1# Change Log
2
3## [Unreleased]
4
5## [v0.10.64] - 2024-02-19
6
7### Added
8
9* Added `PkeyCtxRef::{nonce_type, set_nonce_type}`.
10* Added `X509Ref::alias`.
11
12
13## [v0.10.63] - 2024-01-19
14
15### Added
16
17* Added `Pkcs7Ref::{type_,signed}`.
18* Added `Pkcs7SignedRef::certificates`.
19* Added `Cipher::{aes_256_xts,des_ede3_ecb,des_ede3_cfb8,des_ede3_ofb,camellia128_ofb,camellia192_ofb,camellia256_ofb,cast5_ofb,idea_ofb}`
20* Added `PKey::from_dhx`
21* Added `PKey::{public_key_from_pem_passphrase,public_key_from_pem_callback}`.
22
23### Changed
24
25* `Cipher::aes_128_ofb` is now available on BoringSSL
26* `Nid::{BRAINPOOL_P256R1,BRAINPOOL_P320R1,BRAINPOOL_P384R1,BRAINPOOL_P512R1}` are now available on LibreSSL.
27
28## [v0.10.62] - 2023-12-22
29
30### Added
31
32* Added `Nid::BRAINPOOL_P320R1`
33* Added `rand_priv_bytes`
34
35### Fixed
36
37* Fixed building on the latest version of BoringSSL
38
39## [v0.10.61] - 2023-12-04
40
41### Changed
42
43* `SslStream` now uses `SSL_read_ex`, `SSL_write_ex`, and `SSL_peek_ex` when available
44
45### Added
46
47* Added `SslStream::{read_uninit, ssl_read_uninit}`.
48
49## [v0.10.60] - 2023-11-22
50
51### Deprecated
52
53* Deprecated `X509StoreRef::objects`. It is unsound. All callers should migrate to using `X509StoreRef::all_certificates` instead.
54
55### Fixed
56
57* Fixed a memory leak when calling `SslContextBuilder::set_ex_data` and `SslRef::set_ex_data` multiple times with the same index.
58
59### Added
60
61* Added `X509StoreRef::all_certificates`
62* Added `cipher::Cipher::{camellia128_cbc,camellia192_cbc,camellia256_cbc,cast5_cbc,idea_cbc}`
63* Added `symm::Cipher::{des_ede3_ecb,des_ede3_cfb8,des_ede3_ofb,camellia_128_ecb,camellia_128_ofb,camellia_128_cfb128,camellia_192_ecb,camellia_192_ofb,camellia_192_cfb128,camellia_256_ecb,camellia_256_ofb,camellia_256_cfb128,cast5_ecb,cast5_ofb,cast5_cfb64,idea_ecb,idea_ofb,idea_cfb64}`
64* Added `Crypter::update_unchecked`
65* Added `SslRef::{peer_tmp_key,tmp_key}`
66
67### Changed
68
69* `cipher::Cipher::chacha20` is now available on LibreSSL
70* `symm::Cipher::chacha20` is now available on LibreSSL
71
72## [v0.10.59] - 2023-11-03
73
74### Added
75
76* Added `Nid::CHACHA20_POLY1305`
77
78### Changed
79
80* Fixed the availability of `Id::RSA_PSS` on OpenSSL
81
82## [v0.10.58] - 2023-11-01
83
84### Added
85
86* Added `Id::{RSA_PSS,DHX}` constants
87* Added `SslContextBuilder::set_security_level`
88* Added `SslContextRef::security_level`
89* Added `SslRef::set_security_level`, `SslRef::security_level`
90* Added `Cipher::{camellia_128_cbc, camellia_192_cbc, camellia_256_cbc, cast5_cbc, idea_cbc}`
91* Added `X509CrlRef::extension`
92* Added `X509PurposeId::CODE_SIGN`
93
94### Changed
95
96* `Pkey` HKDF functionality now works on LibreSSL
97* `BigNum::mod_sqrt` is now available on all OpenSSLs
98* `MessageDigest::sha3*` are now available on LibreSSL
99
100## [v0.10.57] - 2023-08-27
101
102### Added
103* Added `X509VerifyParam::set_email`
104* `Cipher::chacha20_poly1305` is now available on LibreSSL
105* Added `CipherCtx::copy`
106
107### Changed
108* Updated `bitflags` dependecy to the 2.x series
109
110## [v0.10.56] - 2023-08-06
111
112## Added
113
114* Added `BigNumRef::mod_sqrt`.
115* Added `PkeyCtxRef::set_signature_md` and `PkeyCtxRef::set_rsa_pss_saltlen`.
116* Added `PkeyCtxRef::verify_recover_init` and `PkeyCtxRef::verify_recover`.
117* Added `BigNumRef::is_even` and `BigNumRef::is_odd`.
118* Added `EcPointRef::to_hex_str` and `EcPoint::from_hex_str`.
119* Added support for AES key wrap and wrap pad.
120
121## [v0.10.55] - 2023-06-20
122
123### Fixed
124
125* Fixed compilation with the latest version of BoringSSL.
126* Fixed compilation when OpenSSL is compiled with `OPENSSL_NO_OCB`.
127* Fixed a segfault in `X509VerifyParamRef::set_host` when called with an empty string.
128
129### Added
130
131* Added `Deriver::set_peer_ex`.
132* Added `EcGroupRef::asn1_flag`.
133* Exposed `EcPointRef::affine_coordinates` on BoringSSL and LibreSSL.
134* Added `Nid::SM2` and `Id::SM2`
135
136## [v0.10.54] - 2023-05-31
137
138### Fixed
139
140* `PKey::private_key_to_pkcs8_passphrase` no longer panics if a `passphrase` contains a NUL byte.
141
142## [v0.10.53] - 2023-05-30
143
144### Added
145
146* Added `Dsa::from_pqg`, `Dsa::generate_key`, and `Dsa::generate_params`.
147* Added `SslRef::bytes_to_cipher_list`.
148* Added `SubjectAlternativeName::other_name2`
149
150## [v0.10.52] - 2023-04-24
151
152### Added
153
154* Added `DhRef::check_key`.
155* Added `Id::POLY1305`.
156* Added `X509Ref::subject_key_id`, `X509Ref::authority_key_id`, `X509Ref::authority_issuer`, and `X509Ref::authority_serial`.
157
158
159## [v0.10.51] - 2023-04-20
160
161### Added
162
163* Added `X509RevokedRef::issuer_name` and `X509RevokedRef::reason_code`.
164* Added `Dh::set_key` and `Dh::set_public_key`
165* Added `Asn1OctetString` and `Asn1OctetStringRef1`
166* Added `X509Extension::new_from_der`
167
168### Deprecated
169
170* Deprecated `X509Extension::new` and `X509Extension::new_nid` in favor of `X509Extension::new_from_der` and the `extensions` module.
171* Deprecated `X509Extension::add_alias`, it is not required with `new_from_der` or the `extensions` module.
172
173## [v0.10.50] - 2023-04-09
174
175### Added
176
177* Added `CipherCtxRef::cipher_update_inplace`.
178
179## [v0.10.49] - 2023-04-01
180
181### Fixed
182
183* `SslConnector` no longer sets the SNI extension when connecting to an IP address.
184
185### Added
186
187* Implemented `Ord`, `PartialOrd`, `Eq`, and `PartialEq` for `Asn1Integer` and `Asn1IntegerRef`.
188* Added `X509Ref::crl_distribution_points`, and `DistPoint`.
189
190## [v0.10.48] - 2023-03-23
191
192### Fixed
193
194* Fixed injection vulnerabilities where OpenSSL's configuration mini-language could be used via `x509::extension::SubjectAlternativeName` and `x509::extension::ExtendedKeyUsage`. The mini-language can read arbitrary files amongst other things.
195  * As part of fixing this `SubjectAlternativeName::dir_name` and `SubjectAlternativeName::other_name` are deprecated and their implementations always `panic!`. If you have a use case for these, please file an issue.
196* Fixed several NULL pointer dereferences in OpenSSL that could be triggered via `x509::X509Extension::new` and `x509::X509Extension::new_nid`. Note that these methods still accept OpenSSL's configuration mini-language, and therefore should not be used with untrusted data.
197* Fixed a data-race with `x509::X509Name` that are created with `x509::X509NameBuilder` and then used concurrently.
198* Fixed LibreSSL version checking. More functions should now be correctly available on LibreSSL.
199
200## [v0.10.47] - 2023-03-19
201
202### Added
203
204* Added support for X25519 and Ed25519 on LibreSSL and BoringSSL.
205* Added `Error::library_code` and `Error::reason_code`.
206
207## [v0.10.46] - 2023-03-14
208
209### Fixed
210
211* Fixed a potential null-pointer deref when parsing a PKCS#12 archive with no identity.
212* Fixed builds against OpenSSL built with `no-cast`.
213* Fixed debug formatting of `GeneralName`.
214
215### Deprecated
216
217* Deprecated `PKcs12Ref::parse` in favor of `Pkcs12Ref::parse2`.
218* Deprecated `ParsedPkcs12` in favor of `ParsedPkcs12_2`.
219* Deprecated `Pkcs12Builder::build` in favor of `Pkcs12Builder::build2`.
220
221### Added
222
223* Added `X509VerifyParamRef::set_auth_level`, `X509VerifyParamRef::auth_level`, and `X509VerifyParamRef::set_purpose`.
224* Added `X509PurposeId` and `X509Purpose`.
225* Added `X509NameBuilder::append_entry`.
226* Added `PKeyRef::private_key_to_pkcs8`.
227* Added `X509LookupRef::load_crl_file`.
228* Added `Pkcs12Builder::name`, `Pkcs12Builder::pkey`, and `Pkcs12Builder::cert`.
229* Added `SslRef::set_method`, `SslRef::set_private_key_file`, `SslRef::set_private_key`, `SslRef::set_certificate`, `SslRef::set_certificate_chain_file`, `SslRef::add_client_ca`, `SslRef::set_client_ca_list`, `SslRef::set_min_proto_version`, `SslREf::set_max_proto_version`, `SslRef::set_ciphersuites`, `SslRef::set_cipher_list`, `SslRef::set_verify_cert_store`.
230* Added `X509NameRef::to_owned`.
231* Added `SslContextBuilder::set_num_tickets`, `SslContextRef::num_tickets`, `SslRef::set_num_tickets`, and `SslRef::num_tickets`.
232* Added `CmsContentInfo::verify`.
233
234## [v0.10.45] - 2022-12-20
235
236### Fixed
237
238* Removed the newly added `CipherCtxRef::minimal_output_size` method, which did not work properly.
239* Added `NO_DEPRECATED_3_0` cfg checks for more APIs.
240
241### Added
242
243* Added `SslRef::add_chain_cert`.
244* Added `PKeyRef::security_bits`.
245* Added `Provider::set_default_search_path`.
246* Added `CipherCtxRef::cipher_final_unchecked`.
247
248## [v0.10.44] - 2022-12-06
249
250### Added
251
252* Added `CipherCtxRef::num`, `CipherCtxRef::minimal_output_size`, and `CipherCtxRef::cipher_update_unchecked`.
253* Improved output buffer size checks in `CipherCtxRef::cipher_update`.
254* Added `X509Lookup::file` and `X509LookupRef::load_cert_file`.
255
256## [v0.10.43] - 2022-11-23
257
258### Added
259
260* Added `Nid::BRAINPOOL_P256R1`, `Nid::BRAINPOOL_P384R1`, `Nid::BRAINPOOL_P512R1`.
261* Added `BigNumRef::copy_from_slice`.
262* Added `Cipher` constructors for Camellia, CAST5, and IDEA ciphers.
263* Added `DsaSig`.
264* Added `X509StoreBuilderRef::set_param`.
265* Added `X509VerifyParam::new`, `X509VerifyParamRef::set_time`, and `X509VerifyParamRef::set_depth`.
266
267## [v0.10.42] - 2022-09-26
268
269### Added
270
271* Added `SslRef::psk_identity_hint` and  `SslRef::psk_identity`.
272* Added SHA-3 constants to `Nid`.
273* Added `SslOptions::PRIORITIZE_CHACHA`.
274* Added `X509ReqRef::to_text`.
275* Added `MdCtxRef::size`.
276* Added `X509NameRef::try_cmp`.
277* Added `MdCtxRef::reset`.
278* Added experimental, unstable support for BoringSSL.
279
280### Fixed
281
282* Fixed `MdCtxRef::digest_verify_init` to support `PKey`s with only public components.
283
284## [v0.10.41] - 2022-06-09
285
286### Fixed
287
288* Fixed a use-after-free in `Error::function` and `Error::file` with OpenSSL 3.x.
289
290### Added
291
292* Added `MessageDigest::block_size` and `MdRef::block_size`.
293* Implemented `Ord` and `Eq` for `X509` and `X509Ref`.
294* Added `X509Extension::add_alias`.
295* Added SM4 support.
296* Added `EcGroup::from_components` `EcGropuRef::set_generator`, and `EcPointRef::set_affine_coordinates_gfp`.
297
298## [v0.10.40] - 2022-05-04
299
300### Fixed
301
302* Fixed the openssl-sys dependency version.
303
304## [v0.10.39] - 2022-05-02
305
306### Deprecated
307
308* Deprecated `SslContextBuilder::set_tmp_ecdh_callback` and `SslRef::set_tmp_ecdh_callback`.
309
310### Added
311
312* Added `SslRef::extms_support`.
313* Added `Nid::create`.
314* Added `CipherCtx`, which exposes a more direct interface to `EVP_CIPHER_CTX`.
315* Added `PkeyCtx`, which exposes a more direct interface to `EVP_PKEY_CTX`.
316* Added `MdCtx`, which exposes a more direct interface to `EVP_MD_CTX`.
317* Added `Pkcs12Builder::mac_md`.
318* Added `Provider`.
319* Added `X509Ref::issuer_name_hash`.
320* Added `Decrypter::set_rsa_oaep_label`.
321* Added `X509Ref::to_text`.
322
323## [v0.10.38] - 2021-10-31
324
325### Added
326
327* Added `Pkey::ec_gen`.
328
329## [v0.10.37] - 2021-10-27
330
331### Fixed
332
333* Fixed linkage against OpenSSL distributions built with `no-chacha`.
334
335### Added
336
337* Added `BigNumRef::to_vec_padded`.
338* Added `X509Name::from_der` and `X509NameRef::to_der`.
339* Added `BigNum::new_secure`, `BigNumReef::set_const_time`, `BigNumref::is_const_time`, and `BigNumRef::is_secure`.
340
341## [v0.10.36] - 2021-08-17
342
343### Added
344
345* Added `Asn1Object::as_slice`.
346* Added `PKeyRef::{raw_public_key, raw_private_key, private_key_to_pkcs8_passphrase}` and
347    `PKey::{private_key_from_raw_bytes, public_key_from_raw_bytes}`.
348* Added `Cipher::{seed_cbc, seed_cfb128, seed_ecb, seed_ofb}`.
349
350## [v0.10.35] - 2021-06-18
351
352### Fixed
353
354* Fixed a memory leak in `Deriver`.
355
356### Added
357
358* Added support for OpenSSL 3.x.x.
359* Added `SslStream::peek`.
360
361## [v0.10.34] - 2021-04-28
362
363### Added
364
365* Added `Dh::set_private_key` and `DhRef::private_key`.
366* Added `EcPointRef::affine_coordinates`.
367* Added `TryFrom` implementations to convert between `PKey` and specific key types.
368* Added `X509StoreBuilderRef::set_flags`.
369
370## [v0.10.33] - 2021-03-13
371
372### Fixed
373
374* `Dh::generate_params` now uses `DH_generate_params_ex` rather than the deprecated `DH_generated_params` function.
375
376### Added
377
378* Added `Asn1Type`.
379* Added `CmsContentInfoRef::decrypt_without_cert_check`.
380* Added `EcPointRef::{is_infinity, is_on_curve}`.
381* Added `Encrypter::set_rsa_oaep_label`.
382* Added `MessageDigest::sm3`.
383* Added `Pkcs7Ref::signers`.
384* Added `Cipher::nid`.
385* Added `X509Ref::authority_info` and `AccessDescription::{method, location}`.
386* Added `X509NameBuilder::{append_entry_by_text_with_type, append_entry_by_nid_with_type}`.
387
388## [v0.10.32] - 2020-12-24
389
390### Fixed
391
392* Fixed `Ssl::new` to take a `&SslContextRef` rather than `&SslContext`.
393
394### Added
395
396* Added the `encrypt` module to support asymmetric encryption and decryption with `PKey`s.
397* Added `MessageDigest::from_name`.
398* Added `ConnectConfiguration::into_ssl`.
399* Added the ability to create unconnected `SslStream`s directly from an `Ssl` and transport stream
400    without performing any part of the handshake with `SslStream::new`.
401* Added `SslStream::{read_early_data, write_early_data, connect, accept, do_handshake, stateless}`.
402* Implemented `ToOwned` for `SslContextRef`.
403* Added `SslRef::{set_connect_state, set_accept_state}`.
404
405### Deprecated
406
407* Deprecated `SslStream::from_raw_parts` in favor of `Ssl::from_ptr` and `SslStream::new`.
408* Deprecated `SslStreamBuilder` in favor of methods on `Ssl` and `SslStream`.
409
410## [v0.10.31] - 2020-12-09
411
412### Added
413
414* Added `Asn1Object::from_str`.
415* Added `Dh::from_pgq`, `DhRef::prime_p`, `DhRef::prime_q`, `DhRef::generator`, `DhRef::generate_params`,
416    `DhRef::generate_key`, `DhRef::public_key`, and `DhRef::compute_key`.
417* Added `Pkcs7::from_der` and `Pkcs7Ref::to_der`.
418* Added `Id::X25519`, `Id::X448`, `PKey::generate_x25519`, and `PKey::generate_x448`.
419* Added `SrtpProfileId::SRTP_AEAD_AES_128_GCM` and `SrtpProfileId::SRTP_AEAD_AES_256_GCM`.
420* Added `SslContextBuilder::verify_param` and `SslContextBuilder::verify_param_mut`.
421* Added `X509Ref::subject_name_hash` and `X509Ref::version`.
422* Added `X509StoreBuilderRef::add_lookup`, and the `X509Lookup` type.
423* Added `X509VerifyFlags`, `X509VerifyParamRef::set_flags`, `X509VerifyParamRef::clear_flags`
424    `X509VerifyParamRef::get_flags`.
425
426## [v0.10.30] - 2020-06-25
427
428### Fixed
429
430* `DsaRef::private_key_to_pem` can no longer be called without a private key.
431
432### Changed
433
434* Improved the `Debug` implementations of many types.
435
436### Added
437
438* Added `is_empty` implementations for `Asn1StringRef` and `Asn1BitStringRef`.
439* Added `EcPointRef::{to_pem, to_dir}` and `EcKeyRef::{public_key_from_pem, public_key_from_der}`.
440* Added `Default` implementations for many types.
441* Added `Debug` implementations for many types.
442* Added `SslStream::from_raw_parts`.
443* Added `SslRef::set_mtu`.
444* Added `Cipher::{aes_128_ocb, aes_192_ocb, aes_256_ocb}`.
445
446### Deprecated
447
448* Deprecated `SslStreamBuilder::set_dtls_mtu_size` in favor of `SslRef::set_mtu`.
449
450## [v0.10.29] - 2020-04-07
451
452### Fixed
453
454* Fixed a memory leak in `X509Builder::append_extension`.
455
456### Added
457
458* Added `SslConnector::into_context` and `SslConnector::context`.
459* Added `SslAcceptor::into_context` and `SslAcceptor::context`.
460* Added `SslMethod::tls_client` and `SslMethod::tls_server`.
461* Added `SslContextBuilder::set_cert_store`.
462* Added `SslContextRef::verify_mode` and `SslRef::verify_mode`.
463* Added `SslRef::is_init_finished`.
464* Added `X509Object`.
465* Added `X509StoreRef::objects`.
466
467## [v0.10.28] - 2020-02-04
468
469### Fixed
470
471* Fixed the mutability of `Signer::sign_oneshot` and `Verifier::verify_oneshot`. This is unfortunately a breaking
472    change, but a necessary soundness fix.
473
474## [v0.10.27] - 2020-01-29
475
476### Added
477
478* Added `MessageDigest::null`.
479* Added `PKey::private_key_from_pkcs8`.
480* Added `SslOptions::NO_RENEGOTIATION`.
481* Added `SslStreamBuilder::set_dtls_mtu_size`.
482
483## [v0.10.26] - 2019-11-22
484
485### Fixed
486
487* Fixed improper handling of the IV buffer in `envelope::{Seal, Unseal}`.
488
489### Added
490
491* Added `Asn1TimeRef::{diff, compare}`.
492* Added `Asn1Time::from_unix`.
493* Added `PartialEq` and `PartialOrd` implementations for `Asn1Time` and `Asn1TimeRef`.
494* Added `base64::{encode_block, decode_block}`.
495* Added `EcGroupRef::order_bits`.
496* Added `Clone` implementations for `Sha1`, `Sha224`, `Sha256`, `Sha384`, and `Sha512`.
497* Added `SslContextBuilder::{set_sigalgs_list, set_groups_list}`.
498
499## [v0.10.25] - 2019-10-02
500
501### Fixed
502
503* Fixed a memory leak in `EcdsaSig::from_private_components` when using OpenSSL 1.0.x.
504
505### Added
506
507* Added support for Ed25519 and Ed448 keys.
508* Implemented `ToOwned` for `PKeyRef` and `Clone` for `PKey`.
509
510## [v0.10.24] - 2019-07-19
511
512### Fixed
513
514* Worked around an OpenSSL 1.0.x bug triggered by code calling `SSL_set_app_data`.
515
516### Added
517
518* Added `aes::{wrap_key, unwrap_key}`.
519* Added `CmsContentInfoRef::to_pem` and `CmsContentInfo::from_pem`.
520* Added `DsaRef::private_key_to_pem`.
521* Added `EcGroupRef::{cofactor, generator}`.
522* Added `EcPointRef::to_owned`.
523* Added a `Debug` implementation for `EcKey`.
524* Added `SslAcceptor::{mozilla_intermediate_v5, mozilla_modern_v5}`.
525* Added `Cipher::{aes_128_ofb, aes_192_ecb, aes_192_cbc, aes_192_ctr, aes_192_cfb1, aes_192_cfb128, aes_192_cfb8,
526    aes_192_gcm, aes_192_ccm, aes_192_ofb, aes_256_ofb}`.
527
528## [v0.10.23] - 2019-05-18
529
530### Fixed
531
532* Fixed session callbacks when an `Ssl`'s context is replaced.
533
534### Added
535
536* Added `SslContextBuilder::add_client_ca`.
537
538## [v0.10.22] - 2019-05-08
539
540### Added
541
542* Added support for the LibreSSL 2.9.x series.
543
544## [v0.10.21] - 2019-04-30
545
546### Fixed
547
548* Fixed overly conservatifve buffer size checks in `Crypter` when using stream ciphers.
549
550### Added
551
552* Added bindings to envelope encryption APIs.
553* Added `PkeyRef::size`.
554
555## [v0.10.20] - 2019-03-20
556
557### Added
558
559* Added `CmsContentInfo::from_der` and `CmsContentInfo::encrypt`.
560* Added `X509Ref::verify` and `X509ReqRef::verify`.
561* Implemented `PartialEq` and `Eq` for `MessageDigest`.
562* Added `MessageDigest::type_` and `EcGroupRef::curve_name`.
563
564## [v0.10.19] - 2019-03-01
565
566### Added
567
568* The openssl-sys build script now logs the values of environment variables.
569* Added `ERR_PACK` to openssl-sys.
570* The `ERR_*` functions in openssl-sys are const functions when building against newer Rust versions.
571* Implemented `Clone` for `Dsa`.
572* Added `SslContextRef::add_session` and `SslContextRef::remove_session`.
573* Added `SslSessionRef::time`, `SslSessionRef::timeout`, and `SslSessionRef::protocol_version`.
574* Added `SslContextBuilder::set_session_cache_size` and `SslContextRef::session_cache_size`.
575
576## [v0.10.18] - 2019-02-22
577
578### Fixed
579
580* Fixed the return type of `ssl::cipher_name`.
581
582## [v0.10.17] - 2019-02-22
583
584### Added
585
586* Implemented `AsRef<str>` and `AsRef<[u8]>` for `OpenSslString`.
587* Added `Asn1Integer::from_bn`.
588* Added `RsaRef::check_key`.
589* Added `Asn1Time::from_str` and `Asn1Time::from_str_x509`.
590* Added `Rsa::generate_with_e`.
591* Added `Cipher::des_ede3_cfb64`.
592* Added `SslCipherRef::standard_name` and `ssl::cipher_name`.
593
594## [v0.10.16] - 2018-12-16
595
596### Added
597
598* Added SHA3 and SHAKE to `MessageDigest`.
599* Added `rand::keep_random_devices_open`.
600* Added support for LibreSSL 2.9.0.
601
602## [v0.10.15] - 2018-10-22
603
604### Added
605
606* Implemented `DoubleEndedIterator` for stack iterators.
607
608## [v0.10.14] - 2018-10-18
609
610### Fixed
611
612* Made some accidentally exposed internal functions private.
613
614### Added
615
616* Added support for LibreSSL 2.8.
617
618### Changed
619
620* The OpenSSL version used with the `vendored` feature has been upgraded from 1.1.0 to 1.1.1.
621
622## [v0.10.13] - 2018-10-14
623
624### Fixed
625
626* Fixed a double-free in the `SslContextBuilder::set_get_session_callback` API.
627
628### Added
629
630* Added `SslContextBuilder::set_client_hello_callback`.
631* Added support for LibreSSL 2.8.1.
632* Added `EcdsaSig::from_der` and `EcdsaSig::to_der`.
633* Added PKCS#7 support.
634
635## [v0.10.12] - 2018-09-13
636
637### Fixed
638
639* Fixed handling of SNI callbacks during renegotiation.
640
641### Added
642
643* Added `SslRef::get_shutdown` and `SslRef::set_shutdown`.
644* Added support for SRTP in DTLS sessions.
645* Added support for LibreSSL 2.8.0.
646
647## [v0.10.11] - 2018-08-04
648
649### Added
650
651* The new `vendored` cargo feature will cause openssl-sys to compile and statically link to a
652    vendored copy of OpenSSL.
653* Added `SslContextBuilder::set_psk_server_callback`.
654* Added `DsaRef::pub_key` and `DsaRef::priv_key`.
655* Added `Dsa::from_private_components` and `Dsa::from_public_components`.
656* Added `X509NameRef::entries`.
657
658### Deprecated
659
660* `SslContextBuilder::set_psk_callback` has been renamed to
661    `SslContextBuilder::set_psk_client_callback` and deprecated.
662
663## [v0.10.10] - 2018-06-06
664
665### Added
666
667* Added `SslRef::set_alpn_protos`.
668* Added `SslContextBuilder::set_ciphersuites`.
669
670## [v0.10.9] - 2018-06-01
671
672### Fixed
673
674* Fixed a use-after-free in `CmsContentInfo::sign`.
675* `SslRef::servername` now returns `None` rather than panicking on a non-UTF8 name.
676
677### Added
678
679* Added `MessageDigest::from_nid`.
680* Added `Nid::signature_algorithms`, `Nid::long_name`, and `Nid::short_name`.
681* Added early data and early keying material export support for TLS 1.3.
682* Added `SslRef::verified_chain`.
683* Added `SslRef::servername_raw` which returns a `&[u8]` rather than `&str`.
684* Added `SslRef::finished` and `SslRef::peer_finished`.
685* Added `X509Ref::digest` to replace `X509Ref::fingerprint`.
686* `X509StoreBuilder` and `X509Store` now implement `Sync` and `Send`.
687
688### Deprecated
689
690* `X509Ref::fingerprint` has been deprecated in favor of `X509Ref::digest`.
691
692## [v0.10.8] - 2018-05-20
693
694### Fixed
695
696* `openssl-sys` will now detect Homebrew-installed OpenSSL when installed to a non-default
697    directory.
698* The `X509_V_ERR_INVALID_CALL`, `X509_V_ERR_STORE_LOOKUP`, and
699    `X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION` constants in `openssl-sys` are now only present when
700    building against 1.1.0g and up rather than 1.1.0.
701* `SslContextBuilder::max_proto_version` and `SslContextBuilder::min_proto_version` are only present
702    when building against 1.1.0g and up rather than 1.1.0.
703
704### Added
705
706* Added `CmsContentInfo::sign`.
707* Added `Clone` and `ToOwned` implementations to `Rsa` and `RsaRef` respectively.
708* The `min_proto_version` and `max_proto_version` methods are available when linking against
709    LibreSSL 2.6.1 and up in addition to OpenSSL.
710* `X509VerifyParam` is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
711* ALPN support is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
712* `Stack` and `StackRef` are now `Sync` and `Send`.
713
714## [v0.10.7] - 2018-04-30
715
716### Added
717
718* Added `X509Req::public_key` and `X509Req::extensions`.
719* Added `RsaPrivateKeyBuilder` to allow control over initialization of optional components of an RSA
720    private key.
721* Added DER encode/decode support to `SslSession`.
722* openssl-sys now provides the `DEP_OPENSSL_VERSION_NUMBER` and
723    `DEP_OPENSSL_LIBRESSL_VERSION_NUMBER` environment variables to downstream build scripts which
724    contains the hex-encoded version number of the OpenSSL or LibreSSL distribution being built
725    against. The other variables are deprecated.
726
727## [v0.10.6] - 2018-03-05
728
729### Added
730
731* Added `SslOptions::ENABLE_MIDDLEBOX_COMPAT`.
732* Added more `Sync` and `Send` implementations.
733* Added `PKeyRef::id`.
734* Added `Padding::PKCS1_PSS`.
735* Added `Signer::set_rsa_pss_saltlen`, `Signer::set_rsa_mgf1_md`, `Signer::set_rsa_pss_saltlen`, and
736    `Signer::set_rsa_mgf1_md`
737* Added `X509StoreContextRef::verify` to directly verify certificates.
738* Added low level ECDSA support.
739* Added support for TLSv1.3 custom extensions. (OpenSSL 1.1.1 only)
740* Added AES-CCM support.
741* Added `EcKey::from_private_components`.
742* Added CMAC support.
743* Added support for LibreSSL 2.7.
744* Added `X509Ref::serial_number`.
745* Added `Asn1IntegerRef::to_bn`.
746* Added support for TLSv1.3 stateless handshakes. (OpenSSL 1.1.1 only)
747
748### Changed
749
750* The Cargo features previously used to gate access to version-specific OpenSSL APIs have been
751    removed. Those APIs will be available automatically when building against an appropriate OpenSSL
752    version.
753* Fixed `PKey::private_key_from_der` to return a `PKey<Private>` rather than a `PKey<Public>`. This
754    is technically a breaking change but the function was pretty useless previously.
755
756### Deprecated
757
758* `X509CheckFlags::FLAG_NO_WILDCARDS` has been renamed to `X509CheckFlags::NO_WILDCARDS` and the old
759    name deprecated.
760
761## [v0.10.5] - 2018-02-28
762
763### Fixed
764
765* `ErrorStack`'s `Display` implementation no longer writes an empty string if it contains no errors.
766
767### Added
768
769* Added `SslRef::version2`.
770* Added `Cipher::des_ede3_cbc`.
771* Added `SslRef::export_keying_material`.
772* Added the ability to push an `Error` or `ErrorStack` back onto OpenSSL's error stack. Various
773    callback bindings use this to propagate errors properly.
774* Added `SslContextBuilder::set_cookie_generate_cb` and `SslContextBuilder::set_cookie_verify_cb`.
775* Added `SslContextBuilder::set_max_proto_version`, `SslContextBuilder::set_min_proto_version`,
776    `SslContextBuilder::max_proto_version`, and `SslContextBuilder::min_proto_version`.
777
778### Changed
779
780* Updated `SslConnector`'s default cipher list to match Python's.
781
782### Deprecated
783
784* `SslRef::version` has been deprecated. Use `SslRef::version_str` instead.
785
786## [v0.10.4] - 2018-02-18
787
788### Added
789
790* Added OpenSSL 1.1.1 support.
791* Added `Rsa::public_key_from_pem_pkcs1`.
792* Added `SslOptions::NO_TLSV1_3`. (OpenSSL 1.1.1 only)
793* Added `SslVersion`.
794* Added `SslSessionCacheMode` and `SslContextBuilder::set_session_cache_mode`.
795* Added `SslContextBuilder::set_new_session_callback`,
796    `SslContextBuilder::set_remove_session_callback`, and
797    `SslContextBuilder::set_get_session_callback`.
798* Added `SslContextBuilder::set_keylog_callback`. (OpenSSL 1.1.1 only)
799* Added `SslRef::client_random` and `SslRef::server_random`. (OpenSSL 1.1.0+ only)
800
801### Fixed
802
803* The `SslAcceptorBuilder::mozilla_modern` constructor now disables TLSv1.0 and TLSv1.1 in
804    accordance with Mozilla's recommendations.
805
806## [v0.10.3] - 2018-02-12
807
808### Added
809
810* OpenSSL is now automatically detected on FreeBSD systems.
811* Added `GeneralName` accessors for `rfc822Name` and `uri` variants.
812* Added DES-EDE3 support.
813
814### Fixed
815
816* Fixed a memory leak in `X509StoreBuilder::add_cert`.
817
818## [v0.10.2] - 2018-01-11
819
820### Added
821
822* Added `ConnectConfiguration::set_use_server_name_indication` and
823    `ConnectConfiguration::set_verify_hostname` for use in contexts where you don't have ownership
824    of the `ConnectConfiguration`.
825
826## [v0.10.1] - 2018-01-10
827
828### Added
829
830* Added a `From<ErrorStack> for ssl::Error` implementation.
831
832## [v0.10.0] - 2018-01-10
833
834### Compatibility
835
836* openssl 0.10 still uses openssl-sys 0.9, so openssl 0.9 and 0.10 can coexist without issue.
837
838### Added
839
840* The `ssl::select_next_proto` function can be used to easily implement the ALPN selection callback
841    in a "standard" way.
842* FIPS mode support is available in the `fips` module.
843* Accessors for the Issuer and Issuer Alternative Name fields of X509 certificates have been added.
844* The `X509VerifyResult` can now be set in the certificate verification callback via
845    `X509StoreContextRef::set_error`.
846
847### Changed
848
849* All constants have been moved to associated constants of their type. For example, `bn::MSB_ONE`
850    is now `bn::MsbOption::ONE`.
851* Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is
852    used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume
853    that certain components are present and will segfault trying to use things that aren't there.
854
855    The `pkey` module contains new tag types named `Params`, `Public`, and `Private`, and the
856    `Dh`, `Dsa`, `EcKey`, `Rsa`, and `PKey` have a type parameter set to one of those values. This
857    allows the `Signer` constructor to indicate that it requires a private key at compile time for
858    example. Previously, `Signer` would simply segfault if provided a key without private
859    components.
860* ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single
861    method used for both the server and client sides which performed everything automatically, the
862    `SslContextBuilder::set_alpn_protos` and `SslContextBuilder::set_alpn_select_callback` handle
863    the client and server sides respectively.
864* `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication`
865    has been removed in favor of new methods which provide more control. The
866    `ConnectConfiguration::use_server_name_indication` method controls the use of Server Name
867    Indication (SNI), and the `ConnectConfiguration::verify_hostname` method controls the use of
868    hostname verification. These can be controlled independently, and if both are disabled, the
869    domain argument to `ConnectConfiguration::connect` is ignored.
870* Shared secret derivation is now handled by the new `derive::Deriver` type rather than
871    `pkey::PKeyContext`, which has been removed.
872* `ssl::Error` is now no longer an enum, and provides more direct access to the relevant state.
873* `SslConnectorBuilder::new` has been moved and renamed to `SslConnector::builder`.
874* `SslAcceptorBuilder::mozilla_intermediate` and `SslAcceptorBuilder::mozilla_modern` have been
875    moved to `SslAcceptor` and no longer take the private key and certificate chain. Install those
876    manually after creating the builder.
877* `X509VerifyError` is now `X509VerifyResult` and can now have the "ok" value in addition to error
878    values.
879* `x509::X509FileType` is now `ssl::SslFiletype`.
880* Asymmetric key serialization and deserialization methods now document the formats that they
881    correspond to, and some have been renamed to better indicate that.
882
883### Removed
884
885* All deprecated APIs have been removed.
886* NPN support has been removed. It has been supersceded by ALPN, and is hopefully no longer being
887    used in practice. If you still depend on it, please file an issue!
888* `SslRef::compression` has been removed.
889* Some `ssl::SslOptions` flags have been removed as they no longer do anything.
890
891## Older
892
893Look at the [release tags] for information about older releases.
894
895[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...master
896[v0.10.64]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64
897[v0.10.63]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63
898[v0.10.62]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62
899[v0.10.61]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.60...openssl-v0.10.61
900[v0.10.60]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60
901[v0.10.59]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59
902[v0.10.58]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58
903[v0.10.57]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.56...openssl-v0.10.57
904[v0.10.56]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.55...openssl-v0.10.56
905[v0.10.55]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55
906[v0.10.54]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54
907[v0.10.53]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53
908[v0.10.52]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.51...openssl-v0.10.52
909[v0.10.51]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.50...openssl-v0.10.51
910[v0.10.50]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.49...openssl-v0.10.50
911[v0.10.49]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.49
912[v0.10.48]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48
913[v0.10.47]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.46...openssl-v0.10.47
914[v0.10.46]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.46
915[v0.10.45]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.44...openssl-v0.10.45
916[v0.10.44]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.43...openssl-v0.10.44
917[v0.10.43]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.42...openssl-v0.10.43
918[v0.10.42]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.42
919[v0.10.41]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.40...openssl-v0.10.41
920[v0.10.40]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.39...openssl-v0.10.40
921[v0.10.39]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.38...openssl-v0.10.39
922[v0.10.38]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.37...openssl-v0.10.38
923[v0.10.37]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.37
924[v0.10.36]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.35...openssl-v0.10.36
925[v0.10.35]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.34...openssl-v0.10.35
926[v0.10.34]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.33...openssl-v0.10.34
927[v0.10.33]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.32...openssl-v0.10.33
928[v0.10.32]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.31...openssl-v0.10.32
929[v0.10.31]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.30...openssl-v0.10.31
930[v0.10.30]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.29...openssl-v0.10.30
931[v0.10.29]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.28...openssl-v0.10.29
932[v0.10.28]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.27...openssl-v0.10.28
933[v0.10.27]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.26...openssl-v0.10.27
934[v0.10.26]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.25...openssl-v0.10.26
935[v0.10.25]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.24...openssl-v0.10.25
936[v0.10.24]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.23...openssl-v0.10.24
937[v0.10.23]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23
938[v0.10.22]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22
939[v0.10.21]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21
940[v0.10.20]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20
941[v0.10.19]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19
942[v0.10.18]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18
943[v0.10.17]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17
944[v0.10.16]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16
945[v0.10.15]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15
946[v0.10.14]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14
947[v0.10.13]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13
948[v0.10.12]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12
949[v0.10.11]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11
950[v0.10.10]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10
951[v0.10.9]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9
952[v0.10.8]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8
953[v0.10.7]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7
954[v0.10.6]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6
955[v0.10.5]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5
956[v0.10.4]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4
957[v0.10.3]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3
958[v0.10.2]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2
959[v0.10.1]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1
960[v0.10.0]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...openssl-v0.10.0
961[release tags]: https://github.com/sfackler/rust-openssl/releases
962