You can make one of these using `webpki::Time::from_seconds_from_unix_epoch`.
- Move ASN1 conversion functions to "calendar.rs", and add some tests.
- The new feature `use_std` adds `from<std::time::SystemTime>` to `webpki::Time`.
- Fixate time in tests/integration to prevent future expiry.
- Add a library-external test of `use_std` feature.
- Run tests with `use_std` and without.
Simplify the way algorithm identifiers are parsed. Simplify the tests
to account for the new simpler parsing.
Simplify how algorithm identifiers are matched against known algorithm
identifiers by using just bytewise comparison.
Simplify the storage of known algorithm identifiers by including their
binary DER-encoded values from files in src/data/. Remove most of the
macros for encoding OID values as they are no longer needed. Remove the
script for generating PSS-related AlgorithmIdentifier parts in favor of
using der-ascii in the future, as documented in src/data/README.md.
Remove the encoded PSS parts generated from the deleted script, as they
were replaced in this transition.
Based on some research the Google Chrome team did, there's no strong
need to support rsaEncryption signatures where the NULL is missing
unless/until we add OCSP support.
This has tests generated by openssl, and integrated with
the existing chromium verify_signed_data corpus.
The PSS parameter encodings are slightly unwieldy, and
are included from files rather than embedded in the source.
There are python scripts for regenerating the parameter encodings
and tests.
This enables us to support exactly one OID per signature algorithm.
A Censys search found no publicly-trusted certificates using this OID:
https://censys.io/certificates?q=parsed.signature.signature_algorithm.oid%3A+1.3.14.3.2.29
This won't impact uses of RSA PKCS#1 SHA-1 for ServerKeyExchange
signatures since those signatures don't identify the algorithm using
OIDS.
* Update *ring* requirement to 0.3.0.
* Update Appveyor configuration to use Rust 1.11.0 on stable, which is
the latest Rust version and the minimum required by *ring*.
* Bump version number to indicate these are incompatible changes.
* Drop leftover remnants of MSVC 2013 testing on Appveyor.
The feature name was inconsistent in the source code and Cargo.toml.
Consequently, it wasn't noticed that webpki::trust_anchor_util was
broken due to the `!#[no_std]` change. Also fix that.
`webpki::trust_anchor_util` is now an optional feature, enabled using
the feature "trust_anchor_util", which is enabled by default. It is the
only part of webpki other than the tests to use libstd. If the
"trust_anchor_util" default feature is disabled, then webpki should build
and work against libcore.
Release builds on Windows fail to link if debugging info is included
due to a rustc/LLVM bug, so disable debugging info in release builds.
This matches what is done in *ring* for the same reasons.