1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
# Change Log
## [Unreleased][unreleased]
### Added/Changed/Fixed
### Thanks
## 0.10.0
### Added
- Add the `Validate` trait to run post-parsing validations of X.509 structure
- Add the `FromDer` trait to unify parsing methods and visibility (#85)
- Add method to format X509Name using a given registry
- Add `X509Certificate::public_key()` method
- Add ED25519 as a signature algorithm (#95)
- Add support for extensions (#86):
- CRL Distribution Points
- Add `X509CertificateParser` builder to allow specifying parsing options
### Changed/Fixed
- Extensions are now stored in order of appearance in the certificate/CRL (#80)
- `.extensions` field is not public anymore, but methods `.extensions()` and `.extensions_map()`
have been added
- Store CRI attributes in order
- Fix parsing of CertificatePolicies, and use named types (closes #82)
- Allow specifying registry in oid2sn and similar functions (closes #88)
- Mark X509Extension::new as const fn + inline
- Allow leading zeroes in serial number
- Derive `Clone` for all types (when possible) (#89)
- Fix certificate validity period check to be inclusive (#90)
- Do not fail GeneralName parsing for x400Address and ediPartyName, read it as unparsed objects (#87)
- Change visibility of fields in `X509Name` (replaced by accessors)
### Thanks
- @lilyball for numerous issues, ideas and comments
- @SergioBenitez for lifetimes fixes (#93) and validity period check fixes (#90)
- @rappet for Ed25519 signature verification support (#95)
- @xonatius for the work on CRLDistributionPoints (#96, #98)
## 0.9.3
### Added/Changed/Fixed
- Add functions oid2description() and oid_registry() (closes #79)
- Fix typo 'ocsp_signing' (closes #84)
- Extension: use specific variant if unsupported or failed to parse (closes #83)
- Relax constrains on parsing to accept certificates that do not strictly respect
DER encoding, but are widely accepted by other X.509 libraries:
- SubjectAltName: accept non-ia5string characters
- Extensions: accept boolean values not enoded as `00` or `ff`
- Serial: build BigUint from raw bytes (do not check sign)
## 0.9.2
### Added/Changed/Fixed
- Remove der-oid-macro from dependencies, not used directly
- Use der_parser::num_bigint, remove it from direct dependencies
- Add methods to iterate all blocks from a PEM file (#75)
- Update MSRV to 1.45.0
## 0.9.1
### Added/Changed/Fixed
- Fix: X509Name::iter_state_or_province OID value
- Re-export oid-registry, and add doc to show how to access OID
### Thanks
- @0xazure for fixing X509Name::iter_state_or_province
## 0.9.0
### Added/Changed/Fixed
- Upgrade to `nom` 6.0
- Upgrade to `der-parser` 5.0
- Upgrade MSRV to 1.44.0
- Re-export crates so crate users do not have to import them
- Add function parse_x509_pem and deprecate pem_to_der (#53)
- Add helper methods to X509Name and simplify accessing values
- Add support for ReasonCode extension
- Add support for InvalidityDate extension
- Add support for CRL Number extension
- Add support for Certificate Signing Request (#58)
- Change type of X509Version (now directly using the u32 value)
- X509Name: relax check, allow some non-rfc compliant strings (#50)
- Relax some constraints for invalid dates
- CRL: extract raw serial, and add methods to access it
- CRL: add method to iterate revoked certificates
- RevokedCertificate: convert extensions list to hashmap
- Refactor crate modules and visibility
- Rename top-level functions to `parse_x509_certificate` and parse_x509_crl`
- Refactor error handling, return meaningful errors when possible
- Make many more functions public (parse_tbs_certificate, etc.)
### Thanks
- Dirkjan Ochtman (@djc): support for Certificate Signing Request (CSR), code refactoring, etc.
## 0.8.0
### Added/Changed
- Upgrade to `der-parser` 4.0
- Move from `time` to `chrono`
- `time 0.1 is very old, and time 0.2 broke compatibility and cannot parse timezones
- Add public type `ASN1Time` object to abstract implementation
- *this breaks API for direct access to `not_before`, `not_after` etc.*
- Fix clippy warnings
- `nid2obj` argument is now passed by copy, not reference
- Add method to get a formatted string of the certificate serial number
- Add method to get decoded version
- Add convenience methods to access the most common fields (subject, issuer, etc.)
- Expose the raw DER of an X509Name
- Make `parse_x509_name` public, for parsing distinguished names
- Make OID objects public
- Implement parsing for some extensions
- Support for extensions is not complete, support for more types will be added later
- Add example to decode and print certificates
- Add `verify` feature to verify cryptographic signature by a public key
### Fixed
- Fix parsing of types not representable by string in X509Name (#36)
- Fix parsing of certificates with empty subject (#37)
### Thanks
- @jannschu, @g2p for the extensions parsing
- @wayofthepie for the tests and contributions
- @nicholasbishop for contributions
## 0.7.0
- Expose raw bytes of the certificate serial number
- Set edition to 2018
## 0.6.4
- Fix infinite loop when certificate has no END mark
## 0.6.3
- Fix infinite loop when reading non-pem data (#28)
## 0.6.2
- Remove debug code left in `Pem::read`
## 0.6.1
- Add CRL parser
- Expose CRL tbs bytes
- PEM: ignore lines before BEGIN label (#21)
- Fix parsing default values for TbsCertificate version field (#24)
- Use BerResult from der-parser for simpler function signatures
- Expose tbsCertificate bytes
- Upgrade dependencies (base64)
## 0.6.0
- Update to der-parser 3.0 and nom 5
- Breaks API, cleaner error types
## 0.5.1
- Add `time_to_expiration` to `Validity` object
- Add method to read a `Pem` object from `BufRead + Seek`
- Add method to `Pem` to decode and extract certificate
## 0.5.0
- Update to der-parser 2.0
## 0.4.3
- Make `parse_subject_public_key_info` public
- Add function `sn2oid` (get an OID by short name)
## 0.4.2
- Support GeneralizedTime conversion
## 0.4.1
- Fix case where certificate has no extensions
## 0.4.0
- Upgrade to der-parser 1.1, and Use num-bigint over num
- Rename x509_parser to parse_x509_der
- Do not export subparsers
- Improve documentation
## 0.3.0
- Upgrade to nom 4
## 0.2.0
- Rewrite X.509 structures and parsing code to work in one pass
**Warning: this is a breaking change**
- Add support for PEM-encoded certificates
- Add some documentation
|
