v/0.21.0
版本发布时间: 2023-07-07 22:22:45
rustls/rustls最新发布版本:v/0.23.15(2024-10-16 21:21:05)
- Support for connecting to peers named with IP addresses. This means
rustls now depends on a fork of webpki -
rustls-webpki
- with a suitably extended API. -
Breaking change:
StoresClientSessions
trait renamed toClientSessionStore
and reworked to allow storage of multiple TLS1.3 tickets and avoid reuse of them. This is a privacy improvement, see RFC8446 appendix C.4. -
Breaking change: the
DistinguishedNames
type alias no longer exists; the public API now exports aDistinguishedName
type, and theClientCertVerifier::client_auth_root_subjects()
method now returns a&[DistinguishedName]
instead (with the lifetime constrained to the verifier's). -
Breaking change: the
ClientCertVerifier
methodsclient_auth_mandatory()
andclient_auth_root_subjects()
no longer return anOption
. You can now use anAcceptor
to decide whether to accept the connection based on information from theClientHello
(like server name). -
Breaking change: rework
rustls::Error
to avoid String usage inPeerMisbehavedError
,PeerIncompatibleError
and certificate errors. Especially note that custom certificate verifiers should move to use the new certificate errors.Error
is nownon_exhaustive
, and so are the inner enums used in its variants. -
Breaking change: replace
webpki::Error
appearing in the public API inRootCertStore::add
. - The number of tickets sent by a TLS1.3 server is now configurable via
ServerConfig::send_tls13_tickets
. Previously one ticket was sent, now the default is four. -
Breaking change: remove deprecated methods from
Acceptor
. -
Breaking change:
AllowAnyAuthenticatedClient
andAllowAnyAnonymousOrAuthenticatedClient
new
functions now returnSelf
. Aboxed
function was added to both types to easily acquire anArc<dyn ClientCertVerifier>
. -
Breaking change:
NoClientAuth::new
was renamed toboxed
. -
Breaking change: the QUIC API has changed to provide QUIC-specific
ClientConnection
andServerConnection
types, instead of using an extension trait. -
Breaking change: the QUIC
Secrets
constructor was changed to take aSide
instead ofbool
. -
Breaking change: the
export_keying_material
function on aConnection
was changed from returningResult<(), Error>
toResult<T, Error>
whereT: AsMut<[u8]>
. -
Breaking change: the
sni_hostname
function on aConnection
was renamed toserver_name
. -
Breaking change: remove alternative type names deprecated in 0.20.0 (
RSASigningKey
vs.RsaSigningKey
etc.) -
Breaking change: the client config
session_storage
andenable_tickets
fields have been replaced by a more misuse resistantResumption
type that combines the two options.
What's Changed
- Update development dependencies, migrate to 2021 edition by @djc in https://github.com/rustls/rustls/pull/1140
- Use Side enum in QUIC APIs (including public API) by @djc in https://github.com/rustls/rustls/pull/1168
- Replace
doc(hidden)
withpub(crate)
where those semantics are intended. by @briansmith in https://github.com/rustls/rustls/pull/939 - examples: set rust-version to help guide clippy by @djc in https://github.com/rustls/rustls/pull/1175
- In-place handshake joining by @djc in https://github.com/rustls/rustls/pull/1171
- TLS 1.3: update record layer directly from key schedule by @djc in https://github.com/rustls/rustls/pull/1167
- Remove string content from
PeerMisbehavedError
andPeerIncompatibleError
by @ctz in https://github.com/rustls/rustls/pull/1178 - Rework client persistence interface for RFC8446 C.4 client tracking prevention by @ctz in https://github.com/rustls/rustls/pull/1145
- Auto-shrink
MessageDeframer::buf
while at rest by @larsfillmore in https://github.com/rustls/rustls/pull/1180 - Rework certificate errors by @ctz in https://github.com/rustls/rustls/pull/1182
- Remove string content from
rustls::Error
by @ctz in https://github.com/rustls/rustls/pull/1176 - Fix outdated commentary in
rand.rs
by @ctz in https://github.com/rustls/rustls/pull/1183 - Improve client/server fuzzer drivers by @ctz in https://github.com/rustls/rustls/pull/1185
- Changelog items for alpha1 by @ctz in https://github.com/rustls/rustls/pull/1187
- improve & test ServerName debug output - workaround by @brodybits in https://github.com/rustls/rustls/pull/1192
- Lints: use Self and fix missing semicolons by @nyurik in https://github.com/rustls/rustls/pull/1195
- TLS 1.3: Immediately update keys when requested by @jbr in https://github.com/rustls/rustls/pull/1150
- Harmonize certificate verifiers construction API by @thalesfragoso in https://github.com/rustls/rustls/pull/1189
- Improve error reporting for corrupt messages by @complexspaces in https://github.com/rustls/rustls/pull/1172
- small script fixes, gitignore updates. by @cpu in https://github.com/rustls/rustls/pull/1201
- docs: fix broken x509-parser FromDer trait links. by @cpu in https://github.com/rustls/rustls/pull/1208
- docs: add rustdoc for DigitallySignedStruct. by @cpu in https://github.com/rustls/rustls/pull/1207
- Remove trytls shim and helper script. by @cpu in https://github.com/rustls/rustls/pull/1204
- docs: add small README for fuzz testing suite. by @cpu in https://github.com/rustls/rustls/pull/1209
- chore: delete admin/format-bench. by @cpu in https://github.com/rustls/rustls/pull/1206
- msgs: yield Result instead of Option from Reader/Codec by @djc in https://github.com/rustls/rustls/pull/1198
- feat: impl safer export_keyring_material interface. by @cpu in https://github.com/rustls/rustls/pull/1211
- fix: fail to compile with logging feature disabled by @bebecue in https://github.com/rustls/rustls/pull/1213
- Allow user provides more specified certificate validation error as AlertDescription in verifier by @zkonge in https://github.com/rustls/rustls/pull/1199
- Adds more certificate errors. by @zkonge in https://github.com/rustls/rustls/pull/1215
- CI: update workflow actions, Go tooling. by @cpu in https://github.com/rustls/rustls/pull/1214
- Bump webpki to 0.100.0 by @Jarema in https://github.com/rustls/rustls/pull/1220
- CONTRIBUTING.md: fix a broken link by @vvv in https://github.com/rustls/rustls/pull/1219
- build(deps): bump actions/setup-go from 3 to 4 by @dependabot in https://github.com/rustls/rustls/pull/1223
- fuzz: cargo fmt updates and a clippy fix by @cpu in https://github.com/rustls/rustls/pull/1221
- Improve caching API for TLS 1.2 by @djc in https://github.com/rustls/rustls/pull/1226
- Make ClientSessionValue private by @djc in https://github.com/rustls/rustls/pull/1227
- Move three internal enums to public API by @jsha in https://github.com/rustls/rustls/pull/1229
- QUIC: introduce separate types for QUIC sessions by @djc in https://github.com/rustls/rustls/pull/1216
- Privatize ClientSessionValue APIs by @djc in https://github.com/rustls/rustls/pull/1230
- Avoid ClientSessionCommon leaking into public API by @ctz in https://github.com/rustls/rustls/pull/1232
- QUIC: restore fixes dropped from the connection type split. by @cpu in https://github.com/rustls/rustls/pull/1236
- Move DigitallySignedStruct out of msgs by @djc in https://github.com/rustls/rustls/pull/1231
- Remove DecomposedSignatureScheme trait and some public enum cleanup by @djc in https://github.com/rustls/rustls/pull/1234
- Make Error and macro-defined enums non-exhaustive by @djc in https://github.com/rustls/rustls/pull/1238
- Acceptor: remove deprecated methods and add docs by @jsha in https://github.com/rustls/rustls/pull/1241
- Error: hide subvariants of InvalidMessage by @jsha in https://github.com/rustls/rustls/pull/1243
- Create newtype wrappers and remove Vec aliases by @djc in https://github.com/rustls/rustls/pull/1245
- anchors: add a pointer from add to add_parseable. by @cpu in https://github.com/rustls/rustls/pull/1248
- client: centralize and linearize resumption preparation by @djc in https://github.com/rustls/rustls/pull/1239
- error: restore PartialEq implementation by @jsha in https://github.com/rustls/rustls/pull/1252
- examples: make logging non-optional. by @cpu in https://github.com/rustls/rustls/pull/1258
- anchors: tweak rustdoc comment about malformed roots. by @cpu in https://github.com/rustls/rustls/pull/1249
- ClientCertVerifier: remove "abort connection" return values by @jsha in https://github.com/rustls/rustls/pull/1242
- no-default-features: clippy fixes and CI coverage. by @cpu in https://github.com/rustls/rustls/pull/1255
- document secret_extraction feature flag by @jsha in https://github.com/rustls/rustls/pull/1261
- Remove deprecated type aliases by @djc in https://github.com/rustls/rustls/pull/1263
- Reduce CIFuzz timeout to 300s by @djc in https://github.com/rustls/rustls/pull/1260
- Further client resumption tweaks by @djc in https://github.com/rustls/rustls/pull/1251
- Prepare 0.21.0 release by @djc in https://github.com/rustls/rustls/pull/1262
New Contributors
- @larsfillmore made their first contribution in https://github.com/rustls/rustls/pull/1180
- @brodybits made their first contribution in https://github.com/rustls/rustls/pull/1192
- @nyurik made their first contribution in https://github.com/rustls/rustls/pull/1195
- @thalesfragoso made their first contribution in https://github.com/rustls/rustls/pull/1189
- @bebecue made their first contribution in https://github.com/rustls/rustls/pull/1213
- @zkonge made their first contribution in https://github.com/rustls/rustls/pull/1199
- @Jarema made their first contribution in https://github.com/rustls/rustls/pull/1220
- @vvv made their first contribution in https://github.com/rustls/rustls/pull/1219
Full Changelog: https://github.com/rustls/rustls/compare/v/0.20.8...v/0.21.0