes for encrypted client hello configs by @cpu in #46

Full Changelog: v/1.4.1...v/1.5.0

1.4.1

Release notes

• Relaxes PrivateKeyDer::TryFrom PKCS8 heuristic to accept RFC 5958 encodings using Version v2.

What's Changed

• Fix parsing for PrivateKeyDer by @Alvenix in #42
• Cargo: version 1.4.0 -> 1.4.1 by @cpu in #43

Full Changelog: v/1.4.0...v/1.4.1

1.4.0

Release notes

• Adds PrivateKeyDer::TryFrom for &[u8] and Vec<u8> to map DER PKCS8, PKCS1, and SEC1 inputs to the correct PrivateKeyDer variant.
• Adds optional web feature to facilitate using web-time to support the wasm32-unknown-unknown target.

What's Changed

• Supply web-time::SystemTime for wasm32 by @DanGould in #32
• Add TryFrom from &[u8] and Vec to PrivateKeyDer by @Alvenix in #40
• Cargo: version 1.3.1 -> 1.4.0 by @cpu in #41

New Contributors

• @DanGould made their first contribution in #32
• @Alvenix made their first contribution in #40

Full Changelog: v/1.3.1...v/1.4.0

1.3.1

Release notes

• Bug fix: correct type names in Debug output for PrivateSec1KeyDer and PrivatePkcs8KeyDer types.

What's Changed

• Correct copypasta typos for the pkcs8 and sec1 debug fmt functions. by @bmbenson in #37

New Contributors

• @bmbenson made their first contribution in #37

Full Changelog: v/1.3.0...v/1.3.1

v/1.3.0

• Adds CertificateSigningRequestDer to represent a DER encoded Certificate Signing Request (CSR) as specified in RFC 2986.

What's Changed

• docs: add mention of no Clone on private keys by @cpu in #30
• docs: further refinement of no-clone advice by @cpu in #31
• Add CertificateSigningRequestDer type by @Tudyx in #33
• Cargo: version 1.2.0 -> 1.3.0 by @cpu in #34

New Contributors

• @Tudyx made their first contribution in #33

Full Changelog: v/1.2.0...v/1.3.0

v/1.2.0

What's Changed

• Allow SignatureVerificationAlgorithm to state FIPS status by @ctz in #28

Full Changelog: v/1.1.0...v/1.2.0