• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Change Log
2
3## [Unreleased]
4
5## [v0.10.47] - 2023-03-19
6
7### Added
8
9* Added support for X25519 and Ed25519 on LibreSSL and BoringSSL.
10* Added `Error::library_code` and `Error::reason_code`.
11
12## [v0.10.46] - 2023-03-14
13
14### Fixed
15
16* Fixed a potential null-pointer deref when parsing a PKCS#12 archive with no identity.
17* Fixed builds against OpenSSL built with `no-cast`.
18* Fixed debug formatting of `GeneralName`.
19
20### Deprecated
21
22* Deprecated `PKcs12Ref::parse` in favor of `Pkcs12Ref::parse2`.
23* Deprecated `ParsedPkcs12` in favor of `ParsedPkcs12_2`.
24* Deprecated `Pkcs12Builder::build` in favor of `Pkcs12Builder::build2`.
25
26### Added
27
28* Added `X509VerifyParamRef::set_auth_level`, `X509VerifyParamRef::auth_level`, and `X509VerifyParamRef::set_purpose`.
29* Added `X509PurposeId` and `X509Purpose`.
30* Added `X509NameBuilder::append_entry`.
31* Added `PKeyRef::private_key_to_pkcs8`.
32* Added `X509LookupRef::load_crl_file`.
33* Added `Pkcs12Builder::name`, `Pkcs12Builder::pkey`, and `Pkcs12Builder::cert`.
34* Added `SslRef::set_method`, `SslRef::set_private_key_file`, `SslRef::set_private_key`, `SslRef::set_certificate`, `SslRef::set_certificate_chain_file`, `SslRef::add_client_ca`, `SslRef::set_client_ca_list`, `SslRef::set_min_proto_version`, `SslREf::set_max_proto_version`, `SslRef::set_ciphersuites`, `SslRef::set_cipher_list`, `SslRef::set_verify_cert_store`.
35* Added `X509NameRef::to_owned`.
36* Added `SslContextBuilder::set_num_tickets`, `SslContextRef::num_tickets`, `SslRef::set_num_tickets`, and `SslRef::num_tickets`.
37* Added `CmsContentInfo::verify`.
38
39## [v0.10.45] - 2022-12-20
40
41### Fixed
42
43* Removed the newly added `CipherCtxRef::minimal_output_size` method, which did not work properly.
44* Added `NO_DEPRECATED_3_0` cfg checks for more APIs.
45
46### Added
47
48* Added `SslRef::add_chain_cert`.
49* Added `PKeyRef::security_bits`.
50* Added `Provider::set_default_search_path`.
51* Added `CipherCtxRef::cipher_final_unchecked`.
52
53## [v0.10.44] - 2022-12-06
54
55### Added
56
57* Added `CipherCtxRef::num`, `CipherCtxRef::minimal_output_size`, and `CipherCtxRef::cipher_update_unchecked`.
58* Improved output buffer size checks in `CipherCtxRef::cipher_update`.
59* Added `X509Lookup::file` and `X509LookupRef::load_cert_file`.
60
61## [v0.10.43] - 2022-11-23
62
63### Added
64
65* Added `Nid::BRAINPOOL_P256R1`, `Nid::BRAINPOOL_P384R1`, `Nid::BRAINPOOL_P512R1`.
66* Added `BigNumRef::copy_from_slice`.
67* Added `Cipher` constructors for Camellia, CAST5, and IDEA ciphers.
68* Added `DsaSig`.
69* Added `X509StoreBuilderRef::set_param`.
70* Added `X509VerifyParam::new`, `X509VerifyParamRef::set_time`, and `X509VerifyParamRef::set_depth`.
71
72## [v0.10.42] - 2022-09-26
73
74### Added
75
76* Added `SslRef::psk_identity_hint` and  `SslRef::psk_identity`.
77* Added SHA-3 constants to `Nid`.
78* Added `SslOptions::PRIORITIZE_CHACHA`.
79* Added `X509ReqRef::to_text`.
80* Added `MdCtxRef::size`.
81* Added `X509NameRef::try_cmp`.
82* Added `MdCtxRef::reset`.
83* Added experimental, unstable support for BoringSSL.
84
85### Fixed
86
87* Fixed `MdCtxRef::digest_verify_init` to support `PKey`s with only public components.
88
89## [v0.10.41] - 2022-06-09
90
91### Fixed
92
93* Fixed a use-after-free in `Error::function` and `Error::file` with OpenSSL 3.x.
94
95### Added
96
97* Added `MessageDigest::block_size` and `MdRef::block_size`.
98* Implemented `Ord` and `Eq` for `X509` and `X509Ref`.
99* Added `X509Extension::add_alias`.
100* Added SM4 support.
101* Added `EcGroup::from_components` `EcGropuRef::set_generator`, and `EcPointRef::set_affine_coordinates_gfp`.
102
103## [v0.10.40] - 2022-05-04
104
105### Fixed
106
107* Fixed the openssl-sys dependency version.
108
109## [v0.10.39] - 2022-05-02
110
111### Deprecated
112
113* Deprecated `SslContextBuilder::set_tmp_ecdh_callback` and `SslRef::set_tmp_ecdh_callback`.
114
115### Added
116
117* Added `SslRef::extms_support`.
118* Added `Nid::create`.
119* Added `CipherCtx`, which exposes a more direct interface to `EVP_CIPHER_CTX`.
120* Added `PkeyCtx`, which exposes a more direct interface to `EVP_PKEY_CTX`.
121* Added `MdCtx`, which exposes a more direct interface to `EVP_MD_CTX`.
122* Added `Pkcs12Builder::mac_md`.
123* Added `Provider`.
124* Added `X509Ref::issuer_name_hash`.
125* Added `Decrypter::set_rsa_oaep_label`.
126* Added `X509Ref::to_text`.
127
128## [v0.10.38] - 2021-10-31
129
130### Added
131
132* Added `Pkey::ec_gen`.
133
134## [v0.10.37] - 2021-10-27
135
136### Fixed
137
138* Fixed linkage against OpenSSL distributions built with `no-chacha`.
139
140### Added
141
142* Added `BigNumRef::to_vec_padded`.
143* Added `X509Name::from_der` and `X509NameRef::to_der`.
144* Added `BigNum::new_secure`, `BigNumReef::set_const_time`, `BigNumref::is_const_time`, and `BigNumRef::is_secure`.
145
146## [v0.10.36] - 2021-08-17
147
148### Added
149
150* Added `Asn1Object::as_slice`.
151* Added `PKeyRef::{raw_public_key, raw_private_key, private_key_to_pkcs8_passphrase}` and
152    `PKey::{private_key_from_raw_bytes, public_key_from_raw_bytes}`.
153* Added `Cipher::{seed_cbc, seed_cfb128, seed_ecb, seed_ofb}`.
154
155## [v0.10.35] - 2021-06-18
156
157### Fixed
158
159* Fixed a memory leak in `Deriver`.
160
161### Added
162
163* Added support for OpenSSL 3.x.x.
164* Added `SslStream::peek`.
165
166## [v0.10.34] - 2021-04-28
167
168### Added
169
170* Added `Dh::set_private_key` and `DhRef::private_key`.
171* Added `EcPointRef::affine_coordinates`.
172* Added `TryFrom` implementations to convert between `PKey` and specific key types.
173* Added `X509StoreBuilderRef::set_flags`.
174
175## [v0.10.33] - 2021-03-13
176
177### Fixed
178
179* `Dh::generate_params` now uses `DH_generate_params_ex` rather than the deprecated `DH_generated_params` function.
180
181### Added
182
183* Added `Asn1Type`.
184* Added `CmsContentInfoRef::decrypt_without_cert_check`.
185* Added `EcPointRef::{is_infinity, is_on_curve}`.
186* Added `Encrypter::set_rsa_oaep_label`.
187* Added `MessageDigest::sm3`.
188* Added `Pkcs7Ref::signers`.
189* Added `Cipher::nid`.
190* Added `X509Ref::authority_info` and `AccessDescription::{method, location}`.
191* Added `X509NameBuilder::{append_entry_by_text_with_type, append_entry_by_nid_with_type}`.
192
193## [v0.10.32] - 2020-12-24
194
195### Fixed
196
197* Fixed `Ssl::new` to take a `&SslContextRef` rather than `&SslContext`.
198
199### Added
200
201* Added the `encrypt` module to support asymmetric encryption and decryption with `PKey`s.
202* Added `MessageDigest::from_name`.
203* Added `ConnectConfiguration::into_ssl`.
204* Added the ability to create unconnected `SslStream`s directly from an `Ssl` and transport stream
205    without performing any part of the handshake with `SslStream::new`.
206* Added `SslStream::{read_early_data, write_early_data, connect, accept, do_handshake, stateless}`.
207* Implemented `ToOwned` for `SslContextRef`.
208* Added `SslRef::{set_connect_state, set_accept_state}`.
209
210### Deprecated
211
212* Deprecated `SslStream::from_raw_parts` in favor of `Ssl::from_ptr` and `SslStream::new`.
213* Deprecated `SslStreamBuilder` in favor of methods on `Ssl` and `SslStream`.
214
215## [v0.10.31] - 2020-12-09
216
217### Added
218
219* Added `Asn1Object::from_str`.
220* Added `Dh::from_pgq`, `DhRef::prime_p`, `DhRef::prime_q`, `DhRef::generator`, `DhRef::generate_params`,
221    `DhRef::generate_key`, `DhRef::public_key`, and `DhRef::compute_key`.
222* Added `Pkcs7::from_der` and `Pkcs7Ref::to_der`.
223* Added `Id::X25519`, `Id::X448`, `PKey::generate_x25519`, and `PKey::generate_x448`.
224* Added `SrtpProfileId::SRTP_AEAD_AES_128_GCM` and `SrtpProfileId::SRTP_AEAD_AES_256_GCM`.
225* Added `SslContextBuilder::verify_param` and `SslContextBuilder::verify_param_mut`.
226* Added `X509Ref::subject_name_hash` and `X509Ref::version`.
227* Added `X509StoreBuilderRef::add_lookup`, and the `X509Lookup` type.
228* Added `X509VerifyFlags`, `X509VerifyParamRef::set_flags`, `X509VerifyParamRef::clear_flags`
229    `X509VerifyParamRef::get_flags`.
230
231## [v0.10.30] - 2020-06-25
232
233### Fixed
234
235* `DsaRef::private_key_to_pem` can no longer be called without a private key.
236
237### Changed
238
239* Improved the `Debug` implementations of many types.
240
241### Added
242
243* Added `is_empty` implementations for `Asn1StringRef` and `Asn1BitStringRef`.
244* Added `EcPointRef::{to_pem, to_dir}` and `EcKeyRef::{public_key_from_pem, public_key_from_der}`.
245* Added `Default` implementations for many types.
246* Added `Debug` implementations for many types.
247* Added `SslStream::from_raw_parts`.
248* Added `SslRef::set_mtu`.
249* Added `Cipher::{aes_128_ocb, aes_192_ocb, aes_256_ocb}`.
250
251### Deprecated
252
253* Deprecated `SslStreamBuilder::set_dtls_mtu_size` in favor of `SslRef::set_mtu`.
254
255## [v0.10.29] - 2020-04-07
256
257### Fixed
258
259* Fixed a memory leak in `X509Builder::append_extension`.
260
261### Added
262
263* Added `SslConnector::into_context` and `SslConnector::context`.
264* Added `SslAcceptor::into_context` and `SslAcceptor::context`.
265* Added `SslMethod::tls_client` and `SslMethod::tls_server`.
266* Added `SslContextBuilder::set_cert_store`.
267* Added `SslContextRef::verify_mode` and `SslRef::verify_mode`.
268* Added `SslRef::is_init_finished`.
269* Added `X509Object`.
270* Added `X509StoreRef::objects`.
271
272## [v0.10.28] - 2020-02-04
273
274### Fixed
275
276* Fixed the mutability of `Signer::sign_oneshot` and `Verifier::verify_oneshot`. This is unfortunately a breaking
277    change, but a necessary soundness fix.
278
279## [v0.10.27] - 2020-01-29
280
281### Added
282
283* Added `MessageDigest::null`.
284* Added `PKey::private_key_from_pkcs8`.
285* Added `SslOptions::NO_RENEGOTIATION`.
286* Added `SslStreamBuilder::set_dtls_mtu_size`.
287
288## [v0.10.26] - 2019-11-22
289
290### Fixed
291
292* Fixed improper handling of the IV buffer in `envelope::{Seal, Unseal}`.
293
294### Added
295
296* Added `Asn1TimeRef::{diff, compare}`.
297* Added `Asn1Time::from_unix`.
298* Added `PartialEq` and `PartialOrd` implementations for `Asn1Time` and `Asn1TimeRef`.
299* Added `base64::{encode_block, decode_block}`.
300* Added `EcGroupRef::order_bits`.
301* Added `Clone` implementations for `Sha1`, `Sha224`, `Sha256`, `Sha384`, and `Sha512`.
302* Added `SslContextBuilder::{set_sigalgs_list, set_groups_list}`.
303
304## [v0.10.25] - 2019-10-02
305
306### Fixed
307
308* Fixed a memory leak in `EcdsaSig::from_private_components` when using OpenSSL 1.0.x.
309
310### Added
311
312* Added support for Ed25519 and Ed448 keys.
313* Implemented `ToOwned` for `PKeyRef` and `Clone` for `PKey`.
314
315## [v0.10.24] - 2019-07-19
316
317### Fixed
318
319* Worked around an OpenSSL 1.0.x bug triggered by code calling `SSL_set_app_data`.
320
321### Added
322
323* Added `aes::{wrap_key, unwrap_key}`.
324* Added `CmsContentInfoRef::to_pem` and `CmsContentInfo::from_pem`.
325* Added `DsaRef::private_key_to_pem`.
326* Added `EcGroupRef::{cofactor, generator}`.
327* Added `EcPointRef::to_owned`.
328* Added a `Debug` implementation for `EcKey`.
329* Added `SslAcceptor::{mozilla_intermediate_v5, mozilla_modern_v5}`.
330* Added `Cipher::{aes_128_ofb, aes_192_ecb, aes_192_cbc, aes_192_ctr, aes_192_cfb1, aes_192_cfb128, aes_192_cfb8,
331    aes_192_gcm, aes_192_ccm, aes_192_ofb, aes_256_ofb}`.
332
333## [v0.10.23] - 2019-05-18
334
335### Fixed
336
337* Fixed session callbacks when an `Ssl`'s context is replaced.
338
339### Added
340
341* Added `SslContextBuilder::add_client_ca`.
342
343## [v0.10.22] - 2019-05-08
344
345### Added
346
347* Added support for the LibreSSL 2.9.x series.
348
349## [v0.10.21] - 2019-04-30
350
351### Fixed
352
353* Fixed overly conservatifve buffer size checks in `Crypter` when using stream ciphers.
354
355### Added
356
357* Added bindings to envelope encryption APIs.
358* Added `PkeyRef::size`.
359
360## [v0.10.20] - 2019-03-20
361
362### Added
363
364* Added `CmsContentInfo::from_der` and `CmsContentInfo::encrypt`.
365* Added `X509Ref::verify` and `X509ReqRef::verify`.
366* Implemented `PartialEq` and `Eq` for `MessageDigest`.
367* Added `MessageDigest::type_` and `EcGroupRef::curve_name`.
368
369## [v0.10.19] - 2019-03-01
370
371### Added
372
373* The openssl-sys build script now logs the values of environment variables.
374* Added `ERR_PACK` to openssl-sys.
375* The `ERR_*` functions in openssl-sys are const functions when building against newer Rust versions.
376* Implemented `Clone` for `Dsa`.
377* Added `SslContextRef::add_session` and `SslContextRef::remove_session`.
378* Added `SslSessionRef::time`, `SslSessionRef::timeout`, and `SslSessionRef::protocol_version`.
379* Added `SslContextBuilder::set_session_cache_size` and `SslContextRef::session_cache_size`.
380
381## [v0.10.18] - 2019-02-22
382
383### Fixed
384
385* Fixed the return type of `ssl::cipher_name`.
386
387## [v0.10.17] - 2019-02-22
388
389### Added
390
391* Implemented `AsRef<str>` and `AsRef<[u8]>` for `OpenSslString`.
392* Added `Asn1Integer::from_bn`.
393* Added `RsaRef::check_key`.
394* Added `Asn1Time::from_str` and `Asn1Time::from_str_x509`.
395* Added `Rsa::generate_with_e`.
396* Added `Cipher::des_ede3_cfb64`.
397* Added `SslCipherRef::standard_name` and `ssl::cipher_name`.
398
399## [v0.10.16] - 2018-12-16
400
401### Added
402
403* Added SHA3 and SHAKE to `MessageDigest`.
404* Added `rand::keep_random_devices_open`.
405* Added support for LibreSSL 2.9.0.
406
407## [v0.10.15] - 2018-10-22
408
409### Added
410
411* Implemented `DoubleEndedIterator` for stack iterators.
412
413## [v0.10.14] - 2018-10-18
414
415### Fixed
416
417* Made some accidentally exposed internal functions private.
418
419### Added
420
421* Added support for LibreSSL 2.8.
422
423### Changed
424
425* The OpenSSL version used with the `vendored` feature has been upgraded from 1.1.0 to 1.1.1.
426
427## [v0.10.13] - 2018-10-14
428
429### Fixed
430
431* Fixed a double-free in the `SslContextBuilder::set_get_session_callback` API.
432
433### Added
434
435* Added `SslContextBuilder::set_client_hello_callback`.
436* Added support for LibreSSL 2.8.1.
437* Added `EcdsaSig::from_der` and `EcdsaSig::to_der`.
438* Added PKCS#7 support.
439
440## [v0.10.12] - 2018-09-13
441
442### Fixed
443
444* Fixed handling of SNI callbacks during renegotiation.
445
446### Added
447
448* Added `SslRef::get_shutdown` and `SslRef::set_shutdown`.
449* Added support for SRTP in DTLS sessions.
450* Added support for LibreSSL 2.8.0.
451
452## [v0.10.11] - 2018-08-04
453
454### Added
455
456* The new `vendored` cargo feature will cause openssl-sys to compile and statically link to a
457    vendored copy of OpenSSL.
458* Added `SslContextBuilder::set_psk_server_callback`.
459* Added `DsaRef::pub_key` and `DsaRef::priv_key`.
460* Added `Dsa::from_private_components` and `Dsa::from_public_components`.
461* Added `X509NameRef::entries`.
462
463### Deprecated
464
465* `SslContextBuilder::set_psk_callback` has been renamed to
466    `SslContextBuilder::set_psk_client_callback` and deprecated.
467
468## [v0.10.10] - 2018-06-06
469
470### Added
471
472* Added `SslRef::set_alpn_protos`.
473* Added `SslContextBuilder::set_ciphersuites`.
474
475## [v0.10.9] - 2018-06-01
476
477### Fixed
478
479* Fixed a use-after-free in `CmsContentInfo::sign`.
480* `SslRef::servername` now returns `None` rather than panicking on a non-UTF8 name.
481
482### Added
483
484* Added `MessageDigest::from_nid`.
485* Added `Nid::signature_algorithms`, `Nid::long_name`, and `Nid::short_name`.
486* Added early data and early keying material export support for TLS 1.3.
487* Added `SslRef::verified_chain`.
488* Added `SslRef::servername_raw` which returns a `&[u8]` rather than `&str`.
489* Added `SslRef::finished` and `SslRef::peer_finished`.
490* Added `X509Ref::digest` to replace `X509Ref::fingerprint`.
491* `X509StoreBuilder` and `X509Store` now implement `Sync` and `Send`.
492
493### Deprecated
494
495* `X509Ref::fingerprint` has been deprecated in favor of `X509Ref::digest`.
496
497## [v0.10.8] - 2018-05-20
498
499### Fixed
500
501* `openssl-sys` will now detect Homebrew-installed OpenSSL when installed to a non-default
502    directory.
503* The `X509_V_ERR_INVALID_CALL`, `X509_V_ERR_STORE_LOOKUP`, and
504    `X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION` constants in `openssl-sys` are now only present when
505    building against 1.1.0g and up rather than 1.1.0.
506* `SslContextBuilder::max_proto_version` and `SslContextBuilder::min_proto_version` are only present
507    when building against 1.1.0g and up rather than 1.1.0.
508
509### Added
510
511* Added `CmsContentInfo::sign`.
512* Added `Clone` and `ToOwned` implementations to `Rsa` and `RsaRef` respectively.
513* The `min_proto_version` and `max_proto_version` methods are available when linking against
514    LibreSSL 2.6.1 and up in addition to OpenSSL.
515* `X509VerifyParam` is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
516* ALPN support is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.
517* `Stack` and `StackRef` are now `Sync` and `Send`.
518
519## [v0.10.7] - 2018-04-30
520
521### Added
522
523* Added `X509Req::public_key` and `X509Req::extensions`.
524* Added `RsaPrivateKeyBuilder` to allow control over initialization of optional components of an RSA
525    private key.
526* Added DER encode/decode support to `SslSession`.
527* openssl-sys now provides the `DEP_OPENSSL_VERSION_NUMBER` and
528    `DEP_OPENSSL_LIBRESSL_VERSION_NUMBER` environment variables to downstream build scripts which
529    contains the hex-encoded version number of the OpenSSL or LibreSSL distribution being built
530    against. The other variables are deprecated.
531
532## [v0.10.6] - 2018-03-05
533
534### Added
535
536* Added `SslOptions::ENABLE_MIDDLEBOX_COMPAT`.
537* Added more `Sync` and `Send` implementations.
538* Added `PKeyRef::id`.
539* Added `Padding::PKCS1_PSS`.
540* Added `Signer::set_rsa_pss_saltlen`, `Signer::set_rsa_mgf1_md`, `Signer::set_rsa_pss_saltlen`, and
541    `Signer::set_rsa_mgf1_md`
542* Added `X509StoreContextRef::verify` to directly verify certificates.
543* Added low level ECDSA support.
544* Added support for TLSv1.3 custom extensions. (OpenSSL 1.1.1 only)
545* Added AES-CCM support.
546* Added `EcKey::from_private_components`.
547* Added CMAC support.
548* Added support for LibreSSL 2.7.
549* Added `X509Ref::serial_number`.
550* Added `Asn1IntegerRef::to_bn`.
551* Added support for TLSv1.3 stateless handshakes. (OpenSSL 1.1.1 only)
552
553### Changed
554
555* The Cargo features previously used to gate access to version-specific OpenSSL APIs have been
556    removed. Those APIs will be available automatically when building against an appropriate OpenSSL
557    version.
558* Fixed `PKey::private_key_from_der` to return a `PKey<Private>` rather than a `PKey<Public>`. This
559    is technically a breaking change but the function was pretty useless previously.
560
561### Deprecated
562
563* `X509CheckFlags::FLAG_NO_WILDCARDS` has been renamed to `X509CheckFlags::NO_WILDCARDS` and the old
564    name deprecated.
565
566## [v0.10.5] - 2018-02-28
567
568### Fixed
569
570* `ErrorStack`'s `Display` implementation no longer writes an empty string if it contains no errors.
571
572### Added
573
574* Added `SslRef::version2`.
575* Added `Cipher::des_ede3_cbc`.
576* Added `SslRef::export_keying_material`.
577* Added the ability to push an `Error` or `ErrorStack` back onto OpenSSL's error stack. Various
578    callback bindings use this to propagate errors properly.
579* Added `SslContextBuilder::set_cookie_generate_cb` and `SslContextBuilder::set_cookie_verify_cb`.
580* Added `SslContextBuilder::set_max_proto_version`, `SslContextBuilder::set_min_proto_version`,
581    `SslContextBuilder::max_proto_version`, and `SslContextBuilder::min_proto_version`.
582
583### Changed
584
585* Updated `SslConnector`'s default cipher list to match Python's.
586
587### Deprecated
588
589* `SslRef::version` has been deprecated. Use `SslRef::version_str` instead.
590
591## [v0.10.4] - 2018-02-18
592
593### Added
594
595* Added OpenSSL 1.1.1 support.
596* Added `Rsa::public_key_from_pem_pkcs1`.
597* Added `SslOptions::NO_TLSV1_3`. (OpenSSL 1.1.1 only)
598* Added `SslVersion`.
599* Added `SslSessionCacheMode` and `SslContextBuilder::set_session_cache_mode`.
600* Added `SslContextBuilder::set_new_session_callback`,
601    `SslContextBuilder::set_remove_session_callback`, and
602    `SslContextBuilder::set_get_session_callback`.
603* Added `SslContextBuilder::set_keylog_callback`. (OpenSSL 1.1.1 only)
604* Added `SslRef::client_random` and `SslRef::server_random`. (OpenSSL 1.1.0+ only)
605
606### Fixed
607
608* The `SslAcceptorBuilder::mozilla_modern` constructor now disables TLSv1.0 and TLSv1.1 in
609    accordance with Mozilla's recommendations.
610
611## [v0.10.3] - 2018-02-12
612
613### Added
614
615* OpenSSL is now automatically detected on FreeBSD systems.
616* Added `GeneralName` accessors for `rfc822Name` and `uri` variants.
617* Added DES-EDE3 support.
618
619### Fixed
620
621* Fixed a memory leak in `X509StoreBuilder::add_cert`.
622
623## [v0.10.2] - 2018-01-11
624
625### Added
626
627* Added `ConnectConfiguration::set_use_server_name_indication` and
628    `ConnectConfiguration::set_verify_hostname` for use in contexts where you don't have ownership
629    of the `ConnectConfiguration`.
630
631## [v0.10.1] - 2018-01-10
632
633### Added
634
635* Added a `From<ErrorStack> for ssl::Error` implementation.
636
637## [v0.10.0] - 2018-01-10
638
639### Compatibility
640
641* openssl 0.10 still uses openssl-sys 0.9, so openssl 0.9 and 0.10 can coexist without issue.
642
643### Added
644
645* The `ssl::select_next_proto` function can be used to easily implement the ALPN selection callback
646    in a "standard" way.
647* FIPS mode support is available in the `fips` module.
648* Accessors for the Issuer and Issuer Alternative Name fields of X509 certificates have been added.
649* The `X509VerifyResult` can now be set in the certificate verification callback via
650    `X509StoreContextRef::set_error`.
651
652### Changed
653
654* All constants have been moved to associated constants of their type. For example, `bn::MSB_ONE`
655    is now `bn::MsbOption::ONE`.
656* Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is
657    used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume
658    that certain components are present and will segfault trying to use things that aren't there.
659
660    The `pkey` module contains new tag types named `Params`, `Public`, and `Private`, and the
661    `Dh`, `Dsa`, `EcKey`, `Rsa`, and `PKey` have a type parameter set to one of those values. This
662    allows the `Signer` constructor to indicate that it requires a private key at compile time for
663    example. Previously, `Signer` would simply segfault if provided a key without private
664    components.
665* ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single
666    method used for both the server and client sides which performed everything automatically, the
667    `SslContextBuilder::set_alpn_protos` and `SslContextBuilder::set_alpn_select_callback` handle
668    the client and server sides respectively.
669* `SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication`
670    has been removed in favor of new methods which provide more control. The
671    `ConnectConfiguration::use_server_name_indication` method controls the use of Server Name
672    Indication (SNI), and the `ConnectConfiguration::verify_hostname` method controls the use of
673    hostname verification. These can be controlled independently, and if both are disabled, the
674    domain argument to `ConnectConfiguration::connect` is ignored.
675* Shared secret derivation is now handled by the new `derive::Deriver` type rather than
676    `pkey::PKeyContext`, which has been removed.
677* `ssl::Error` is now no longer an enum, and provides more direct access to the relevant state.
678* `SslConnectorBuilder::new` has been moved and renamed to `SslConnector::builder`.
679* `SslAcceptorBuilder::mozilla_intermediate` and `SslAcceptorBuilder::mozilla_modern` have been
680    moved to `SslAcceptor` and no longer take the private key and certificate chain. Install those
681    manually after creating the builder.
682* `X509VerifyError` is now `X509VerifyResult` and can now have the "ok" value in addition to error
683    values.
684* `x509::X509FileType` is now `ssl::SslFiletype`.
685* Asymmetric key serialization and deserialization methods now document the formats that they
686    correspond to, and some have been renamed to better indicate that.
687
688### Removed
689
690* All deprecated APIs have been removed.
691* NPN support has been removed. It has been supersceded by ALPN, and is hopefully no longer being
692    used in practice. If you still depend on it, please file an issue!
693* `SslRef::compression` has been removed.
694* Some `ssl::SslOptions` flags have been removed as they no longer do anything.
695
696## Older
697
698Look at the [release tags] for information about older releases.
699
700[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...master
701[v0.10.47]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.46...openssl-v0.10.47
702[v0.10.46]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.46
703[v0.10.45]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.44...openssl-v0.10.45
704[v0.10.44]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.43...openssl-v0.10.44
705[v0.10.43]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.42...openssl-v0.10.43
706[v0.10.42]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.42
707[v0.10.41]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.40...openssl-v0.10.41
708[v0.10.40]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.39...openssl-v0.10.40
709[v0.10.39]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.38...openssl-v0.10.39
710[v0.10.38]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.37...openssl-v0.10.38
711[v0.10.37]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.37
712[v0.10.36]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.35...openssl-v0.10.36
713[v0.10.35]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.34...openssl-v0.10.35
714[v0.10.34]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.33...openssl-v0.10.34
715[v0.10.33]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.32...openssl-v0.10.33
716[v0.10.32]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.31...openssl-v0.10.32
717[v0.10.31]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.30...openssl-v0.10.31
718[v0.10.30]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.29...openssl-v0.10.30
719[v0.10.29]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.28...openssl-v0.10.29
720[v0.10.28]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.27...openssl-v0.10.28
721[v0.10.27]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.26...openssl-v0.10.27
722[v0.10.26]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.25...openssl-v0.10.26
723[v0.10.25]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.24...openssl-v0.10.25
724[v0.10.24]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.23...openssl-v0.10.24
725[v0.10.23]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23
726[v0.10.22]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22
727[v0.10.21]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21
728[v0.10.20]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20
729[v0.10.19]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19
730[v0.10.18]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18
731[v0.10.17]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17
732[v0.10.16]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16
733[v0.10.15]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15
734[v0.10.14]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14
735[v0.10.13]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13
736[v0.10.12]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12
737[v0.10.11]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11
738[v0.10.10]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10
739[v0.10.9]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9
740[v0.10.8]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8
741[v0.10.7]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7
742[v0.10.6]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6
743[v0.10.5]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5
744[v0.10.4]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4
745[v0.10.3]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3
746[v0.10.2]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2
747[v0.10.1]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1
748[v0.10.0]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...openssl-v0.10.0
749[release tags]: https://github.com/sfackler/rust-openssl/releases
750