Global:
- Updated
*ring*to 0.17.7 (#148) - Updated
timeto 0.3.20 (#148) - Updated asn1-rs to 0.6, der-parser and oid-registry
- Set MSRV to 1.63 (due to
time/ring) (#148)
Code:
- Added support for parsing CRL
IssuingDistributionPointextensions (#146) - Fixed lifetime signature on
TbsCertificate::subject_alt_namesfunction (#151) - Fixed parsing of certificate
UniqueIdentifierfields to use implicit tagging instead of explicit (#145) - Fixed
clippy::manual_try_foldfindings (#147)
- aggstam, Biagio Festa, Daniel McCarney
- Attribute: fix parsing of BmpString string type to use UTF-16 (Closes #143)
revocation_list: use correct OID for CRL number.- Fix receiver lifetimes in
AttributeTypeAndValue
- Sergio Benitez, Daniel McCarney, Lily Ballard
Global:
- Use SPDX license format (#137)
- Set MSRV to 1.57 (due to
ring/once_cell) - Switch base64 decoding to
data-encodingcrate (#136)
Code:
- Add
verifyfeature to verify a certificate revocation list by a public key - Fixed CriAttributes parser (#131)
- Refactor code for parsing X509Version
- Add verify signature method to revocation list (#130)
- Add support for parsing challenge password attribute in CSR's (#129)
- Add support for multi-word PEM labels (C#135)
Docs:
- Fix broken FromDer trait link in README
- Bernd Krietenstein, Florian Zipperle, Jean-Baptiste Trystram, Daniel McCarney, Jeff Hiner, Campbell He, Sebastian Dröge
-
Add support for parsing signature parameters and value (closes #94)
-
Change
ASN1Time::to_rfc2822()to return a Result -
ASN1Time: modify
from_timestampto return a Result -
ASN1Time: implement Display
-
Upgrade versions of asn1-rs, oid-registry and der-parser
-
AlgorithmIdentifier: add const methods to create object/access fields
-
Globally: start using
asn1-rstypes, simplify parsers:- AlgorithmIdentifier: automatically derive struct, use type ANY
- Merge old FromDer trait into
asn1_rs::FromDer(using X509Error) - Replace BitStringObject with BitString
- AttributeTypeAndValue: use Any instead of DerObject
- Extensions: replace UnparsedObject with Any
- X509Error: add methods to simplify conversions
- CRI Attributes: rewrite and simplify parsers
- Simplify parsers for multiple types and extensions
- Fix ECDSA signature verification when CA and certificate use different curves
- Fix panic in ASN1Time::to_rfc2822() when year is less than 1900
- Fix regression with certificate verification for ECDSA signatures using the P-256 curve and SHA-384 (#118)
- Set minimum version of
timeto 0.3.7 (#119) - Allow empty SEQUENCE when OPTIONAL, for ex in CRL extensions (#120)
- @SergioBenitez, @flavio, @acarlson0000
Crate:
- Update to der-parser 7.0 and asn1-rs
- Remove chrono (#111)
- Set MSRV to 1.53
Validators:
- Add
Deref<Target=TbsCertificate>trait toX509Certificate - Add
Validatortrait and deprecateValidate- The previous validation is implemented in
X509StructureValidator - Split some checks (not on structure) to
X509CertificateValidator
- The previous validation is implemented in
Extensions:
- add support for nsComment
- add support for IssuerAltName
- start adding support for CT Signed Certificate Timestamp (rfc6962)
- raise error if a SAN entry cannot be parsed
- deprecate
TbsCertificate::find_extension()and add preferred methodTbsCertificate::get_extension_unique(): the latter checks for duplicate extensions (#113)
Signatures:
- Fix signature verification for EC curves (#116)
Public Keys:
- Add base functions for parsing public keys (RSA, DSA, GOST)
- @lilyball, @g2p
- Upgrade to nom 7
- Add SubjectPublicKeyInfo::raw field
- Fix der-parser dependency (#102)
- Update oid-registry dependency (#77)
- Set MSRV to 1.46 (indirect dependency on lexical-core and bitvec)
- Extend the lifetimes exposed on TbsCertificate (#104)
- Add missing test assets (#103)
- @jgalenson, @g2p, @kpp
- Add the
Validatetrait to run post-parsing validations of X.509 structure - Add the
FromDertrait to unify parsing methods and visibility (#85) - Add method to format X509Name using a given registry
- Add
X509Certificate::public_key()method - Add ED25519 as a signature algorithm (#95)
- Add support for extensions (#86):
- CRL Distribution Points
- Add
X509CertificateParserbuilder to allow specifying parsing options
- Extensions are now stored in order of appearance in the certificate/CRL (#80)
.extensionsfield is not public anymore, but methods.extensions()and.extensions_map()have been added
- Store CRI attributes in order
- Fix parsing of CertificatePolicies, and use named types (closes #82)
- Allow specifying registry in oid2sn and similar functions (closes #88)
- Mark X509Extension::new as const fn + inline
- Allow leading zeroes in serial number
- Derive
Clonefor all types (when possible) (#89) - Fix certificate validity period check to be inclusive (#90)
- Do not fail GeneralName parsing for x400Address and ediPartyName, read it as unparsed objects (#87)
- Change visibility of fields in
X509Name(replaced by accessors)
- @lilyball for numerous issues, ideas and comments
- @SergioBenitez for lifetimes fixes (#93) and validity period check fixes (#90)
- @rappet for Ed25519 signature verification support (#95)
- @xonatius for the work on CRLDistributionPoints (#96, #98)
- Add functions oid2description() and oid_registry() (closes #79)
- Fix typo 'ocsp_signing' (closes #84)
- Extension: use specific variant if unsupported or failed to parse (closes #83)
- Relax constrains on parsing to accept certificates that do not strictly respect
DER encoding, but are widely accepted by other X.509 libraries:
- SubjectAltName: accept non-ia5string characters
- Extensions: accept boolean values not enoded as
00orff - Serial: build BigUint from raw bytes (do not check sign)
- Remove der-oid-macro from dependencies, not used directly
- Use der_parser::num_bigint, remove it from direct dependencies
- Add methods to iterate all blocks from a PEM file (#75)
- Update MSRV to 1.45.0
- Fix: X509Name::iter_state_or_province OID value
- Re-export oid-registry, and add doc to show how to access OID
- @0xazure for fixing X509Name::iter_state_or_province
-
Upgrade to
nom6.0 -
Upgrade to
der-parser5.0 -
Upgrade MSRV to 1.44.0
-
Re-export crates so crate users do not have to import them
-
Add function parse_x509_pem and deprecate pem_to_der (#53)
-
Add helper methods to X509Name and simplify accessing values
-
Add support for ReasonCode extension
-
Add support for InvalidityDate extension
-
Add support for CRL Number extension
-
Add support for Certificate Signing Request (#58)
-
Change type of X509Version (now directly using the u32 value)
-
X509Name: relax check, allow some non-rfc compliant strings (#50)
-
Relax some constraints for invalid dates
-
CRL: extract raw serial, and add methods to access it
-
CRL: add method to iterate revoked certificates
-
RevokedCertificate: convert extensions list to hashmap
-
Refactor crate modules and visibility
-
Rename top-level functions to
parse_x509_certificateand parse_x509_crl` -
Refactor error handling, return meaningful errors when possible
-
Make many more functions public (parse_tbs_certificate, etc.)
- Dirkjan Ochtman (@djc): support for Certificate Signing Request (CSR), code refactoring, etc.
- Upgrade to
der-parser4.0 - Move from
timetochrono- `time 0.1 is very old, and time 0.2 broke compatibility and cannot parse timezones
- Add public type
ASN1Timeobject to abstract implementation - this breaks API for direct access to
not_before,not_afteretc.
- Fix clippy warnings
nid2objargument is now passed by copy, not reference
- Add method to get a formatted string of the certificate serial number
- Add method to get decoded version
- Add convenience methods to access the most common fields (subject, issuer, etc.)
- Expose the raw DER of an X509Name
- Make
parse_x509_namepublic, for parsing distinguished names - Make OID objects public
- Implement parsing for some extensions
- Support for extensions is not complete, support for more types will be added later
- Add example to decode and print certificates
- Add
verifyfeature to verify cryptographic signature by a public key
- Fix parsing of types not representable by string in X509Name (#36)
- Fix parsing of certificates with empty subject (#37)
- @jannschu, @g2p for the extensions parsing
- @wayofthepie for the tests and contributions
- @nicholasbishop for contributions
- Expose raw bytes of the certificate serial number
- Set edition to 2018
- Fix infinite loop when certificate has no END mark
- Fix infinite loop when reading non-pem data (#28)
- Remove debug code left in
Pem::read
- Add CRL parser
- Expose CRL tbs bytes
- PEM: ignore lines before BEGIN label (#21)
- Fix parsing default values for TbsCertificate version field (#24)
- Use BerResult from der-parser for simpler function signatures
- Expose tbsCertificate bytes
- Upgrade dependencies (base64)
- Update to der-parser 3.0 and nom 5
- Breaks API, cleaner error types
- Add
time_to_expirationtoValidityobject - Add method to read a
Pemobject fromBufRead + Seek - Add method to
Pemto decode and extract certificate
- Update to der-parser 2.0
- Make
parse_subject_public_key_infopublic - Add function
sn2oid(get an OID by short name)
- Support GeneralizedTime conversion
- Fix case where certificate has no extensions
- Upgrade to der-parser 1.1, and Use num-bigint over num
- Rename x509_parser to parse_x509_der
- Do not export subparsers
- Improve documentation
- Upgrade to nom 4
- Rewrite X.509 structures and parsing code to work in one pass Warning: this is a breaking change
- Add support for PEM-encoded certificates
- Add some documentation