0.6.0

• Avoid implicit reliance on the default crypto provider
• Eagerly create the verifier on miscellaneous Unix platforms (including Linux) to avoid swallowing errors

What's Changed

• Update real world test certificates by @djc in #177
• Eagerly build root store on miscellaneous Unix platforms by @djc in #171
• Upgrade to webpki-root-certs 1 by @djc in #176

0.5.3

• Adapt to changes in rustls error API.

What's Changed

• Fix typo in Verifier::{with_provider, get_provider} docs by @paolobarbolini in #173
• Refine CI workflow triggers by @djc in #174
• Adapt to changing rustls error API by @djc in #168

0.5.2

The headline of this release is server compatibility improvements.

It removes an edge case where a failure to load any certificates on Linux/BSD platforms would result in silently turning the lack of certificate roots into "no signature algorithms". During the initialization of a TLS session with a server this caused rustls to send an empty supported signature list in the ClientHello.

What's Changed

• Remove signature list failure case in other Verifier by @complexspaces in #169

Full Changelog: v/0.5.1...v/0.5.2

0.5.1

Change the way we interact with the rustls API to avoid semver hazards: unfortunately changes in rustls 0.23.24 broke older rustls-platform-verifier releases due to downcasting of a no-longer compatible error wrapper. rustls 0.23.25 now exposes the required variant directly, which should avoid similar issues in the future. (For more details, see #163.)

What's Changed

• Update the crate version in README by @1hakusai1 in #155
• Update CI for Febuary 2025 by @complexspaces in #156
• fix 'environment' typo in android docs by @mcginty in #158
• Refactor Android init methods for more flexibility by @mcginty in #159
• Allow modern range of windows-sys versions by @complexspaces in #161
• Fix audit by @djc in #162
• Update dependencies by @djc in #163

0.5.0

The upgrade to jni 0.21 contained some Android-only breaking changes -- API changes should not affect other platforms.

What's Changed

• Update jni to 0.21 by @Cyannide in #151
• Bump MSRV & update dependencies by @djc in #152
• ci: add some missing persist-credentials by @cpu in #154

0.4.0

• Improved support for "extra" roots - the ability to specify additional root certificates beyond the platform's own roots has been extended to all supported platforms with the exception of Android (TBD). This can be used for additive configuration, for example to support all system roots and additionally some internal, or company specific, roots. The existing Linux/UNIX verifier's new_with_extra_roots() fn now accepts impl IntoIterator<Item = pki_types::TrustAnchor<'static>> in place of Vec<pki_types::CertificateDer<'static>> to better harmonize with the other platforms.
• Replace winapi with windows-sys - the latter is a 1st party Microsoft crate with better on-going support.
• Improved documentation - the README has been updated to better describe the differences between this crate and other available options.
• Added new BuilderVerifierExt and ConfigVerifierExt traits which provide with_platform_verifier() methods for easier rustls client configuration. These intend to replace tls_config and tls_config_with_provider, which are now deprecated.

What's Changed

• ci: disable dependabot cargo updates by @cpu in #120
• Port Windows verifier from winapi to windows-sys by @complexspaces in #131
• Fix and defend wasm code using wasi platform by @ctz in #136
• Add new with extra roots on macos/ios by @stormshield-gt and @complexspaces in #133
• Fix FreeBSD by @djc in #137
• tests: update vendored real world certs by @cpu in #140
• Add new with extra roots on windows by @stormshield-gt in #135
• ci: add cargo-semver-checks-action by @cpu in #143
• Add deployment considerations section to README by @complexspaces in #142
• Bump Java CI testing version from 11 to 17 by @complexspaces in #147
• relax new_with_extra_roots API by @stormshield-gt in #145
• Run tests on iOS using Mac Catalyst and expand Apple platforms by @complexspaces in #149
• Use extension trait to simplify config by @djc in #150
• Prepare 0.4.0 by @complexspaces in #148

New Contributors

• @stormshield-gt made their first contribution in #133

Full Changelog: v/0.3.4...v/0.4.0

v/0.3.4

• Fix an error in the handling of allowed EKUs on Windows; see #126

What's Changed

• small chores by @cpu in #116
• tests: regenerate verification_mock data by @cpu in #121
• Update deny config & bump base64 to 0.22 by @djc in #119
• build(deps): bump EmbarkStudios/cargo-deny-action from 1 to 2 by @dependabot in #118
• Fix UB in Windows verifier EKU handling by @complexspaces in #127
• Prepare 0.3.4 by @ctz in #129

Full Changelog: v/0.3.3...v/0.3.4

v/0.1.2

Fix an error in the handling of allowed EKUs on Windows; see #126

What's Changed

• Backport CI and build changes from main by @ctz in #130
• Fix UB in Windows verifier EKU handling by @complexspaces in #127
• Prepare 0.1.2 by @ctz in #129

Full Changelog: v/0.1.1...v/0.1.2

v/0.3.3

• Fixed inclusion of relevant license files in published crates.
• Android: revocation checking is no longer attempted for non-public certificates from private PKIs.

What's Changed

• Ensure license files are included in published crates by @decathorpe in #110
• Android: Don't attempt to check revocation on non-public certificates by @complexspaces in #108
• tests: fix update_valid_ee_certs.rs script, update vendored test data by @cpu in #111
• build(deps): bump reactivecircus/android-emulator-runner from 2.31.0 to 2.32.0 by @dependabot in #113
• android-release-support 0.1.1, rustls-platform-verifier 0.3.3 by @cpu in #114

New Contributors

• @decathorpe made their first contribution in #110

Full Changelog: v/0.3.2...v/0.3.3

v/0.3.2

• Fixed loading of native certificates using rustls-native-certs on FreeBSD systems using the webpki based UNIX verifier.
• Reduced transitive dependencies for platforms requiring a webpki dependency. Notably this avoids the unconditional inclusion of ring.

What's Changed

• android: more detail for test config verify exception by @cpu in #75
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #89
• Fix clippy tvOS build, resolve cargo audit finding, fix expired cert by @cpu in #91
• proj: add initial Nix flake support by @cpu in #73
• Minimise features demanded from rustls-webpki crate by @ctz in #103
• Enable rustls_native_certs::load_native_certs on FreeBSD by @rami3l in #105
• build(deps): bump reactivecircus/android-emulator-runner from 2.30.1 to 2.31.0 by @dependabot in #96
• Cargo: version 0.3.1 -> 0.3.2 by @cpu in #106

New Contributors

• @dependabot made their first contribution in #89
• @ctz made their first contribution in #103
• @rami3l made their first contribution in #105

Full Changelog: v/0.3.1...v/0.3.2