v/0.102.0-alpha.6

What's Changed

• build(deps): bump cryptography from 41.0.3 to 41.0.4 by @dependabot in #196
• Expose built path in public API by @djc in #174
• verify_cert: add test for rejecting candidate path by @cpu in #197
• Deny warnings from clippy by @djc in #198
• Use cargo-check-external-types to control type leakage in public API by @cpu in #202
• trust_anchor: fix stale note about EndEntityOrCA by @cpu in #204
• Improve CRL ergonomics, replace trait with enum by @cpu in #203

Full Changelog: v/0.102.0-alpha.4...v/0.102.0-alpha.6

0.101.7

• Upgrades *ring* to 0.17, and untrusted to 0.9. Note: since untrusted appears in the Error API this may be a breaking change for applications using two untrusted versions.

What's Changed

• Simplify tests for DER errors by @djc in #193
• Upgrade to ring 0.17, untrusted 0.9 by @djc in #193
• Bump MSRV to 1.61 by @djc in #193
• Upgrade to rcgen 0.11.3 by @cpu in #189, #195
• v0.101.7 preparation by @cpu in #199

Full Changelog: v/0.101.6...v/0.101.7

0.102.0-alpha.4

What's Changed

• cert: retain CRL distribution points extension. by @cpu in #127
• Tweak style in distribution point handling by @djc in #137
• crl: retain issuing distribution point extension by @cpu in #128
• Implement FromDer trait and DerIterator type by @djc in #139
• Make ring optional by @ctz in #134
• Name iterator by @djc in #140
• Impl FromDer for more types by @djc in #141
• fix no-std support by @japaric in #145
• Refactor DER parsing by @djc in #142
• revocation: more sophisticated revocation checking. by @cpu in #138
• build(deps): bump cryptography from 41.0.2 to 41.0.3 by @dependabot in #146
• Use doc_auto_cfg and remove manual doc(cfg()) gates by @ctz in #150
• bettertls: test both pathbuilding and nameconstraints. by @cpu in #151
• verify_cert: enforce maximum number of signatures. by @cpu in #152
• Fix build & clippy lints by @ctz in #156
• SECURITY.md: use github vuln reporting tool by @ctz in #155
• Enable warnings for cargo doc comments on private items by @cpu in #157
• Switch to using the pki-types crate by @djc in #147
• Bump version to alpha.1 with pki-types by @djc in #161
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #162
• Further limits on expensive path building by @ctz in #163
• Budget tweaks by @djc in #164
• Use signature verification trait from pki-types by @ctz in #166
• verify_cert: bound name constraint comparisons. by @cpu in #165
• Remove subject common name parsing by @hawkw in #169
• verify_cert: correct handling of fatal errors. by @cpu in #168
• subject_name: fix stale unused_imports allow. by @cpu in #171
• Extract PathNode from Cert by @djc in #173
• Use pki_types::UnixTime instead of local Time type by @djc in #175
• tests: local test speed optimizations, add cargo hack feature powerset by @cpu in #176
• docs: add CONTRIBUTING.md, ref'ing Rustls CONTRIBUTING by @cpu in #177
• Note that self-signed certificates are not supported. by @bdaehlie in #180
• properly test build chain call budget by @cpu in #179
• Use stable for coverage measurement by @ctz in #181
• Optionally support aws-lc-rs by @ctz in #158
• rework dns_names helper, remove alloc req. by @cpu in #178
• Let EndEntityCert deref to Cert by @djc in #184
• Refactor name verification flow by @djc in #188
• Cargo: remove rcgen git patch by @cpu in #189
• crl: rm Budget from verify_signature fn by @cpu in #190
• NFC: Correct name of mozilla::pkix in comment. by @cpu in #192
• Cargo: restore rcgen w/ no-default-features by @cpu in #195
• Upgrade to untrusted 0.9 and ring 0.17 by @djc in #193
• Prepare 0.102.0-alpha.4 by @ctz in #194

New Contributors

• @japaric made their first contribution in #145
• @hawkw made their first contribution in #169
• @bdaehlie made their first contribution in #180

Full Changelog: v/0.101.6...v/0.102.0-alpha.4

0.101.6

• The CertificateRevocationList trait's verify_signature Budget argument was removed. This was a semver incompatible change mistakenly introduced in v0.101.5.

What's Changed

• crl: rm Budget from verify_signature fn by @cpu in #187

Full Changelog: v/0.101.5...v/0.101.6

0.101.5

• Path building complexity is now limited to a maximum budget of path finding operations, avoiding exponential processing time when encountering certificate chains containing many certificates with the same subject/issuer distinguished name but different subject public key information.
• Name constraints evaluation is now limited to a maximum number of comparison operations, avoiding exponential processing time when encountering certificate chains containing many name constraints and subject alternate names.
• Subject common names are no longer parsed for name iteration, or applying name constraints. Webpki only uses Subject Alternate Names when validating certificates, and the common name handling was buggy, producing Error::BadDer when iterating certificates with printable string subject common names, or omitted common names encoded as an empty sequence.

What's Changed

The following PRs were backported to the rel-0.101 branch in #170:

• Further limits on expensive path building (#163)
• Budget tweaks (#164)
• Bound name constraint comparisons (#165)
• Remove subject common name parsing (#169, thanks to @hawkw)
• Correct handling of fatal errors (#168)

Thanks to all who have contributed, on behalf of the rustls team (@ctz, @cpu and @djc)!

0.100.3

• Path building complexity is now limited to a maximum budget of path finding operations, avoiding exponential processing time when encountering certificate chains containing many certificates with the same subject/issuer distinguished name but different subject public key information.
• Name constraints evaluation is now limited to a maximum number of comparison operations, avoiding exponential processing time when encountering certificate chains containing many name constraints and subject alternate names.

What's Changed

The following PRs were backported to the rel-0.100 branch in #172

• Further limits on expensive path building (#163)
• Budget tweaks (#164)
• Bound name constraint comparisons (#165)
• Correct handling of fatal errors (#168)

Full Changelog: v/0.100.2...v/0.100.3

Thanks to all who have contributed, on behalf of the rustls team (@ctz, @cpu and @djc)!

0.101.4

Release notes

• certificate path building and verification is now capped at 100 signature validation operations to avoid the risk of CPU usage denial-of-service attack when validating crafted certificate chains producing quadratic runtime. This risk affected both clients, as well as servers that verified client certificates.

What's Changed

• v0.101.4 prep by @cpu in #153

Full Changelog: v/0.101.3...v/0.101.4

v/0.100.2

Release notes

• certificate path building and verification is now capped at 100 signature validation operations to avoid the risk of CPU usage denial-of-service attack when validating crafted certificate chains producing quadratic runtime. This risk affected both clients, as well as servers that verified client certificates.

What's Changed

• v0.100.2 prep by @cpu in #154

Full Changelog: v/0.100.1...v/0.100.2

v/0.101.3

Release Notes

• TlsServerTrustAnchors, TlsClientTrustAnchors, verify_is_valid_tls_server_cert and verify_is_valid_tls_client_cert deprecation notes improved.

What's Changed

• trust_anchor/end_entity: rework deprecation notes by @cpu in #149
• 0.101.3 release prep by @cpu in #149

Full Changelog: v/0.101.2...v/0.101.3

v/0.102.0-alpha.0

Pre-release.

What's Changed

• cert: retain CRL distribution points extension. by @cpu in #127
• Tweak style in distribution point handling by @djc in #137
• crl: retain issuing distribution point extension by @cpu in #128
• Implement FromDer trait and DerIterator type by @djc in #139
• Make ring optional by @ctz in #134
• Name iterator by @djc in #140
• Impl FromDer for more types by @djc in #141
• fix no-std support by @japaric in #145
• Refactor DER parsing by @djc in #142
• revocation: more sophisticated revocation checking. by @cpu in #138

New Contributors

• @japaric made their first contribution in #145

Full Changelog: v/0.101.2...v/0.102.0-alpha.0