1# Change Log
2
3## [Unreleased]
4
5## [v0.10.56] - 2023-08-06
6
7## Added
8
9* Added `BigNumRef::mod_sqrt`.
10* Added `PkeyCtxRef::set_signature_md` and `PkeyCtxRef::set_rsa_pss_saltlen`.
11* Added `PkeyCtxRef::verify_recover_init` and `PkeyCtxRef::verify_recover`.
12* Added `BigNumRef::is_even` and `BigNumRef::is_odd`.
13* Added `EcPointRef::to_hex_str` and `EcPoint::from_hex_str`.
14* Added support for AES key wrap and wrap pad.
15
16## [v0.10.55] - 2023-06-20
17
18### Fixed
19
20* Fixed compilation with the latest version of BoringSSL.
21* Fixed compilation when OpenSSL is compiled with `OPENSSL_NO_OCB`.
22* Fixed a segfault in `X509VerifyParamRef::set_host` when called with an empty string.
23
24### Added
25
26* Added `Deriver::set_peer_ex`.
27* Added `EcGroupRef::asn1_flag`.
28* Exposed `EcPointRef::affine_coordinates` on BoringSSL and LibreSSL.
29* Added `Nid::SM2` and `Id::SM2`
30
31## [v0.10.54] - 2023-05-31
32
33### Fixed
34
35* `PKey::private_key_to_pkcs8_passphrase` no longer panics if a `passphrase` contains a NUL byte.
36
37## [v0.10.53] - 2023-05-30
38
39### Added
40
41* Added `Dsa::from_pqg`, `Dsa::generate_key`, and `Dsa::generate_params`.
42* Added `SslRef::bytes_to_cipher_list`.
43* Added `SubjectAlternativeName::other_name2`
44
45## [v0.10.52] - 2023-04-24
46
47### Added
48
49* Added `DhRef::check_key`.
50* Added `Id::POLY1305`.
51* Added `X509Ref::subject_key_id`, `X509Ref::authority_key_id`, `X509Ref::authority_issuer`, and `X509Ref::authority_serial`.
52
53
54## [v0.10.51] - 2023-04-20
55
56### Added
57
58* Added `X509RevokedRef::issuer_name` and `X509RevokedRef::reason_code`.
59* Added `Dh::set_key` and `Dh::set_public_key`
60* Added `Asn1OctetString` and `Asn1OctetStringRef1`
61* Added `X509Extension::new_from_der`
62
63### Deprecated
64
65* Deprecated `X509Extension::new` and `X509Extension::new_nid` in favor of `X509Extension::new_from_der` and the `extensions` module.
66* Deprecated `X509Extension::add_alias`, it is not required with `new_from_der` or the `extensions` module.
67
68## [v0.10.50] - 2023-04-09
69
70### Added
71
72* Added `CipherCtxRef::cipher_update_inplace`.
73
74## [v0.10.49] - 2023-04-01
75
76### Fixed
77
78* `SslConnector` no longer sets the SNI extension when connecting to an IP address.
79
80### Added
81
82* Implemented `Ord`, `PartialOrd`, `Eq`, and `PartialEq` for `Asn1Integer` and `Asn1IntegerRef`.
83* Added `X509Ref::crl_distribution_points`, and `DistPoint`.
84
85## [v0.10.48] - 2023-03-23
86
87### Fixed
88
89* Fixed injection vulnerabilities where OpenSSL's configuration mini-language could be used via `x509::extension::SubjectAlternativeName` and `x509::extension::ExtendedKeyUsage`. The mini-language can read arbitrary files amongst other things.
90  * As part of fixing this `SubjectAlternativeName::dir_name` and `SubjectAlternativeName::other_name` are deprecated and their implementations always `panic!`. If you have a use case for these, please file an issue.
91* Fixed several NULL pointer dereferences in OpenSSL that could be triggered via `x509::X509Extension::new` and `x509::X509Extension::new_nid`. Note that these methods still accept OpenSSL's configuration mini-language, and therefore should not be used with untrusted data.
92* Fixed a data-race with `x509::X509Name` that are created with `x509::X509NameBuilder` and then used concurrently.
93* Fixed LibreSSL version checking. More functions should now be correctly available on LibreSSL.
94
95## [v0.10.47] - 2023-03-19
96
97### Added
98
99* Added support for X25519 and Ed25519 on LibreSSL and BoringSSL.
100* Added `Error::library_code` and `Error::reason_code`.
101
102## [v0.10.46] - 2023-03-14
103
104### Fixed
105
106* Fixed a potential null-pointer deref when parsing a PKCS#12 archive with no identity.
107* Fixed builds against OpenSSL built with `no-cast`.
108* Fixed debug formatting of `GeneralName`.
109
110### Deprecated
111
112* Deprecated `PKcs12Ref::parse` in favor of `Pkcs12Ref::parse2`.
113* Deprecated `ParsedPkcs12` in favor of `ParsedPkcs12_2`.
114* Deprecated `Pkcs12Builder::build` in favor of `Pkcs12Builder::build2`.
115
116### Added
117
118* Added `X509VerifyParamRef::set_auth_level`, `X509VerifyParamRef::auth_level`, and `X509VerifyParamRef::set_purpose`.
119* Added `X509PurposeId` and `X509Purpose`.
120* Added `X509NameBuilder::append_entry`.
121* Added `PKeyRef::private_key_to_pkcs8`.
122* Added `X509LookupRef::load_crl_file`.
123* Added `Pkcs12Builder::name`, `Pkcs12Builder::pkey`, and `Pkcs12Builder::cert`.
124* Added `SslRef::set_method`, `SslRef::set_private_key_file`, `SslRef::set_private_key`, `SslRef::set_certificate`, `SslRef::set_certificate_chain_file`, `SslRef::add_client_ca`, `SslRef::set_client_ca_list`, `SslRef::set_min_proto_version`, `SslREf::set_max_proto_version`, `SslRef::set_ciphersuites`, `SslRef::set_cipher_list`, `SslRef::set_verify_cert_store`.
125* Added `X509NameRef::to_owned`.
126* Added `SslContextBuilder::set_num_tickets`, `SslContextRef::num_tickets`, `SslRef::set_num_tickets`, and `SslRef::num_tickets`.
127* Added `CmsContentInfo::verify`.
128
129## [v0.10.45] - 2022-12-20
130
131### Fixed
132
133* Removed the newly added `CipherCtxRef::minimal_output_size` method, which did not work properly.
134* Added `NO_DEPRECATED_3_0` cfg checks for more APIs.
135
136### Added
137
138* Added `SslRef::add_chain_cert`.
139* Added `PKeyRef::security_bits`.
140* Added `Provider::set_default_search_path`.
141* Added `CipherCtxRef::cipher_final_unchecked`.
142
143## [v0.10.44] - 2022-12-06
144
145### Added
146
147* Added `CipherCtxRef::num`, `CipherCtxRef::minimal_output_size`, and `CipherCtxRef::cipher_update_unchecked`.
148* Improved output buffer size checks in `CipherCtxRef::cipher_update`.
149* Added `X509Lookup::file` and `X509LookupRef::load_cert_file`.
150
151## [v0.10.43] - 2022-11-23
152
153### Added
154
155* Added `Nid::BRAINPOOL_P256R1`, `Nid::BRAINPOOL_P384R1`, `Nid::BRAINPOOL_P512R1`.
156* Added `BigNumRef::copy_from_slice`.
157* Added `Cipher` constructors for Camellia, CAST5, and IDEA ciphers.
158* Added `DsaSig`.
159* Added `X509StoreBuilderRef::set_param`.
160* Added `X509VerifyParam::new`, `X509VerifyParamRef::set_time`, and `X509VerifyParamRef::set_depth`.
161
162## [v0.10.42] - 2022-09-26
163
164### Added
165
166* Added `SslRef::psk_identity_hint` and  `SslRef::psk_identity`.
167* Added SHA-3 constants to `Nid`.
168* Added `SslOptions::PRIORITIZE_CHACHA`.
169* Added `X509ReqRef::to_text`.
170* Added `MdCtxRef::size`.
171* Added `X509NameRef::try_cmp`.
172* Added `MdCtxRef::reset`.
173* Added experimental, unstable support for BoringSSL.
174
175### Fixed
176
177* Fixed `MdCtxRef::digest_verify_init` to support `PKey`s with only public components.
178
179## [v0.10.41] - 2022-06-09
180
181### Fixed
182
183* Fixed a use-after-free in `Error::function` and `Error::file` with OpenSSL 3.x.
184
185### Added
186
187* Added `MessageDigest::block_size` and `MdRef::block_size`.
188* Implemented `Ord` and `Eq` for `X509` and `X509Ref`.
189* Added `X509Extension::add_alias`.
190* Added SM4 support.
191* Added `EcGroup::from_components` `EcGropuRef::set_generator`, and `EcPointRef::set_affine_coordinates_gfp`.
192
193## [v0.10.40] - 2022-05-04
194
195### Fixed
196
197* Fixed the openssl-sys dependency version.
198
199## [v0.10.39] - 2022-05-02
200
201### Deprecated
202
203* Deprecated `SslContextBuilder::set_tmp_ecdh_callback` and `SslRef::set_tmp_ecdh_callback`.
204
205### Added
206
207* Added `SslRef::extms_support`.
208* Added `Nid::create`.
209* Added `CipherCtx`, which exposes a more direct interface to `EVP_CIPHER_CTX`.
210* Added `PkeyCtx`, which exposes a more direct interface to `EVP_PKEY_CTX`.
211* Added `MdCtx`, which exposes a more direct interface to `EVP_MD_CTX`.
212* Added `Pkcs12Builder::mac_md`.
213* Added `Provider`.
214* Added `X509Ref::issuer_name_hash`.
215* Added `Decrypter::set_rsa_oaep_label`.
216* Added `X509Ref::to_text`.
217
218## [v0.10.38] - 2021-10-31
219
220### Added
221
222* Added `Pkey::ec_gen`.
223
224## [v0.10.37] - 2021-10-27
225
226### Fixed
227
228* Fixed linkage against OpenSSL distributions built with `no-chacha`.
229
230### Added
231
232* Added `BigNumRef::to_vec_padded`.
233* Added `X509Name::from_der` and `X509NameRef::to_der`.
234* Added `BigNum::new_secure`, `BigNumReef::set_const_time`, `BigNumref::is_const_time`, and `BigNumRef::is_secure`.
235
236## [v0.10.36] - 2021-08-17
237
238### Added
239
240* Added `Asn1Object::as_slice`.
241* Added `PKeyRef::{raw_public_key, raw_private_key, private_key_to_pkcs8_passphrase}` and
242    `PKey::{private_key_from_raw_bytes, public_key_from_raw_bytes}`.
243* Added `Cipher::{seed_cbc, seed_cfb128, seed_ecb, seed_ofb}`.
244
245## [v0.10.35] - 2021-06-18
246
247### Fixed
248
249* Fixed a memory leak in `Deriver`.
250
251### Added
252
253* Added support for OpenSSL 3.x.x.
254* Added `SslStream::peek`.
255
256## [v0.10.34] - 2021-04-28
257
258### Added
259
260* Added `Dh::set_private_key` and `DhRef::private_key`.
261* Added `EcPointRef::affine_coordinates`.
262* Added `TryFrom` implementations to convert between `PKey` and specific key types.
263* Added `X509StoreBuilderRef::set_flags`.
264
265## [v0.10.33] - 2021-03-13
266
267### Fixed
268
269* `Dh::generate_params` now uses `DH_generate_params_ex` rather than the deprecated `DH_generated_params` function.
270
271### Added
272
273* Added `Asn1Type`.
274* Added `CmsContentInfoRef::decrypt_without_cert_check`.
275* Added `EcPointRef::{is_infinity, is_on_curve}`.
276* Added `Encrypter::set_rsa_oaep_label`.
277* Added `MessageDigest::sm3`.
278* Added `Pkcs7Ref::signers`.
279* Added `Cipher::nid`.
280* Added `X509Ref::authority_info` and `AccessDescription::{method, location}`.
281* Added `X509NameBuilder::{append_entry_by_text_with_type, append_entry_by_nid_with_type}`.
282
283## [v0.10.32] - 2020-12-24
284
285### Fixed
286
287* Fixed `Ssl::new` to take a `&SslContextRef` rather than `&SslContext`.
288
289### Added
290
291* Added the `encrypt` module to support asymmetric encryption and decryption with `PKey`s.
292* Added `MessageDigest::from_name`.
293* Added `ConnectConfiguration::into_ssl`.
294* Added the ability to create unconnected `SslStream`s directly from an `Ssl` and transport stream
295    without performing any part of the handshake with `SslStream::new`.
296* Added `SslStream::{read_early_data, write_early_data, connect, accept, do_handshake, stateless}`.
297* Implemented `ToOwned` for `SslContextRef`.
298* Added `SslRef::{set_connect_state, set_accept_state}`.
299
300### Deprecated
301
302* Deprecated `SslStream::from_raw_parts` in favor of `Ssl::from_ptr` and `SslStream::new`.
303* Deprecated `SslStreamBuilder` in favor of methods on `Ssl` and `SslStream`.
304
305## [v0.10.31] - 2020-12-09
306
307### Added
308
309* Added `Asn1Object::from_str`.
310* Added `Dh::from_pgq`, `DhRef::prime_p`, `DhRef::prime_q`, `DhRef::generator`, `DhRef::generate_params`,
311    `DhRef::generate_key`, `DhRef::public_key`, and `DhRef::compute_key`.
312* Added `Pkcs7::from_der` and `Pkcs7Ref::to_der`.
313* Added `Id::X25519`, `Id::X448`, `PKey::generate_x25519`, and `PKey::generate_x448`.
314* Added `SrtpProfileId::SRTP_AEAD_AES_128_GCM` and `SrtpProfileId::SRTP_AEAD_AES_256_GCM`.
315* Added `SslContextBuilder::verify_param` and `SslContextBuilder::verify_param_mut`.
316* Added `X509Ref::subject_name_hash` and `X509Ref::version`.
317* Added `X509StoreBuilderRef::add_lookup`, and the `X509Lookup` type.
318* Added `X509VerifyFlags`, `X509VerifyParamRef::set_flags`, `X509VerifyParamRef::clear_flags`
319    `X509VerifyParamRef::get_flags`.
320
321## [v0.10.30] - 2020-06-25
322
323### Fixed
324
325* `DsaRef::private_key_to_pem` can no longer be called without a private key.
326
327### Changed
328
329* Improved the `Debug` implementations of many types.
330
331### Added
332
333* Added `is_empty` implementations for `Asn1StringRef` and `Asn1BitStringRef`.
334* Added `EcPointRef::{to_pem, to_dir}` and `EcKeyRef::{public_key_from_pem, public_key_from_der}`.
335* Added `Default` implementations for many types.
336* Added `Debug` implementations for many types.
337* Added `SslStream::from_raw_parts`.
338* Added `SslRef::set_mtu`.
339* Added `Cipher::{aes_128_ocb, aes_192_ocb, aes_256_ocb}`.
340
341### Deprecated
342
343* Deprecated `SslStreamBuilder::set_dtls_mtu_size` in favor of `SslRef::set_mtu`.
344
345## [v0.10.29] - 2020-04-07
346
347### Fixed
348
349* Fixed a memory leak in `X509Builder::append_extension`.
350
351### Added
352
353* Added `SslConnector::into_context` and `SslConnector::context`.
354* Added `SslAcceptor::into_context` and `SslAcceptor::context`.
355* Added `SslMethod::tls_client` and `SslMethod::tls_server`.
356* Added `SslContextBuilder::set_cert_store`.
357* Added `SslContextRef::verify_mode` and `SslRef::verify_mode`.
358* Added `SslRef::is_init_finished`.
359* Added `X509Object`.
360* Added `X509StoreRef::objects`.
361
362## [v0.10.28] - 2020-02-04
363
364### Fixed
365
366* Fixed the mutability of `Signer::sign_oneshot` and `Verifier::verify_oneshot`. This is unfortunately a breaking
367    change, but a necessary soundness fix.
368
369## [v0.10.27] - 2020-01-29
370
371### Added
372
373* Added `MessageDigest::null`.
374* Added `PKey::private_key_from_pkcs8`.
375* Added `SslOptions::NO_RENEGOTIATION`.
376* Added `SslStreamBuilder::set_dtls_mtu_size`.
377
378## [v0.10.26] - 2019-11-22
379
380### Fixed
381
382* Fixed improper handling of the IV buffer in `envelope::{Seal, Unseal}`.
383
384### Added
385
386* Added `Asn1TimeRef::{diff, compare}`.
387* Added `Asn1Time::from_unix`.
388* Added `PartialEq` and `PartialOrd` implementations for `Asn1Time` and `Asn1TimeRef`.
389* Added `base64::{encode_block, decode_block}`.
390* Added `EcGroupRef::order_bits`.
391* Added `Clone` implementations for `Sha1`, `Sha224`, `Sha256`, `Sha384`, and `Sha512`.
392* Added `SslContextBuilder::{set_sigalgs_list, set_groups_list}`.
393
394## [v0.10.25] - 2019-10-02
395
396### Fixed
397
398* Fixed a memory leak in `EcdsaSig::from_private_components` when using OpenSSL 1.0.x.
399
400### Added
401
402* Added support for Ed25519 and Ed448 keys.
403* Implemented `ToOwned` for `PKeyRef` and `Clone` for `PKey`.
404
405## [v0.10.24] - 2019-07-19
406
407### Fixed
408
409* Worked around an OpenSSL 1.0.x bug triggered by code calling `SSL_set_app_data`.
410
411### Added
412
413* Added `aes::{wrap_key, unwrap_key}`.
414* Added `CmsContentInfoRef::to_pem` and `CmsContentInfo::from_pem`.
415* Added `DsaRef::private_key_to_pem`.
416* Added `EcGroupRef::{cofactor, generator}`.
417* Added `EcPointRef::to_owned`.
418* Added a `Debug` implementation for `EcKey`.
419* Added `SslAcceptor::{mozilla_intermediate_v5, mozilla_modern_v5}`.
420* Added `Cipher::{aes_128_ofb, aes_192_ecb, aes_192_cbc, aes_192_ctr, aes_192_cfb1, aes_192_cfb128, aes_192_cfb8,
421    aes_192_gcm, aes_192_ccm, aes_192_ofb, aes_256_ofb}`.
422
423## [v0.10.23] - 2019-05-18
424
425### Fixed
426
427* Fixed session callbacks when an `Ssl`'s context is replaced.
428
429### Added
430
431* Added `SslContextBuilder::add_client_ca`.
432
433## [v0.10.22] - 2019-05-08
434
435### Added
436
437* Added support for the LibreSSL 2.9.x series.
438
439## [v0.10.21] - 2019-04-30
440
441### Fixed
442
443* Fixed overly conservatifve buffer size checks in `Crypter` when using stream ciphers.
444
445### Added
446
447* Added bindings to envelope encryption APIs.
448* Added `PkeyRef::size`.
449
450## [v0.10.20] - 2019-03-20
451
452### Added
453
454* Added `CmsContentInfo::from_der` and `CmsContentInfo::encrypt`.
455* Added `X509Ref::verify` and `X509ReqRef::verify`.
456* Implemented `PartialEq` and `Eq` for `MessageDigest`.
457* Added `MessageDigest::type_` and `EcGroupRef::curve_name`.
458
459## [v0.10.19] - 2019-03-01
460
461### Added
462
463* The openssl-sys build script now logs the values of environment variables.
464* Added `ERR_PACK` to openssl-sys.
465* The `ERR_*` functions in openssl-sys are const functions when building against newer Rust versions.
466* Implemented `Clone` for `Dsa`.
467* Added `SslContextRef::add_session` and `SslContextRef::remove_session`.
468* Added `SslSessionRef::time`, `SslSessionRef::timeout`, and `SslSessionRef::protocol_version`.
469* Added `SslContextBuilder::set_session_cache_size` and `SslContextRef::session_cache_size`.
470
471## [v0.10.18] - 2019-02-22
472
473### Fixed
474
475* Fixed the return type of `ssl::cipher_name`.
476
477## [v0.10.17] - 2019-02-22
478
479### Added
480
481* Implemented `AsRef<str>` and `AsRef<[u8]>` for `OpenSslString`.
482* Added `Asn1Integer::from_bn`.
483* Added `RsaRef::check_key`.
484* Added `Asn1Time::from_str` and `Asn1Time::from_str_x509`.
485* Added `Rsa::generate_with_e`.
486* Added `Cipher::des_ede3_cfb64`.
487* Added `SslCipherRef::standard_name` and `ssl::cipher_name`.
488
489## [v0.10.16] - 2018-12-16
490
491### Added
492
493* Added SHA3 and SHAKE to `MessageDigest`.
494* Added `rand::keep_random_devices_open`.
495* Added support for LibreSSL 2.9.0.
496
497## [v0.10.15] - 2018-10-22
498
499### Added
500
501* Implemented `DoubleEndedIterator` for stack iterators.
502
503## [v0.10.14] - 2018-10-18
504
505### Fixed
506
507* Made some accidentally exposed internal functions private.
508
509### Added
510
511* Added support for LibreSSL 2.8.
512
513### Changed
514
515* The OpenSSL version used with the `vendored` feature has been upgraded from 1.1.0 to 1.1.1.
516
517## [v0.10.13] - 2018-10-14
518
519### Fixed
520
521* Fixed a double-free in the `SslContextBuilder::set_get_session_callback` API.
522
523### Added
524
525* Added `SslContextBuilder::set_client_hello_callback`.
526* Added support for LibreSSL 2.8.1.
527* Added `EcdsaSig::from_der` and `EcdsaSig::to_der`.
528* Added PKCS#7 support.
529
530## [v0.10.12] - 2018-09-13
531
532### Fixed
533
534* Fixed handling of SNI callbacks during renegotiation.
535
536### Added
537
538* Added `SslRef::get_shutdown` and `SslRef::set_shutdown`.
539* Added support for SRTP in DTLS sessions.
540* Added support for LibreSSL 2.8.0.
541
542## [v0.10.11] - 2018-08-04
543
544### Added
545
546* The new `vendored` cargo feature will cause openssl-sys to compile and statically link to a
547    vendored copy of OpenSSL.
548* Added `SslContextBuilder::set_psk_server_callback`.
549* Added `DsaRef::pub_key` and `DsaRef::priv_key`.
550* Added `Dsa::from_private_components` and `Dsa::from_public_components`.
551* Added `X509NameRef::entries`.
552
553### Deprecated
554
555* `SslContextBuilder::set_psk_callback` has been renamed to
556    `SslContextBuilder::set_psk_client_callback` and deprecated.
557
558## [v0.10.10] - 2018-06-06
559
560### Added
561
562* Added `SslRef::set_alpn_protos`.
563* Added `SslContextBuilder::set_ciphersuites`.
564
565## [v0.10.9] - 2018-06-01
566
567### Fixed
568
569* Fixed a use-after-free in `CmsContentInfo::sign`.
570* `SslRef::servername` now returns `None` rather than panicking on a non-UTF8 name.
571
572### Added
573
574* Added `MessageDigest::from_nid`.
575* Added `Nid::signature_algorithms`, `Nid::long_name`, and `Nid::short_name`.
576* Added early data and early keying material export support for TLS 1.3.
577* Added `SslRef::verified_chain`.
578* Added `SslRef::servername_raw` which returns a `&[u8]` rather than `&str`.
579* Added `SslRef::finished` and `SslRef::peer_finished`.
580* Added `X509Ref::digest` to replace `X509Ref::fingerprint`.
581* `X509StoreBuilder` and `X509Store` now implement `Sync` and `Send`.
582
583### Deprecated
584
585* `X509Ref::fingerprint` has been deprecated in favor of `X509Ref::digest`.
586
587## [v0.10.8] - 2018-05-20
588
589### Fixed
590
591* `openssl-sys` will now detect Homebrew-installed OpenSSL when installed to a non-default
592    directory.
593* The `X509_V_ERR_INVALID_CALL`, `X509_V_ERR_STORE_LOOKUP`, and
594    `X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION` constants in `openssl-sys` are now only present when
595    building against 1.1.0g and up rather than 1.1.0.
596* `SslContextBuilder::max_proto_version` and `SslContextBuilder::min_proto_version` are only present
597    when building against 1.1.0g and up rather than 1.1.0.
598
599### Added
600
601* Added `CmsContentInfo::sign`.
602* Added `Clone` and `ToOwned` implementations to `Rsa` and `RsaRef` respectively.
603* The `min_proto_version` and `max_proto_version` methods are available when linking against
604    LibreSSL 2.6.1 and up in addition to OpenSSL.
605* `X509VerifyParam` is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
606* ALPN support is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
607* `Stack` and `StackRef` are now `Sync` and `Send`.
608
609## [v0.10.7] - 2018-04-30
610
611### Added
612
613* Added `X509Req::public_key` and `X509Req::extensions`.
614* Added `RsaPrivateKeyBuilder` to allow control over initialization of optional components of an RSA
615    private key.
616* Added DER encode/decode support to `SslSession`.
617* openssl-sys now provides the `DEP_OPENSSL_VERSION_NUMBER` and
618    `DEP_OPENSSL_LIBRESSL_VERSION_NUMBER` environment variables to downstream build scripts which
619    contains the hex-encoded version number of the OpenSSL or LibreSSL distribution being built
620    against. The other variables are deprecated.
621
622## [v0.10.6] - 2018-03-05
623
624### Added
625
626* Added `SslOptions::ENABLE_MIDDLEBOX_COMPAT`.
627* Added more `Sync` and `Send` implementations.
628* Added `PKeyRef::id`.
629* Added `Padding::PKCS1_PSS`.
630* Added `Signer::set_rsa_pss_saltlen`, `Signer::set_rsa_mgf1_md`, `Signer::set_rsa_pss_saltlen`, and
631    `Signer::set_rsa_mgf1_md`
632* Added `X509StoreContextRef::verify` to directly verify certificates.
633* Added low level ECDSA support.
634* Added support for TLSv1.3 custom extensions. (OpenSSL 1.1.1 only)
635* Added AES-CCM support.
636* Added `EcKey::from_private_components`.
637* Added CMAC support.
638* Added support for LibreSSL 2.7.
639* Added `X509Ref::serial_number`.
640* Added `Asn1IntegerRef::to_bn`.
641* Added support for TLSv1.3 stateless handshakes. (OpenSSL 1.1.1 only)
642
643### Changed
644
645* The Cargo features previously used to gate access to version-specific OpenSSL APIs have been
646    removed. Those APIs will be available automatically when building against an appropriate OpenSSL
647    version.
648* Fixed `PKey::private_key_from_der` to return a `PKey<Private>` rather than a `PKey<Public>`. This
649    is technically a breaking change but the function was pretty useless previously.
650
651### Deprecated
652
653* `X509CheckFlags::FLAG_NO_WILDCARDS` has been renamed to `X509CheckFlags::NO_WILDCARDS` and the old
654    name deprecated.
655
656## [v0.10.5] - 2018-02-28
657
658### Fixed
659
660* `ErrorStack`'s `Display` implementation no longer writes an empty string if it contains no errors.
661
662### Added
663
664* Added `SslRef::version2`.
665* Added `Cipher::des_ede3_cbc`.
666* Added `SslRef::export_keying_material`.
667* Added the ability to push an `Error` or `ErrorStack` back onto OpenSSL's error stack. Various
668    callback bindings use this to propagate errors properly.
669* Added `SslContextBuilder::set_cookie_generate_cb` and `SslContextBuilder::set_cookie_verify_cb`.
670* Added `SslContextBuilder::set_max_proto_version`, `SslContextBuilder::set_min_proto_version`,
671    `SslContextBuilder::max_proto_version`, and `SslContextBuilder::min_proto_version`.
672
673### Changed
674
675* Updated `SslConnector`'s default cipher list to match Python's.
676
677### Deprecated
678
679* `SslRef::version` has been deprecated. Use `SslRef::version_str` instead.
680
681## [v0.10.4] - 2018-02-18
682
683### Added
684
685* Added OpenSSL 1.1.1 support.
686* Added `Rsa::public_key_from_pem_pkcs1`.
687* Added `SslOptions::NO_TLSV1_3`. (OpenSSL 1.1.1 only)
688* Added `SslVersion`.
689* Added `SslSessionCacheMode` and `SslContextBuilder::set_session_cache_mode`.
690* Added `SslContextBuilder::set_new_session_callback`,
691    `SslContextBuilder::set_remove_session_callback`, and
692    `SslContextBuilder::set_get_session_callback`.
693* Added `SslContextBuilder::set_keylog_callback`. (OpenSSL 1.1.1 only)
694* Added `SslRef::client_random` and `SslRef::server_random`. (OpenSSL 1.1.0+ only)
695
696### Fixed
697
698* The `SslAcceptorBuilder::mozilla_modern` constructor now disables TLSv1.0 and TLSv1.1 in
699    accordance with Mozilla's recommendations.
700
701## [v0.10.3] - 2018-02-12
702
703### Added
704
705* OpenSSL is now automatically detected on FreeBSD systems.
706* Added `GeneralName` accessors for `rfc822Name` and `uri` variants.
707* Added DES-EDE3 support.
708
709### Fixed
710
711* Fixed a memory leak in `X509StoreBuilder::add_cert`.
712
713## [v0.10.2] - 2018-01-11
714
715### Added
716
717* Added `ConnectConfiguration::set_use_server_name_indication` and
718    `ConnectConfiguration::set_verify_hostname` for use in contexts where you don't have ownership
719    of the `ConnectConfiguration`.
720
721## [v0.10.1] - 2018-01-10
722
723### Added
724
725* Added a `From<ErrorStack> for ssl::Error` implementation.
726
727## [v0.10.0] - 2018-01-10
728
729### Compatibility
730
731* openssl 0.10 still uses openssl-sys 0.9, so openssl 0.9 and 0.10 can coexist without issue.
732
733### Added
734
735* The `ssl::select_next_proto` function can be used to easily implement the ALPN selection callback
736    in a "standard" way.
737* FIPS mode support is available in the `fips` module.
738* Accessors for the Issuer and Issuer Alternative Name fields of X509 certificates have been added.
739* The `X509VerifyResult` can now be set in the certificate verification callback via
740    `X509StoreContextRef::set_error`.
741
742### Changed
743
744* All constants have been moved to associated constants of their type. For example, `bn::MSB_ONE`
745    is now `bn::MsbOption::ONE`.
746* Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is
747    used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume
748    that certain components are present and will segfault trying to use things that aren't there.
749
750    The `pkey` module contains new tag types named `Params`, `Public`, and `Private`, and the
751    `Dh`, `Dsa`, `EcKey`, `Rsa`, and `PKey` have a type parameter set to one of those values. This
752    allows the `Signer` constructor to indicate that it requires a private key at compile time for
753    example. Previously, `Signer` would simply segfault if provided a key without private
754    components.
755* ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single
756    method used for both the server and client sides which performed everything automatically, the
757    `SslContextBuilder::set_alpn_protos` and `SslContextBuilder::set_alpn_select_callback` handle
758    the client and server sides respectively.
759* `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication`
760    has been removed in favor of new methods which provide more control. The
761    `ConnectConfiguration::use_server_name_indication` method controls the use of Server Name
762    Indication (SNI), and the `ConnectConfiguration::verify_hostname` method controls the use of
763    hostname verification. These can be controlled independently, and if both are disabled, the
764    domain argument to `ConnectConfiguration::connect` is ignored.
765* Shared secret derivation is now handled by the new `derive::Deriver` type rather than
766    `pkey::PKeyContext`, which has been removed.
767* `ssl::Error` is now no longer an enum, and provides more direct access to the relevant state.
768* `SslConnectorBuilder::new` has been moved and renamed to `SslConnector::builder`.
769* `SslAcceptorBuilder::mozilla_intermediate` and `SslAcceptorBuilder::mozilla_modern` have been
770    moved to `SslAcceptor` and no longer take the private key and certificate chain. Install those
771    manually after creating the builder.
772* `X509VerifyError` is now `X509VerifyResult` and can now have the "ok" value in addition to error
773    values.
774* `x509::X509FileType` is now `ssl::SslFiletype`.
775* Asymmetric key serialization and deserialization methods now document the formats that they
776    correspond to, and some have been renamed to better indicate that.
777
778### Removed
779
780* All deprecated APIs have been removed.
781* NPN support has been removed. It has been supersceded by ALPN, and is hopefully no longer being
782    used in practice. If you still depend on it, please file an issue!
783* `SslRef::compression` has been removed.
784* Some `ssl::SslOptions` flags have been removed as they no longer do anything.
785
786## Older
787
788Look at the [release tags] for information about older releases.
789
790[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.56...master
791[v0.10.56]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.55...openssl-v0.10.56
792[v0.10.55]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55
793[v0.10.54]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54
794[v0.10.53]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53
795[v0.10.52]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.51...openssl-v0.10.52
796[v0.10.51]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.50...openssl-v0.10.51
797[v0.10.50]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.49...openssl-v0.10.50
798[v0.10.49]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.49
799[v0.10.48]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48
800[v0.10.47]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.46...openssl-v0.10.47
801[v0.10.46]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.46
802[v0.10.45]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.44...openssl-v0.10.45
803[v0.10.44]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.43...openssl-v0.10.44
804[v0.10.43]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.42...openssl-v0.10.43
805[v0.10.42]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.42
806[v0.10.41]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.40...openssl-v0.10.41
807[v0.10.40]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.39...openssl-v0.10.40
808[v0.10.39]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.38...openssl-v0.10.39
809[v0.10.38]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.37...openssl-v0.10.38
810[v0.10.37]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.37
811[v0.10.36]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.35...openssl-v0.10.36
812[v0.10.35]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.34...openssl-v0.10.35
813[v0.10.34]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.33...openssl-v0.10.34
814[v0.10.33]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.32...openssl-v0.10.33
815[v0.10.32]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.31...openssl-v0.10.32
816[v0.10.31]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.30...openssl-v0.10.31
817[v0.10.30]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.29...openssl-v0.10.30
818[v0.10.29]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.28...openssl-v0.10.29
819[v0.10.28]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.27...openssl-v0.10.28
820[v0.10.27]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.26...openssl-v0.10.27
821[v0.10.26]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.25...openssl-v0.10.26
822[v0.10.25]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.24...openssl-v0.10.25
823[v0.10.24]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.23...openssl-v0.10.24
824[v0.10.23]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23
825[v0.10.22]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22
826[v0.10.21]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21
827[v0.10.20]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20
828[v0.10.19]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19
829[v0.10.18]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18
830[v0.10.17]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17
831[v0.10.16]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16
832[v0.10.15]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15
833[v0.10.14]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14
834[v0.10.13]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13
835[v0.10.12]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12
836[v0.10.11]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11
837[v0.10.10]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10
838[v0.10.9]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9
839[v0.10.8]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8
840[v0.10.7]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7
841[v0.10.6]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6
842[v0.10.5]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5
843[v0.10.4]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4
844[v0.10.3]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3
845[v0.10.2]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2
846[v0.10.1]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1
847[v0.10.0]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...openssl-v0.10.0
848[release tags]: https://github.com/sfackler/rust-openssl/releases
849