0.12.0

This release updates to Rustls 0.22, but does not yet expose support for customizing the cryptographic provider. This will be added in a future release, and 0.12.0 continues to use *ring* as the only cryptographic provider.

Added

• RUSTLS_RESULT_CLIENT_CERT_VERIFIER_BUILDER_NO_ROOT_ANCHORS error code, returned when a client cert verifier is being built that hasn't provided any root trust anchors.
• The server certificate verifier now supports CRL revocation checking through policy and CRLs provided to the server certificate verifier builder.
• Client certificate verifier builder now supports controlling CRL revocation status check depth and unknown revocation policy.

Changed

• The root certificate store constructor (rustls_root_cert_store_new) and the function to add PEM content (rustls_root_cert_store_add_pem) have been replaced with a new rustls_root_cert_store_builder type, constructed with rustls_root_cert_store_builder_new. PEM content can be added with rustls_root_cert_store_builder_add_pem and rustls_root_cert_store_builder_load_roots_from_file.
• The client verifier builders (rustls_allow_any_anonymous_or_authenticated_client_builder, and rustls_allow_any_authenticated_client_builder) as well as the client verifier types (rustls_allow_any_anonymous_or_authenticated_client_verifier, rustls_allow_any_authenticated_client_verifier) have been replaced with rustls_web_pki_client_cert_verifier_builder and rustls_client_cert_verifier.
• The server config client verifier setters (rustls_server_config_builder_set_client_verifier and rustls_server_config_builder_set_client_verifier_optional) have been replaced with rustls_server_config_builder_set_client_verifier.
• The client config builder functions for specifying root trust anchors (rustls_client_config_builder_use_roots and rustls_client_config_builder_load_roots_from_file) have been replaced with a server certificate verifier builder (rustls_web_pki_server_cert_verifier_builder) constructed with rustls_web_pki_server_cert_verifier_builder_new and a rustls_root_cert_store. The built rustls_web_pki_server_cert_verifier can be provided to a client config builder with
  rustls_client_config_builder_set_server_verifier.
• CRL validation defaults to checking the full certificate chain, and treating unknown revocation status as an error condition.

Removed

• RUSTLS_RESULT_CERT_SCT_* error codes have been removed.

What's Changed

• cipher: fix unneeded return statements. by @cpu in #339
• tests: improve readability of output by @jsha in #337
• Nightly clippy fixes. by @cpu in #340
• Shrink unsafe block by @cactter in #271
• Attempt to fix occasional CI client/server test flakes. by @cpu in #343
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #344
• Commit Cargo.lock to repository by @kpcyrd in #346
• small test and documentation fixes by @cpu in #347
• Rewrite Python test helpers in Rust by @cpu in #348
• build(deps): bump libc from 0.2.148 to 0.2.149 by @dependabot in #351
• rework CastPtr, CastConstPtr, BoxCastPtr, ArcCastPtr by @cpu in #353
• docs: various small fixes to the README documentation by @cpu in #355
• fix build: pin a specific nightly by @jsha in #361
• Use rustls 0.21.9, revert nightly pin, update version to 0.11.1 by @cpu in #362
• lib: add try_take! macro, handling AlreadyUsed Options by @cpu in #360
• rename to_arc to clone_arc by @jsha in #363
• doc: document handling of dynamically sized types by @jsha in #364
• track upstream Rustls 0.22.x alpha changes. by @cpu in #341
• Document helper macros by @jsha in #365
• track rustls alpha.6 by @cpu in #368
• v0.12.0: update to rustls 0.22, address breaking changes by @cpu in #371
• docs: update changelog by @cpu in #372

New Contributors

• @cactter made their first contribution in #271
• @dependabot made their first contribution in #344
• @kpcyrd made their first contribution in #346

Full Changelog: v0.11.0...v/0.12.0