|
1 | 1 | # Changelog |
2 | 2 |
|
| 3 | +## 0.12.0 (2023-12-03) |
| 4 | + |
| 5 | +This release updates to [Rustls 0.22], but does not yet expose support for |
| 6 | +customizing the cryptographic provider. This will be added in a future release, |
| 7 | +and 0.12.0 continues to use `*ring*` as the only cryptographic provider. |
| 8 | + |
| 9 | +[Rustls 0.22]: https://github.com/rustls/rustls/releases/tag/v%2F0.22.0 |
| 10 | + |
| 11 | +### Added |
| 12 | + |
| 13 | +* `RUSTLS_RESULT_CLIENT_CERT_VERIFIER_BUILDER_NO_ROOT_ANCHORS` error code, |
| 14 | + returned when a client cert verifier is being built that hasn't provided any |
| 15 | + root trust anchors. |
| 16 | +* The server certificate verifier now supports CRL revocation checking through |
| 17 | + policy and CRLs provided to the server certificate verifier builder. |
| 18 | +* Client certificate verifier builder now supports controlling CRL revocation |
| 19 | + status check depth and unknown revocation policy. |
| 20 | + |
| 21 | +### Changed |
| 22 | + |
| 23 | +* The root certificate store constructor (`rustls_root_cert_store_new`) and the |
| 24 | + function to add PEM content (`rustls_root_cert_store_add_pem`) have been |
| 25 | + replaced with a new `rustls_root_cert_store_builder` type, constructed with |
| 26 | + `rustls_root_cert_store_builder_new`. PEM content can be added with |
| 27 | + `rustls_root_cert_store_builder_add_pem` and |
| 28 | + `rustls_root_cert_store_builder_load_roots_from_file`. |
| 29 | +* The client verifier builders ( |
| 30 | + `rustls_allow_any_anonymous_or_authenticated_client_builder`, and |
| 31 | + `rustls_allow_any_authenticated_client_builder`) as well as the client |
| 32 | + verifier types (`rustls_allow_any_anonymous_or_authenticated_client_verifier`, |
| 33 | + `rustls_allow_any_authenticated_client_verifier`) have been replaced with |
| 34 | + `rustls_web_pki_client_cert_verifier_builder` and `rustls_client_cert_verifier`. |
| 35 | +* The server config client verifier setters |
| 36 | + (`rustls_server_config_builder_set_client_verifier` and |
| 37 | + `rustls_server_config_builder_set_client_verifier_optional`) have been |
| 38 | + replaced with `rustls_server_config_builder_set_client_verifier`. |
| 39 | +* The client config builder functions for specifying root trust anchors |
| 40 | + (`rustls_client_config_builder_use_roots` and |
| 41 | + `rustls_client_config_builder_load_roots_from_file`) have been replaced |
| 42 | + with a server certificate verifier builder |
| 43 | + (`rustls_web_pki_server_cert_verifier_builder`) constructed with |
| 44 | + `rustls_web_pki_server_cert_verifier_builder_new` and |
| 45 | + a `rustls_root_cert_store`. The built `rustls_web_pki_server_cert_verifier` |
| 46 | + can be provided to a client config builder with |
| 47 | + `rustls_client_config_builder_set_server_verifier`. |
| 48 | +* CRL validation defaults to checking the full certificate chain, and treating |
| 49 | + unknown revocation status as an error condition. |
| 50 | + |
| 51 | +### Removed |
| 52 | + |
| 53 | +* `RUSTLS_RESULT_CERT_SCT_*` error codes have been removed. |
| 54 | + |
3 | 55 | ## 0.11.0 (2023-07-14) |
4 | 56 |
|
5 | 57 | ### Added |
|
0 commit comments