1# Change Log 2 3## [Unreleased][unreleased] 4 5### Added/Changed/Fixed 6 7### Thanks 8 9## 0.12.0 10 11### Added/Changed/Fixed 12 13- Upgrade to nom 7 14 15## 0.11.0 16 17### Added 18 19- Add SubjectPublicKeyInfo::raw field 20 21### Changed/Fixed 22 23- Fix der-parser dependency (#102) 24- Update oid-registry dependency (#77) 25- Set MSRV to 1.46 (indirect dependency on lexical-core and bitvec) 26- Extend the lifetimes exposed on TbsCertificate (#104) 27- Add missing test assets (#103) 28 29### Thanks 30 31- @jgalenson, @g2p, @kpp 32 33## 0.10.0 34 35### Added 36 37- Add the `Validate` trait to run post-parsing validations of X.509 structure 38- Add the `FromDer` trait to unify parsing methods and visibility (#85) 39- Add method to format X509Name using a given registry 40- Add `X509Certificate::public_key()` method 41- Add ED25519 as a signature algorithm (#95) 42- Add support for extensions (#86): 43 - CRL Distribution Points 44- Add `X509CertificateParser` builder to allow specifying parsing options 45 46### Changed/Fixed 47 48- Extensions are now stored in order of appearance in the certificate/CRL (#80) 49 - `.extensions` field is not public anymore, but methods `.extensions()` and `.extensions_map()` 50 have been added 51- Store CRI attributes in order 52- Fix parsing of CertificatePolicies, and use named types (closes #82) 53- Allow specifying registry in oid2sn and similar functions (closes #88) 54- Mark X509Extension::new as const fn + inline 55- Allow leading zeroes in serial number 56- Derive `Clone` for all types (when possible) (#89) 57- Fix certificate validity period check to be inclusive (#90) 58- Do not fail GeneralName parsing for x400Address and ediPartyName, read it as unparsed objects (#87) 59- Change visibility of fields in `X509Name` (replaced by accessors) 60 61### Thanks 62 63- @lilyball for numerous issues, ideas and comments 64- @SergioBenitez for lifetimes fixes (#93) and validity period check fixes (#90) 65- @rappet for Ed25519 signature verification support (#95) 66- @xonatius for the work on CRLDistributionPoints (#96, #98) 67 68## 0.9.3 69 70### Added/Changed/Fixed 71 72- Add functions oid2description() and oid_registry() (closes #79) 73- Fix typo 'ocsp_signing' (closes #84) 74- Extension: use specific variant if unsupported or failed to parse (closes #83) 75- Relax constrains on parsing to accept certificates that do not strictly respect 76 DER encoding, but are widely accepted by other X.509 libraries: 77 - SubjectAltName: accept non-ia5string characters 78 - Extensions: accept boolean values not enoded as `00` or `ff` 79 - Serial: build BigUint from raw bytes (do not check sign) 80 81## 0.9.2 82 83### Added/Changed/Fixed 84 85- Remove der-oid-macro from dependencies, not used directly 86- Use der_parser::num_bigint, remove it from direct dependencies 87- Add methods to iterate all blocks from a PEM file (#75) 88- Update MSRV to 1.45.0 89 90## 0.9.1 91 92### Added/Changed/Fixed 93 94- Fix: X509Name::iter_state_or_province OID value 95- Re-export oid-registry, and add doc to show how to access OID 96 97### Thanks 98 99- @0xazure for fixing X509Name::iter_state_or_province 100 101## 0.9.0 102 103### Added/Changed/Fixed 104 105- Upgrade to `nom` 6.0 106- Upgrade to `der-parser` 5.0 107- Upgrade MSRV to 1.44.0 108- Re-export crates so crate users do not have to import them 109 110- Add function parse_x509_pem and deprecate pem_to_der (#53) 111- Add helper methods to X509Name and simplify accessing values 112- Add support for ReasonCode extension 113- Add support for InvalidityDate extension 114- Add support for CRL Number extension 115- Add support for Certificate Signing Request (#58) 116 117- Change type of X509Version (now directly using the u32 value) 118- X509Name: relax check, allow some non-rfc compliant strings (#50) 119- Relax some constraints for invalid dates 120- CRL: extract raw serial, and add methods to access it 121- CRL: add method to iterate revoked certificates 122- RevokedCertificate: convert extensions list to hashmap 123 124- Refactor crate modules and visibility 125- Rename top-level functions to `parse_x509_certificate` and parse_x509_crl` 126 127- Refactor error handling, return meaningful errors when possible 128- Make many more functions public (parse_tbs_certificate, etc.) 129 130### Thanks 131 132- Dirkjan Ochtman (@djc): support for Certificate Signing Request (CSR), code refactoring, etc. 133 134## 0.8.0 135 136### Added/Changed 137 138- Upgrade to `der-parser` 4.0 139- Move from `time` to `chrono` 140 - `time 0.1 is very old, and time 0.2 broke compatibility and cannot parse timezones 141 - Add public type `ASN1Time` object to abstract implementation 142 - *this breaks API for direct access to `not_before`, `not_after` etc.* 143- Fix clippy warnings 144 - `nid2obj` argument is now passed by copy, not reference 145- Add method to get a formatted string of the certificate serial number 146- Add method to get decoded version 147- Add convenience methods to access the most common fields (subject, issuer, etc.) 148- Expose the raw DER of an X509Name 149- Make `parse_x509_name` public, for parsing distinguished names 150- Make OID objects public 151- Implement parsing for some extensions 152 - Support for extensions is not complete, support for more types will be added later 153- Add example to decode and print certificates 154- Add `verify` feature to verify cryptographic signature by a public key 155 156### Fixed 157 158- Fix parsing of types not representable by string in X509Name (#36) 159- Fix parsing of certificates with empty subject (#37) 160 161### Thanks 162 163- @jannschu, @g2p for the extensions parsing 164- @wayofthepie for the tests and contributions 165- @nicholasbishop for contributions 166 167## 0.7.0 168 169- Expose raw bytes of the certificate serial number 170- Set edition to 2018 171 172## 0.6.4 173 174- Fix infinite loop when certificate has no END mark 175 176## 0.6.3 177 178- Fix infinite loop when reading non-pem data (#28) 179 180## 0.6.2 181 182- Remove debug code left in `Pem::read` 183 184## 0.6.1 185 186- Add CRL parser 187- Expose CRL tbs bytes 188- PEM: ignore lines before BEGIN label (#21) 189- Fix parsing default values for TbsCertificate version field (#24) 190- Use BerResult from der-parser for simpler function signatures 191- Expose tbsCertificate bytes 192- Upgrade dependencies (base64) 193 194## 0.6.0 195 196- Update to der-parser 3.0 and nom 5 197- Breaks API, cleaner error types 198 199## 0.5.1 200 201- Add `time_to_expiration` to `Validity` object 202- Add method to read a `Pem` object from `BufRead + Seek` 203- Add method to `Pem` to decode and extract certificate 204 205## 0.5.0 206 207- Update to der-parser 2.0 208 209## 0.4.3 210 211- Make `parse_subject_public_key_info` public 212- Add function `sn2oid` (get an OID by short name) 213 214## 0.4.2 215 216- Support GeneralizedTime conversion 217 218## 0.4.1 219 220- Fix case where certificate has no extensions 221 222## 0.4.0 223 224- Upgrade to der-parser 1.1, and Use num-bigint over num 225- Rename x509_parser to parse_x509_der 226- Do not export subparsers 227- Improve documentation 228 229## 0.3.0 230 231- Upgrade to nom 4 232 233## 0.2.0 234 235- Rewrite X.509 structures and parsing code to work in one pass 236 **Warning: this is a breaking change** 237- Add support for PEM-encoded certificates 238- Add some documentation 239 240 241