- Adding an already-trusted certificate to the root certificate set no longer triggers an error with OpenSSL.
- Updated security-framework to 0.3.
- Failure to load a root certificate on Android now logs a message rather than producing an error.
- Fixed ordering of the certificate chain in the OpenSSL backend.
- The
vendored
Cargo feature will cause the crate to compile and statically link to a vendored copy of OpenSSL on platforms that use that backend.
- The
openssl_probe
crate is now used with the OpenSSL backend so that trusted root certificates will automatically be detected when statically linking to OpenSSL. - Root certificates are now automatically loaded from the Android trust root.
- Added
Certificate::to_der
to serialize an X509 certificate to DER. - Added
TlsConnectorBuilder::danger_accept_invalid_certs
to disable certificate verification. - Added
TlsAcceptor::new
andTlsConnector::new
to easily create an acceptor/connector with default settings. - Added
TlsStream::peer_certificate
to obtain the peer's leaf certificate. - Added
TlsStream::tls_server_end_point
to retrieve RFC 5929 tls-server-end-point channel binding data.
- Upgraded to
openssl
0.10 andsecurity-framework
0.2. Pkcs12
has been renamed toIdentity
, andPkcs12::from_der
has been renamed toIdentity::from_pkcs12
.HandshakeError::Interrupted
has been renamed toHandshakeError::WouldBlock
.TlsConnectorBuilder
andTlsAcceptorBuilder
are now "traditional"-style builders. Their methods are now infallible and return&mut Self
to allow them to be chained together.supported_protocols
has been replaced bymin_protocol_version
andmax_protocol_version
onTlsConnectorBuilder
andTlsAcceptorBuilder
.- SNI and hostname verification are now configured separately via
TlsConnectorBuilder::use_sni
andTlsConnectorBuilder::danger_accept_invalid_hostnames
. They replace theTlsConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication
method, which has been removed.
- The backend-specific extension traits have been removed. We want to avoid exposing the specific version of the backend library in the public API to provide more flexibility.
Look at the release tags for information about older releases.