Showing content from https://github.com/rustls/rustls/releases below:
Releases · rustls/rustls · GitHub
Releases: rustls/rustls
Releases · rustls/rustls
0.23.31
- Fixes #2584 --
complete_io() not making progress when used with non-blocking IO. This was a regression in 0.23.30 (now yanked).
What's Changed
Full Changelog: v/0.23.30...v/0.23.31
0.23.30
- Fixes a bug with the unbuffered connection API that could result in deframing junk data after a close notify alert was received.
- Updates
Connection::complete_io() to yield a WouldBlock error when both read/write operations are blocked.
What's Changed
- Clarify the ambiguous process-level CryptoProvider error by @cpu in #2561
- 0.23: cherry-pick of fixes to
complete_io() with non-blocking transport by @ctz in #2578
- sign: make public_key_to_spki() public by @djc in #2580
- 0.23.30 release prep & 2575 backport by @cpu in #2576
Full Changelog: v/0.23.29...v/0.23.30
rustls-post-quantum-v/0.2.3
Add unstable support for verifying experimental post-quantum ML-DSA signature schemes.
What's Changed
- post-quantum: add unstable ML-DSA support by @djc in #2550
0.23.29
- Improved errors for invalid signature algorithms; added variants to both
CertificateError and CertRevocationError to replace the UnsupportedSignatureAlgorithm variant (now deprecated) in order to provide more context.
- Improved extension representation to increase handshake efficiency.
What's Changed
- Delete unusable no-std ticketer code by @ctz in #2500
- Support
_ABSENT_PARAMS PKCS#1 signature algorithms by @ctz in #2505
- Rework representation of extensions in
ClientHello by @ctz in #2502
- Rework representation of extensions in server messages by @ctz in #2508
- Reduce small
Vec<Enum> uses in extensions by @ctz in #2509
- client: refactor in preparation for PSK support by @djc in #2516
- client: pass all of ClientHelloInput into tls12 handle_server_hello() by @djc in #2518
- client: refactor client handshake some more by @djc in #2521
- Simplify the simpleserver example by using rustls::Stream by @Ten0 in #2522
- Add SignatureSchemes for ML-DSA by @djc in #2532
- add
From<Arc<CertifiedKey>> for SingleCertAndKey by @stormshield-gt in #2535
- Memoise computation of empty hash by @ctz in #2538
- Correct calculation of ServerHello ECH confirmation by @ctz in #2545
- Improve compactness of Debug impl for extensions by @ctz in #2546
- Do not retain master secret during terminal key schedule state by @ctz in #2540
- Adopt webpki 0.103.4 by @djc in #2531
0.23.28 0.23.27
- Add support for connection-level ALPN protocol configuration.
- Improve invalid key purpose errors.
- Prefer post-quantum key exchange algorithms by default.
- Add improved kTLS API.
What's Changed
0.23.26
- Bug fix: in certain circumstances we saw
std::io::Write::write_vectored implementations that reported writing more bytes than were available, in violation of that method's invariants. This seems to happen on macOS with certain VPN software active. Now we detect and return an error from write_tls calls in this case. See #2316.
- Admit support for a wider set of
SignatureSchemes in TLS1.3, so that external providers may support ED448, post-quantum signatures, and others. See #2420.
What's Changed
- Upgrade to hickory-resolver 0.25 by @djc in #2387
- Pin cargo-hack@0.6.33 for now by @ctz in #2389
- Revert "Pin cargo-hack@0.6.33 for now" by @ctz in #2390
- chore(deps): lock file maintenance by @renovate-bot in #2404
- Cargo: update aws-lc-fips-sys 0.13.4 -> 0.13.5 by @cpu in #2409
- chore(deps): update rust crate zlib-rs to 0.5 by @renovate-bot in #2407
- chore(deps): update dependency go to v1.24.2 by @renovate-bot in #2410
- chore: fix some typos by @xixishidibei in #2411
- Add cargo deny check in CI by @djc in #2412
- build(deps): bump openssl from 0.10.71 to 0.10.72 by @dependabot in #2413
- Take semver-compatible updates by @ctz in #2415
- Use tlswg name for draft-kwiatkowski-tls-ecdhe-mlkem by @ctz in #2418
- Invert working of
SignatureScheme::supported_in_tls13 by @ctz in #2420
- Reduce use of library internals in tests by @ctz in #2421
- 0.23.26: Detect and error on faulty
io::Write::write_vectored by @ctz in #2422
New Contributors
Full Changelog: v/0.23.25...v/0.23.26
0.23.25
- Translate
webpki::Error::RequiredEkuNotFound to rustls::CertificateError::InvalidPurpose. This allows rustls-platform-verifier to stop requiring that rustls shares its version of its private webpki dependency, which is a semver hazard.
What's Changed
- Map webpki RequiredEkuNotFound error to InvalidPurpose by @djc in #2384
- Prepare 0.23.25 by @ctz in #2385
Full Changelog: v/0.23.24...v/0.23.25
0.23.24
-
New feature: More detailed and helpful error reporting for common certificate errors, such as name mismatches and certificate expiry. Users who std::fmt::Display the rustls Error type will take advantage of this automatically. Users handling CertificateError variants individually should note the new variants, such as CertificateError::NotValidForNameContext (compare CertificateError::NotValidForName).
$ cargo -q run --bin tlsclient-mio -- --http wrong.host.badssl.com
TLS error: invalid peer certificate: certificate not valid for name "wrong.host.badssl.com";
certificate is only valid for DnsName("*.badssl.com") or DnsName("badssl.com")
Connection closed
The old CertificateError variants (such as NotValidForName, Expired, etc.) remain usable, and may be produced by both the default and third-party certificate verification traits.
-
New feature: Allow KTLS handoff for unbuffered API users, by introducing dangerous_extract_secrets(). Thanks to @edef1c.
-
Bug fix: Unbuffered connections now consume data during the next_record() function, rather than production of the state. This fixes #2031.
-
Bug fix: Build speed improvement for aws-lc-rs fips users.
-
Behavior change: Clients no longer offer resumption between different ClientConfigs that share a resumption store but do not share server certificate verification and client authentication credentials. If you share a resumption store between multiple ClientConfigs, please ensure their server certificate verification and client authentication credentials are also shared. Please read the new documentation on the ClientConfig::resumption item for details.
Additionally, if you share a resumption store or ticketer between multiple ServerConfigs, please see the new documentation on ServerConfig about this.
What's Changed
- Fix daily tests by @ctz in #2340
- ci: improve performance via more cache usage by @ctz in #2343
- Take semver-compatible dependencies by @ctz in #2344
- unbuffered: introduce dangerous_extract_secrets, analogous to buffered API by @edef1c in #2345
- docs: fix MSRV etc. by @brody4hire in #2346
- Clippy 1.85, 2024 style by @djc in #2348
- cleanup: specify once_cell version etc. in only 1 place by @brody4hire in #2352
- docs: update reference to danger NoCertificateVerification struct in examples by @brody4hire in #2351
- docs: minor improvements to CryptoProvider doc by @brody4hire in #2353
- unbuffered: do not prematurely consume data by @ctz in #2338
- bogo: implement -wait-for-debugger in shim by @cpu in #2347
- Take rustls-webpki 0.103.0 and improve certificate error reporting by @ctz in #2342
- Avoid handshake message round-tripping for binders by @ctz in #2359
- docs: improve some more links, etc. by @brody4hire in #2355
- adjust FIPS feature handling w.r.t aws-lc-sys by @cpu in #2291
- client: reject TLS 1.3 compat session ID in 1.2 by @cpu in #2360
- Update semver-compatible dependencies by @djc in #2366
- Avoid semver errors on discriminant changes by @djc in #2367
- fuzz/Cargo.lock: take semver-compatible updates by @ctz in #2372
- Prevent resumption between "incompatible" clients by @ctz in #2361
- chore(deps): update rust crate asn1 to 0.21 by @renovate-bot in #2374
- Mark unreachable functions with
coverage(off) by @ctz in #2373
- docs: link to manual from front page by @ctz in #2375
- chore(deps): update dependency go to v1.24.1 by @renovate-bot in #2376
- admin/coverage: only measure core crate coverage by @ctz in #2377
- Refactor: prefer to take reference on match scrutinee by @ctz in #2379
- Add warning about server-side cross-config resumption by @ctz in #2381
- Prepare 0.23.24 by @ctz in #2383
New Contributors
Full Changelog: v/0.23.23...v/0.23.24
0.23.23
- Export
SingleCertAndKey implementation of ResolvesServerCert (was already used internally).
- Expose
CertifiedKey::from_der() to help create CertifiedKeys with necessary checks.
- Note: users of the unbuffered API should now expect to encounter the new
ConnectionState::PeerClosed variant, raised when the peer cleanly terminates their side of the connection with a close_notify alert.
What's Changed
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4