mirror of https://github.com/ctz/rustls
Update changelog in preparation for 0.21.0
This commit is contained in:
parent
8a2a87b240
commit
d7be326b76
30
README.md
30
README.md
|
@ -23,27 +23,51 @@ If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md).
|
|||
* Future release
|
||||
- Planned: removal of unused signature verification schemes at link-time.
|
||||
- Planned: removal of unused protocol versions at link-time.
|
||||
* Next release: 0.21.0 (2023-xx-xx)
|
||||
* Next release: 0.21.0 (2023-03-29)
|
||||
- Support for connecting to peers named with IP addresses. This means
|
||||
rustls now depends on a fork of webpki - `rustls-webpki` - with a suitably
|
||||
extended API.
|
||||
- *Breaking change*: `StoresClientSessions` trait renamed to `ClientSessionStore` and
|
||||
reworked to allow storage of multiple TLS1.3 tickets and avoid reuse of them.
|
||||
This is a privacy improvement, see RFC8446 appendix C.4.
|
||||
- *Breaking change*: `rustls::Error` is no longer `PartialEq`.
|
||||
- *Breaking change*: the `DistinguishedNames` type alias no longer exists; the public
|
||||
API now exports a `DistinguishedName` type, and the
|
||||
`ClientCertVerifier::client_auth_root_subjects()` method now returns a
|
||||
`&[DistinguishedName]` instead (with the lifetime constrained to the
|
||||
verifier's).
|
||||
- *Breaking change*: the `ClientCertVerifier` methods `client_auth_mandatory()`
|
||||
and `client_auth_root_subjects()` no longer return an `Option`. You can now
|
||||
use an `Acceptor` to decide whether to accept the connection based on information
|
||||
from the `ClientHello` (like server name).
|
||||
- *Breaking change*: rework `rustls::Error` to avoid String usage in
|
||||
`PeerMisbehavedError`, `PeerIncompatibleError` and certificate errors.
|
||||
Especially note that custom certificate verifiers should move to use the
|
||||
new certificate errors.
|
||||
new certificate errors. `Error` is now `non_exhaustive`, and so are the
|
||||
inner enums used in its variants.
|
||||
- *Breaking change*: replace `webpki::Error` appearing in the public API
|
||||
in `RootCertStore::add`.
|
||||
- The number of tickets sent by a TLS1.3 server is now configurable via
|
||||
`ServerConfig::send_tls13_tickets`. Previously one ticket was sent, now
|
||||
the default is four.
|
||||
- *Breaking change*: remove deprecated methods from `Acceptor`.
|
||||
- *Breaking change*: `AllowAnyAuthenticatedClient` and `AllowAnyAnonymousOrAuthenticatedClient`
|
||||
`new` functions now return `Self`. A `boxed` function was added to both types to easily acquire
|
||||
an `Arc<dyn ClientCertVerifier>`.
|
||||
- *Breaking change*: `NoClientAuth::new` was renamed to `boxed`.
|
||||
- *Breaking change*: the QUIC API has changed to provide QUIC-specific `ClientConnection` and
|
||||
`ServerConnection` types, instead of using an extension trait.
|
||||
- *Breaking change*: the QUIC `Secrets` constructor was changed to take
|
||||
a `Side` instead of `bool`.
|
||||
- *Breaking change*: the `export_keying_material` function on a `Connection`
|
||||
was changed from returning `Result<(), Error>` to `Result<T, Error>` where
|
||||
`T: AsMut<[u8]>`.
|
||||
- *Breaking change*: the `sni_hostname` function on a `Connection` was renamed
|
||||
to `server_name`.
|
||||
- *Breaking change*: remove alternative type names deprecated in 0.20.0 (`RSASigningKey` vs.
|
||||
`RsaSigningKey` etc.)
|
||||
- *Breaking change*: the client config `session_storage` and `enable_tickets`
|
||||
fields have been replaced by a more misuse resistant `Resumption` type that
|
||||
combines the two options.
|
||||
* 0.20.8 (2023-01-12)
|
||||
- Yield an error from `ConnectionCommon::read_tls()` if buffers are full.
|
||||
Both a full deframer buffer and a full incoming plaintext buffer will
|
||||
|
|
Loading…
Reference in New Issue