Skip to content

Latest commit

 

History

History
318 lines (217 loc) · 8.9 KB

CHANGELOG.md

File metadata and controls

318 lines (217 loc) · 8.9 KB
Raw

Change Log

[Unreleased][unreleased]

Added/Changed/Fixed

Thanks

0.14.0

Added/Changed

  • Add support for parsing signature parameters and value (closes #94)

  • Change ASN1Time::to_rfc2822() to return a Result

  • ASN1Time: modify from_timestamp to return a Result

  • ASN1Time: implement Display

  • Upgrade versions of asn1-rs, oid-registry and der-parser

  • AlgorithmIdentifier: add const methods to create object/access fields

  • Globally: start using asn1-rs types, simplify parsers:

    • AlgorithmIdentifier: automatically derive struct, use type ANY
    • Merge old FromDer trait into asn1_rs::FromDer (using X509Error)
    • Replace BitStringObject with BitString
    • AttributeTypeAndValue: use Any instead of DerObject
    • Extensions: replace UnparsedObject with Any
    • X509Error: add methods to simplify conversions
    • CRI Attributes: rewrite and simplify parsers
    • Simplify parsers for multiple types and extensions

Fixed

  • Fix ECDSA signature verification when CA and certificate use different curves

Thanks

0.13.2

Fixed

  • Fix panic in ASN1Time::to_rfc2822() when year is less than 1900

0.13.1

Fixed

  • Fix regression with certificate verification for ECDSA signatures using the P-256 curve and SHA-384 (#118)
  • Set minimum version of time to 0.3.7 (#119)
  • Allow empty SEQUENCE when OPTIONAL, for ex in CRL extensions (#120)

Thanks

  • @SergioBenitez, @flavio, @acarlson0000

0.13.0

Added/Changed/Fixed

Crate:

  • Update to der-parser 7.0 and asn1-rs
  • Remove chrono (#111)
  • Set MSRV to 1.53

Validators:

  • Add Deref<Target=TbsCertificate> trait to X509Certificate
  • Add Validator trait and deprecate Validate
    • The previous validation is implemented in X509StructureValidator
    • Split some checks (not on structure) to X509CertificateValidator

Extensions:

  • add support for nsComment
  • add support for IssuerAltName
  • start adding support for CT Signed Certificate Timestamp (rfc6962)
  • raise error if a SAN entry cannot be parsed
  • deprecate TbsCertificate::find_extension() and add preferred method TbsCertificate::get_extension_unique(): the latter checks for duplicate extensions (#113)

Signatures:

  • Fix signature verification for EC curves (#116)

Public Keys:

  • Add base functions for parsing public keys (RSA, DSA, GOST)

Thanks

  • @lilyball, @g2p

0.12.0

Added/Changed/Fixed

  • Upgrade to nom 7

0.11.0

Added

  • Add SubjectPublicKeyInfo::raw field

Changed/Fixed

  • Fix der-parser dependency (#102)
  • Update oid-registry dependency (#77)
  • Set MSRV to 1.46 (indirect dependency on lexical-core and bitvec)
  • Extend the lifetimes exposed on TbsCertificate (#104)
  • Add missing test assets (#103)

Thanks

  • @jgalenson, @g2p, @kpp

0.10.0

Added

  • Add the Validate trait to run post-parsing validations of X.509 structure
  • Add the FromDer trait to unify parsing methods and visibility (#85)
  • Add method to format X509Name using a given registry
  • Add X509Certificate::public_key() method
  • Add ED25519 as a signature algorithm (#95)
  • Add support for extensions (#86):
    • CRL Distribution Points
  • Add X509CertificateParser builder to allow specifying parsing options

Changed/Fixed

  • Extensions are now stored in order of appearance in the certificate/CRL (#80)
    • .extensions field is not public anymore, but methods .extensions() and .extensions_map() have been added
  • Store CRI attributes in order
  • Fix parsing of CertificatePolicies, and use named types (closes #82)
  • Allow specifying registry in oid2sn and similar functions (closes #88)
  • Mark X509Extension::new as const fn + inline
  • Allow leading zeroes in serial number
  • Derive Clone for all types (when possible) (#89)
  • Fix certificate validity period check to be inclusive (#90)
  • Do not fail GeneralName parsing for x400Address and ediPartyName, read it as unparsed objects (#87)
  • Change visibility of fields in X509Name (replaced by accessors)

Thanks

  • @lilyball for numerous issues, ideas and comments
  • @SergioBenitez for lifetimes fixes (#93) and validity period check fixes (#90)
  • @rappet for Ed25519 signature verification support (#95)
  • @xonatius for the work on CRLDistributionPoints (#96, #98)

0.9.3

Added/Changed/Fixed

  • Add functions oid2description() and oid_registry() (closes #79)
  • Fix typo 'ocsp_signing' (closes #84)
  • Extension: use specific variant if unsupported or failed to parse (closes #83)
  • Relax constrains on parsing to accept certificates that do not strictly respect DER encoding, but are widely accepted by other X.509 libraries:
    • SubjectAltName: accept non-ia5string characters
    • Extensions: accept boolean values not enoded as 00 or ff
    • Serial: build BigUint from raw bytes (do not check sign)

0.9.2

Added/Changed/Fixed

  • Remove der-oid-macro from dependencies, not used directly
  • Use der_parser::num_bigint, remove it from direct dependencies
  • Add methods to iterate all blocks from a PEM file (#75)
  • Update MSRV to 1.45.0

0.9.1

Added/Changed/Fixed

  • Fix: X509Name::iter_state_or_province OID value
  • Re-export oid-registry, and add doc to show how to access OID

Thanks

  • @0xazure for fixing X509Name::iter_state_or_province

0.9.0

Added/Changed/Fixed

  • Upgrade to nom 6.0

  • Upgrade to der-parser 5.0

  • Upgrade MSRV to 1.44.0

  • Re-export crates so crate users do not have to import them

  • Add function parse_x509_pem and deprecate pem_to_der (#53)

  • Add helper methods to X509Name and simplify accessing values

  • Add support for ReasonCode extension

  • Add support for InvalidityDate extension

  • Add support for CRL Number extension

  • Add support for Certificate Signing Request (#58)

  • Change type of X509Version (now directly using the u32 value)

  • X509Name: relax check, allow some non-rfc compliant strings (#50)

  • Relax some constraints for invalid dates

  • CRL: extract raw serial, and add methods to access it

  • CRL: add method to iterate revoked certificates

  • RevokedCertificate: convert extensions list to hashmap

  • Refactor crate modules and visibility

  • Rename top-level functions to parse_x509_certificate and parse_x509_crl`

  • Refactor error handling, return meaningful errors when possible

  • Make many more functions public (parse_tbs_certificate, etc.)

Thanks

  • Dirkjan Ochtman (@djc): support for Certificate Signing Request (CSR), code refactoring, etc.

0.8.0

Added/Changed

  • Upgrade to der-parser 4.0
  • Move from time to chrono
    • `time 0.1 is very old, and time 0.2 broke compatibility and cannot parse timezones
    • Add public type ASN1Time object to abstract implementation
    • this breaks API for direct access to not_before, not_after etc.
  • Fix clippy warnings
    • nid2obj argument is now passed by copy, not reference
  • Add method to get a formatted string of the certificate serial number
  • Add method to get decoded version
  • Add convenience methods to access the most common fields (subject, issuer, etc.)
  • Expose the raw DER of an X509Name
  • Make parse_x509_name public, for parsing distinguished names
  • Make OID objects public
  • Implement parsing for some extensions
    • Support for extensions is not complete, support for more types will be added later
  • Add example to decode and print certificates
  • Add verify feature to verify cryptographic signature by a public key

Fixed

  • Fix parsing of types not representable by string in X509Name (#36)
  • Fix parsing of certificates with empty subject (#37)

Thanks

  • @jannschu, @g2p for the extensions parsing
  • @wayofthepie for the tests and contributions
  • @nicholasbishop for contributions

0.7.0

  • Expose raw bytes of the certificate serial number
  • Set edition to 2018

0.6.4

  • Fix infinite loop when certificate has no END mark

0.6.3

  • Fix infinite loop when reading non-pem data (#28)

0.6.2

  • Remove debug code left in Pem::read

0.6.1

  • Add CRL parser
  • Expose CRL tbs bytes
  • PEM: ignore lines before BEGIN label (#21)
  • Fix parsing default values for TbsCertificate version field (#24)
  • Use BerResult from der-parser for simpler function signatures
  • Expose tbsCertificate bytes
  • Upgrade dependencies (base64)

0.6.0

  • Update to der-parser 3.0 and nom 5
  • Breaks API, cleaner error types

0.5.1

  • Add time_to_expiration to Validity object
  • Add method to read a Pem object from BufRead + Seek
  • Add method to Pem to decode and extract certificate

0.5.0

  • Update to der-parser 2.0

0.4.3

  • Make parse_subject_public_key_info public
  • Add function sn2oid (get an OID by short name)

0.4.2

  • Support GeneralizedTime conversion

0.4.1

  • Fix case where certificate has no extensions

0.4.0

  • Upgrade to der-parser 1.1, and Use num-bigint over num
  • Rename x509_parser to parse_x509_der
  • Do not export subparsers
  • Improve documentation

0.3.0

  • Upgrade to nom 4

0.2.0

  • Rewrite X.509 structures and parsing code to work in one pass Warning: this is a breaking change
  • Add support for PEM-encoded certificates
  • Add some documentation