| # Change Log |
| |
| ## [Unreleased][unreleased] |
| |
| ### Added/Changed/Fixed |
| |
| ### Thanks |
| |
| ## 0.12.0 |
| |
| ### Added/Changed/Fixed |
| |
| - Upgrade to nom 7 |
| |
| ## 0.11.0 |
| |
| ### Added |
| |
| - Add SubjectPublicKeyInfo::raw field |
| |
| ### Changed/Fixed |
| |
| - Fix der-parser dependency (#102) |
| - Update oid-registry dependency (#77) |
| - Set MSRV to 1.46 (indirect dependency on lexical-core and bitvec) |
| - Extend the lifetimes exposed on TbsCertificate (#104) |
| - Add missing test assets (#103) |
| |
| ### Thanks |
| |
| - @jgalenson, @g2p, @kpp |
| |
| ## 0.10.0 |
| |
| ### Added |
| |
| - Add the `Validate` trait to run post-parsing validations of X.509 structure |
| - Add the `FromDer` trait to unify parsing methods and visibility (#85) |
| - Add method to format X509Name using a given registry |
| - Add `X509Certificate::public_key()` method |
| - Add ED25519 as a signature algorithm (#95) |
| - Add support for extensions (#86): |
| - CRL Distribution Points |
| - Add `X509CertificateParser` builder to allow specifying parsing options |
| |
| ### Changed/Fixed |
| |
| - Extensions are now stored in order of appearance in the certificate/CRL (#80) |
| - `.extensions` field is not public anymore, but methods `.extensions()` and `.extensions_map()` |
| have been added |
| - Store CRI attributes in order |
| - Fix parsing of CertificatePolicies, and use named types (closes #82) |
| - Allow specifying registry in oid2sn and similar functions (closes #88) |
| - Mark X509Extension::new as const fn + inline |
| - Allow leading zeroes in serial number |
| - Derive `Clone` for all types (when possible) (#89) |
| - Fix certificate validity period check to be inclusive (#90) |
| - Do not fail GeneralName parsing for x400Address and ediPartyName, read it as unparsed objects (#87) |
| - Change visibility of fields in `X509Name` (replaced by accessors) |
| |
| ### Thanks |
| |
| - @lilyball for numerous issues, ideas and comments |
| - @SergioBenitez for lifetimes fixes (#93) and validity period check fixes (#90) |
| - @rappet for Ed25519 signature verification support (#95) |
| - @xonatius for the work on CRLDistributionPoints (#96, #98) |
| |
| ## 0.9.3 |
| |
| ### Added/Changed/Fixed |
| |
| - Add functions oid2description() and oid_registry() (closes #79) |
| - Fix typo 'ocsp_signing' (closes #84) |
| - Extension: use specific variant if unsupported or failed to parse (closes #83) |
| - Relax constrains on parsing to accept certificates that do not strictly respect |
| DER encoding, but are widely accepted by other X.509 libraries: |
| - SubjectAltName: accept non-ia5string characters |
| - Extensions: accept boolean values not enoded as `00` or `ff` |
| - Serial: build BigUint from raw bytes (do not check sign) |
| |
| ## 0.9.2 |
| |
| ### Added/Changed/Fixed |
| |
| - Remove der-oid-macro from dependencies, not used directly |
| - Use der_parser::num_bigint, remove it from direct dependencies |
| - Add methods to iterate all blocks from a PEM file (#75) |
| - Update MSRV to 1.45.0 |
| |
| ## 0.9.1 |
| |
| ### Added/Changed/Fixed |
| |
| - Fix: X509Name::iter_state_or_province OID value |
| - Re-export oid-registry, and add doc to show how to access OID |
| |
| ### Thanks |
| |
| - @0xazure for fixing X509Name::iter_state_or_province |
| |
| ## 0.9.0 |
| |
| ### Added/Changed/Fixed |
| |
| - Upgrade to `nom` 6.0 |
| - Upgrade to `der-parser` 5.0 |
| - Upgrade MSRV to 1.44.0 |
| - Re-export crates so crate users do not have to import them |
| |
| - Add function parse_x509_pem and deprecate pem_to_der (#53) |
| - Add helper methods to X509Name and simplify accessing values |
| - Add support for ReasonCode extension |
| - Add support for InvalidityDate extension |
| - Add support for CRL Number extension |
| - Add support for Certificate Signing Request (#58) |
| |
| - Change type of X509Version (now directly using the u32 value) |
| - X509Name: relax check, allow some non-rfc compliant strings (#50) |
| - Relax some constraints for invalid dates |
| - CRL: extract raw serial, and add methods to access it |
| - CRL: add method to iterate revoked certificates |
| - RevokedCertificate: convert extensions list to hashmap |
| |
| - Refactor crate modules and visibility |
| - Rename top-level functions to `parse_x509_certificate` and parse_x509_crl` |
| |
| - Refactor error handling, return meaningful errors when possible |
| - Make many more functions public (parse_tbs_certificate, etc.) |
| |
| ### Thanks |
| |
| - Dirkjan Ochtman (@djc): support for Certificate Signing Request (CSR), code refactoring, etc. |
| |
| ## 0.8.0 |
| |
| ### Added/Changed |
| |
| - Upgrade to `der-parser` 4.0 |
| - Move from `time` to `chrono` |
| - `time 0.1 is very old, and time 0.2 broke compatibility and cannot parse timezones |
| - Add public type `ASN1Time` object to abstract implementation |
| - *this breaks API for direct access to `not_before`, `not_after` etc.* |
| - Fix clippy warnings |
| - `nid2obj` argument is now passed by copy, not reference |
| - Add method to get a formatted string of the certificate serial number |
| - Add method to get decoded version |
| - Add convenience methods to access the most common fields (subject, issuer, etc.) |
| - Expose the raw DER of an X509Name |
| - Make `parse_x509_name` public, for parsing distinguished names |
| - Make OID objects public |
| - Implement parsing for some extensions |
| - Support for extensions is not complete, support for more types will be added later |
| - Add example to decode and print certificates |
| - Add `verify` feature to verify cryptographic signature by a public key |
| |
| ### Fixed |
| |
| - Fix parsing of types not representable by string in X509Name (#36) |
| - Fix parsing of certificates with empty subject (#37) |
| |
| ### Thanks |
| |
| - @jannschu, @g2p for the extensions parsing |
| - @wayofthepie for the tests and contributions |
| - @nicholasbishop for contributions |
| |
| ## 0.7.0 |
| |
| - Expose raw bytes of the certificate serial number |
| - Set edition to 2018 |
| |
| ## 0.6.4 |
| |
| - Fix infinite loop when certificate has no END mark |
| |
| ## 0.6.3 |
| |
| - Fix infinite loop when reading non-pem data (#28) |
| |
| ## 0.6.2 |
| |
| - Remove debug code left in `Pem::read` |
| |
| ## 0.6.1 |
| |
| - Add CRL parser |
| - Expose CRL tbs bytes |
| - PEM: ignore lines before BEGIN label (#21) |
| - Fix parsing default values for TbsCertificate version field (#24) |
| - Use BerResult from der-parser for simpler function signatures |
| - Expose tbsCertificate bytes |
| - Upgrade dependencies (base64) |
| |
| ## 0.6.0 |
| |
| - Update to der-parser 3.0 and nom 5 |
| - Breaks API, cleaner error types |
| |
| ## 0.5.1 |
| |
| - Add `time_to_expiration` to `Validity` object |
| - Add method to read a `Pem` object from `BufRead + Seek` |
| - Add method to `Pem` to decode and extract certificate |
| |
| ## 0.5.0 |
| |
| - Update to der-parser 2.0 |
| |
| ## 0.4.3 |
| |
| - Make `parse_subject_public_key_info` public |
| - Add function `sn2oid` (get an OID by short name) |
| |
| ## 0.4.2 |
| |
| - Support GeneralizedTime conversion |
| |
| ## 0.4.1 |
| |
| - Fix case where certificate has no extensions |
| |
| ## 0.4.0 |
| |
| - Upgrade to der-parser 1.1, and Use num-bigint over num |
| - Rename x509_parser to parse_x509_der |
| - Do not export subparsers |
| - Improve documentation |
| |
| ## 0.3.0 |
| |
| - Upgrade to nom 4 |
| |
| ## 0.2.0 |
| |
| - Rewrite X.509 structures and parsing code to work in one pass |
| **Warning: this is a breaking change** |
| - Add support for PEM-encoded certificates |
| - Add some documentation |
| |
| |
