v/0.4.0

• Improved support for "extra" roots - the ability to specify additional root certificates beyond the platform's own roots has been extended to all supported platforms with the exception of Android (TBD). This can be used for additive configuration, for example to support all system roots and additionally some internal, or company specific, roots. The existing Linux/UNIX verifier's new_with_extra_roots() fn now accepts impl IntoIterator<Item = pki_types::TrustAnchor<'static>> in place of Vec<pki_types::CertificateDer<'static>> to better harmonize with the other platforms.
• Replace winapi with windows-sys - the latter is a 1st party Microsoft crate with better on-going support.
• Improved documentation - the README has been updated to better describe the differences between this crate and other available options.
• Added new BuilderVerifierExt and ConfigVerifierExt traits which provide with_platform_verifier() methods for easier rustls client configuration. These intend to replace tls_config and tls_config_with_provider, which are now deprecated.

What's Changed

• ci: disable dependabot cargo updates by @cpu in #120
• Port Windows verifier from winapi to windows-sys by @complexspaces in #131
• Fix and defend wasm code using wasi platform by @ctz in #136
• Add new with extra roots on macos/ios by @stormshield-gt and @complexspaces in #133
• Fix FreeBSD by @djc in #137
• tests: update vendored real world certs by @cpu in #140
• Add new with extra roots on windows by @stormshield-gt in #135
• ci: add cargo-semver-checks-action by @cpu in #143
• Add deployment considerations section to README by @complexspaces in #142
• Bump Java CI testing version from 11 to 17 by @complexspaces in #147
• relax new_with_extra_roots API by @stormshield-gt in #145
• Run tests on iOS using Mac Catalyst and expand Apple platforms by @complexspaces in #149
• Use extension trait to simplify config by @djc in #150
• Prepare 0.4.0 by @complexspaces in #148

New Contributors

• @stormshield-gt made their first contribution in #133

Full Changelog: v/0.3.4...v/0.4.0

v/0.3.4

• Fix an error in the handling of allowed EKUs on Windows; see #126

What's Changed

• small chores by @cpu in #116
• tests: regenerate verification_mock data by @cpu in #121
• Update deny config & bump base64 to 0.22 by @djc in #119
• build(deps): bump EmbarkStudios/cargo-deny-action from 1 to 2 by @dependabot in #118
• Fix UB in Windows verifier EKU handling by @complexspaces in #127
• Prepare 0.3.4 by @ctz in #129

Full Changelog: v/0.3.3...v/0.3.4

v/0.1.2

Fix an error in the handling of allowed EKUs on Windows; see #126

What's Changed

• Backport CI and build changes from main by @ctz in #130
• Fix UB in Windows verifier EKU handling by @complexspaces in #127
• Prepare 0.1.2 by @ctz in #129

Full Changelog: v/0.1.1...v/0.1.2

v/0.3.3

• Fixed inclusion of relevant license files in published crates.
• Android: revocation checking is no longer attempted for non-public certificates from private PKIs.

What's Changed

• Ensure license files are included in published crates by @decathorpe in #110
• Android: Don't attempt to check revocation on non-public certificates by @complexspaces in #108
• tests: fix update_valid_ee_certs.rs script, update vendored test data by @cpu in #111
• build(deps): bump reactivecircus/android-emulator-runner from 2.31.0 to 2.32.0 by @dependabot in #113
• android-release-support 0.1.1, rustls-platform-verifier 0.3.3 by @cpu in #114

New Contributors

• @decathorpe made their first contribution in #110

Full Changelog: v/0.3.2...v/0.3.3

v/0.3.2

• Fixed loading of native certificates using rustls-native-certs on FreeBSD systems using the webpki based UNIX verifier.
• Reduced transitive dependencies for platforms requiring a webpki dependency. Notably this avoids the unconditional inclusion of ring.

What's Changed

• android: more detail for test config verify exception by @cpu in #75
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #89
• Fix clippy tvOS build, resolve cargo audit finding, fix expired cert by @cpu in #91
• proj: add initial Nix flake support by @cpu in #73
• Minimise features demanded from rustls-webpki crate by @ctz in #103
• Enable rustls_native_certs::load_native_certs on FreeBSD by @rami3l in #105
• build(deps): bump reactivecircus/android-emulator-runner from 2.30.1 to 2.31.0 by @dependabot in #96
• Cargo: version 0.3.1 -> 0.3.2 by @cpu in #106

New Contributors

• @dependabot made their first contribution in #89
• @ctz made their first contribution in #103
• @rami3l made their first contribution in #105

Full Changelog: v/0.3.1...v/0.3.2

v/0.3.1

0.3.1

• New rustls_platform_verifier::tls_config_with_provider() function for convenient construction of a rustls::ClientConfig configured with the platform verifier, and a specific rustls::crypto::CryptoProvider.
• New Verifier::with_provider() and Verifier::set_provider() fns for constructing or updating a Verifier with a specific rustls::crypto::CryptoProvider.
• Support for Apple tvOS.

What's Changed

• docs: fix broken docs link to with_custom_certificate_verifier by @jbr in #80
• ci: add dependabot, update actions by @cpu in #83
• Vet docs in CI by @cpu in #82
• feat: add Verifier::set_provider and Verifier::with_provider by @jbr in #81
• feat: rustls_platform_verifier::tls_config_with_provider by @jbr in #86
• Added tvOS support by @ErikEverson in #78
• 0.3.1 release preparation by @cpu in #88

New Contributors

• @jbr made their first contribution in #80
• @ErikEverson made their first contribution in #78

Full Changelog: v/0.3.0...v/0.3.1

v/0.3.0

0.3.0

• Updates Rustls from 0.22 to 0.23.

What's Changed

• Add a code sample showing how to use it by @djc in #65
• tests: refresh LE real world verification test case, more logging by @cpu in #71
• Update Android test action and fix outstanding CI issues by @complexspaces in #72
• ci: use default Android emulator target by @cpu in #74
• Update rustls to 0.23 by @Ralith in #70
• Cargo: version 0.2.0 -> 0.3.0 by @cpu in #77

New Contributors

• @Ralith made their first contribution in #70

Full Changelog: v/0.2.0...v/0.3.0

0.1.1

This patch release fixes docs and improves UNIX platform support:

• Fix documentation to not have platform-specific rendering everywhere
• Clarify UNIX root stores in the documentation and README
• Add support for FreeBSD

What's Changed

• backport BSD support and documentation fixes by @cpu in #61
• Prepare for 0.1.1 release by @complexspaces in #64

Full Changelog: v/0.1.0...v/0.1.1

0.2.0

• Rustls version updated from 0.21 to 0.22

What's Changed

• tests: use a fixed SystemTime for certificate validation by @cpu in #50
• Small documentation touch-ups by @cpu in #54
• Update release documentation and scripts to record flushed-out steps by @complexspaces in #52
• Fix incorrect platform-specific Verifier documentation by @complexspaces in #57
• Support FreeBSD by @cpu in #55
• Cargo: update to rustls 0.22, associated updates by @cpu in #42
• 0.2.0 release preparation by @cpu in #62

Full Changelog: v/0.1.0...v/0.2.0

0.1.0

Initial release

• This is the initial release with support for Android, iOS, macOS, Windows, and Linux/UNIX-like platforms. See the README for details.