0.103.1

Release Notes

• Avoids a possible type inference error when building in projects that also use jhpratt/deranged.

What's Changed

• Add new test case to integration tests by @dwhjames in #324
• Cargo: ring 0.17.8 -> 0.17.13 by @cpu in #329
• avoid inference hazard usize comparison by @cpu in #334

New Contributors

• @dwhjames made their first contribution in #324

Full Changelog: v/0.103.0...v/0.103.1

0.103.0

• Breaking change: add context to name validation errors. This adds a value to the CertNotValidForName error variant.
• Breaking change: stop Error being Copy -- the above change required this, as it started to have an allocated field.
• Breaking change: add context to time-based errors. This adds fields to the CertNotValidYet, CertExpired, and CrlExpired error variants.
• Breaking change: use algorithm identifiers from rustls-pki-types. This removes the alg_id module from this crate's public interface.
• Breaking change: remove reexport of rustls-pki-types.
• Breaking change: remove provider features from default feature set, and rename aws_lc_rs feature to aws-lc-rs.

What's Changed

• build(deps): bump the crates-io group with 2 updates by @dependabot in #285
• Update semver-compatible dependencies by @djc in #288
• build(deps): bump serde_json from 1.0.128 to 1.0.132 in the crates-io group by @dependabot in #289
• build(deps): bump serde from 1.0.210 to 1.0.214 in the crates-io group by @dependabot in #290
• aws-lc-rs prebuilt-nasm, update cargo check external types nightly version by @cpu in #291
• build(deps): bump codecov/codecov-action from 4 to 5 by @dependabot in #292
• Update dependencies & bump MSRV to 1.71 by @djc in #294
• proj: fix clippy 1.83 findings by @cpu in #296
• Update semver-compatible dependencies by @ctz in #298
• ci: use persist-credentials: false in testgen.yml by @cpu in #299
• build(deps): bump cryptography from 42.0.4 to 44.0.0 by @dependabot in #303
• Update dependencies by @djc in #306
• build(deps): bump serde from 1.0.216 to 1.0.217 in the crates-io group by @dependabot in #309
• add aws-lc-rs-fips feature, adjust sys dep by @cpu in #308
• build(deps): bump serde_json from 1.0.134 to 1.0.135 in the crates-io group by @dependabot in #310
• Add context in name validation errors by @djc in #301
• Simplify NameIterator by @djc in #311
• Remove providers from default features by @ctz in #302
• Use AlgorithmIdentifier values from rustls-pki-types by @ctz in #304
• Remove re-export of rustls-pki-types by @ctz in #313
• Add details to time-based errors by @ctz in #315
• build(deps): bump seanmiddleditch/gha-setup-ninja from 5 to 6 by @dependabot in #317
• rustfmt: style_edition 2024 by @ctz in #323
• build(deps): bump cryptography from 44.0.0 to 44.0.1 by @dependabot in #326
• Run all tests in CI by @ctz in #325

Full Changelog: v/0.102.8...v/0.103.0

0.102.8

Release notes

• Support for aws-lc-rs 1.9 added. This release adds supports for compressed EC public keys, when used with aws-lc-rs.

What's Changed

• Take aws-lc-rs 1.9 by @ctz in #284

Full Changelog: v/0.102.7...v/0.102.8

0.102.7

• Initial support for RFC 7250 "Raw public keys". A new RawPublicKeyEntity type has been added, offering a verify_signature() fn for verifying the signature over a given message using a raw public key produced from a pki_types::SubjectPublicKeyInfoDer instance.
• Relaxed CRL requirements for certificates with CRL distribution point extensions. Previously the revocation checking logic only considered a CRL authoritative for a certificate when it had a CRL distribution point extension if the CRL also had an issuing distribution point extension that matched. This has now been relaxed to consider a CRL without any issuing distribution point extension as authoritative for certificates with a matching issuer.

What's Changed

• build(deps): bump serde_json from 1.0.120 to 1.0.121 in the crates-io group by @dependabot in #274
• Update deny config by @djc in #277
• crl: CRL w/o IDP ext auth. for cert w/ DP by @cpu in #276
• build(deps): bump serde_json from 1.0.121 to 1.0.122 in the crates-io group by @dependabot in #278
• API for allowing signature validation given a SPKI/RPK by @holodorum in #275
• build(deps): bump the crates-io group with 2 updates by @dependabot in #279
• build(deps): bump the crates-io group with 2 updates by @dependabot in #280
• build(deps): bump the crates-io group with 2 updates by @dependabot in #283

New Contributors

• @holodorum made their first contribution in #275

Full Changelog: v/0.102.6...v/0.102.7

0.102.6

• Add support for P-521 curve with SHA-256/SHA-384 digests

What's Changed

• types: avoid markdown footnotes by @cpu in #268
• build(deps): bump serde from 1.0.203 to 1.0.204 in the crates-io group by @dependabot in #269
• Update EndEntityCert documentation by @djc in #271
• Add support for P-521 curve with SHA-256/SHA-384 digests by @samin-cf in #272

New Contributors

• @samin-cf made their first contribution in #272

Full Changelog: v/0.102.5...v/0.102.6

0.102.5

Notable changes

• EndEntityCert::subject_public_key_info() as added in 0.102.4 neglected to specify the return type's lifetime, limiting the visible lifetime to the lifetime of the EndEntityCert. The actual lifetime was 'static; we've made this explicit and enabled warnings for elided_lifetimes_in_paths to avoid similar issues in the future.

What's changed

• build(deps): bump the crates-io group with 2 updates by @dependabot in #257
• ci: update cargo-check-external-types toolchain by @cpu in #258
• build(deps): bump seanmiddleditch/gha-setup-ninja from 4 to 5 by @dependabot in #260
• build(deps): bump aws-lc-rs from 1.7.2 to 1.7.3 in the crates-io group by @dependabot in #261
• Enable some more warnings on lints by @djc in #262
• lib: warn for clippy::use_self by @cpu in #263
• build(deps): bump the crates-io group with 2 updates by @dependabot in #265
• Prepare 0.102.5 release by @djc in #266

v/0.102.4

• RevocationOptionsBuilder now offers a with_expiration_policy() fn for setting an ExpirationPolicy that will be used to determine how to handle CRLs that have a NextUpdate value in the past. The default behaviour is to ignore the NextUpdate. Users wishing to use a stricter policy can do so by specifying ExpirationPolicy::Enforce. Revocation checking against an expired CRL will then produce an Error::CrlExpired error.
• EndEntityCert now offers a subject_public_key_info() fn for accessing the RFC 5280 pki_types::SubjectPublicKeyInfoDer.

What's Changed

• build(deps): bump serde from 1.0.198 to 1.0.199 in the crates-io group by @dependabot in #250
• benches: ignore clippy::incompatible_msrv by @cpu in #251
• build(deps): bump the crates-io group with 3 updates by @dependabot in #252
• Add SubjectPublicKeyInfo methods for cert::Cert by @lvkv in #253
• build(deps): bump the crates-io group across 1 directory with 2 updates by @dependabot in #255
• Add support for enforcing CRL expiration using nextUpdate field by @jasperpatterson in #227
• Cargo: v0.102.3 -> v0.102.4 by @cpu in #256

New Contributors

• @lvkv made their first contribution in #253

Full Changelog: v/0.102.3...v/0.102.4

v/0.102.3

• New KeyUsage::required_if_present() fn for requiring a certificate to support the specified OID, if the certificate has EKUs.
• Updates aws-lc-rs to 1.7.0
• MSRV increased from 1.61 to 1.63

What's Changed

• build(deps): bump codecov/codecov-action from 3 to 4 by @dependabot in #226
• Allow "required if present" EKUs by @jasperpatterson in #229
• Synchronise codecov action settings with rustls by @ctz in #230
• ci: sync nightly for check-external-types by @cpu in #231
• build(deps): bump cryptography from 41.0.6 to 42.0.4 by @dependabot in #233
• Fix nightly compilation by @ctz in #234
• Fix windows build by @ctz in #235
• build(deps): bump base64 from 0.21.7 to 0.22.0 by @dependabot in #237
• build(deps): bump serde_json from 1.0.114 to 1.0.115 by @dependabot in #238
• Update semver-compatible dependencies by @djc in #241
• deps: rcgen 0.12 -> 0.13 by @cpu in #239
• Simplify test chain building by @djc in #244
• build(deps): bump serde_json from 1.0.115 to 1.0.116 by @dependabot in #245
• build(deps): bump serde from 1.0.197 to 1.0.198 by @dependabot in #247
• Update Dependabot config to match rustls by @djc in #249
• v0.102.3, bump aws-lc-rs from 1.6.4 to 1.7.0, MSRV 1.63 by @cpu in #248

New Contributors

• @jasperpatterson made their first contribution in #229

Full Changelog: v/0.102.2...v/0.102.3

0.102.2

What's Changed

• small nightly clippy fixes by @cpu in #222
• Cargo: avoid unused aws-lc-rs default features by @cpu in #224
• aws_lc_rs_algs: Expose FIPS status by @ctz in #225

Full Changelog: v/0.102.1...v/0.102.2

0.102.1

Headlines

• Added webpki::aws_lc_rs::ECDSA_P521_SHA512: support for P521-SHA512 signature verification.

What's Changed

• build(deps): bump cryptography from 41.0.4 to 41.0.6 by @dependabot in #215
• Introduce and test ECDSA_P521_SHA512 for aws-lc-rs by @ctz in #216
• build(deps): bump actions/setup-python from 4 to 5 by @dependabot in #218
• cert: fix clippy get_first finding by @cpu in #220
• build(deps): update rcgen requirement from 0.11.3 to 0.12.0 by @dependabot in #219

Full Changelog: v/0.102.0...v/0.102.1