6ca7b34fd0
Release 4.8.0
2024-07-05 11:55:30 -07:00
d8e821bae9
Expose hmac_sha1 function
2024-06-28 10:51:46 +01:00
b7baacc047
Fix workflows file, pin mac os FIPS crossbuild runner to macos-13
...
The macos-13 runner uses intel chips and thus x86, so clang 12.0.0 is
easily available.
2024-06-26 16:13:58 +01:00
924f452130
clippy: *::max_value() -> *::MAX
2024-06-26 16:13:58 +01:00
884c91e770
Expose X509_check_host
2024-06-26 16:13:58 +01:00
ac208ede66
Expose SSL_add1_chain_cert
2024-06-26 16:13:58 +01:00
fb1283ef23
Expose SSL_{set|clear}_mode
2024-06-26 16:13:58 +01:00
2997b07d06
Expose SSL_{get|set}_{max|min}_proto_version
2024-06-26 16:13:58 +01:00
936d81b4ff
Add APIs to expose client and server cipher lists
...
The client sent ciphers in the ClientHello are unparsed and thus require
the user to convert u16s into SslCipher instances. It could be worth
doing this parsing in the library itself to make things consistent and
always return a StackRef<SslCipher>.
2024-06-26 16:13:58 +01:00
1879e9cff0
Expose SSL_CIPHER_is_aead and SSL_CIPHER_auth_nid
2024-06-26 16:13:58 +01:00
a88704076c
Add NIDs for cipher authentication types
2024-06-26 16:13:58 +01:00
760e99db46
Impl From for SslSignatureAlgorithm
...
This is useful for comparing raw u16s with the various sigalg constants.
2024-06-26 16:13:58 +01:00
b3eaacc33a
Updates license field to valid SPDX format
2024-06-02 10:40:17 +01:00
7b97ff7bf5
Release 4.7.0
2024-05-31 18:18:56 +01:00
d9f7e4daf6
Fix crosscompile
2024-05-31 09:38:29 +01:00
738d80a653
Expose hmac_sha256/512 functions
2024-05-31 09:38:29 +01:00
b8044706ad
Release 4.6.0
2024-04-09 11:25:44 +02:00
87ed6ab9bb
Tweak cliff config to exclude merge and release commits from changelog
2024-04-09 11:18:05 +02:00
870ccd9084
builder
2024-04-07 17:03:52 -07:00
2cee0af3d2
HttpsLayerSettings
2024-04-07 17:03:52 -07:00
8db6134c75
bound session cache
...
When establishing new TLS sessions, servers may send multiple session
tickets (RFC8446 4.6.1). hyper-boring caches tickets without placing a
limit on how many tickets are cached. This leads to unbounded growth of
hyper-boring's cache and leaves clients vulnerable to malicious servers
who might send many session tickets to exhaust a client's available
memory.
This change bounds the cache to a default of 8 tickets.
2024-04-07 17:03:52 -07:00
3d9a5e3244
add get_curve ( #226 )
2024-03-26 14:48:53 +01:00
167f5aece1
Remove kx-safe-default gate on SslCurve
...
While setting curves should be restricted by the kx-safe-default
feature, reading the curve is allowed.
2024-03-24 11:11:22 -07:00
b96d2b88a4
Enable layout tests on iOS target
2024-03-24 11:11:05 -07:00
30b33991e5
Fix clippy lints
2024-03-24 10:52:05 -07:00
713558993a
Add getters for client hello message
2024-03-22 20:44:55 +01:00
ba85412229
Removes vestigial build script
2024-02-26 13:25:46 +01:00
bc42edc552
Introduce and use read_uninit and write_uninit duplicated from openssl-0.10.61 and tokio-openssl-0.6.4
2024-02-21 09:07:39 +01:00
db01409165
Release 4.5.0
2024-02-08 11:00:16 +01:00
8ab1873d8b
Introduce SslRef::set_private_key
2024-02-08 10:10:50 +01:00
7ead83cf40
Release 4.4.1
2024-02-02 10:44:53 -08:00
d3a42b0aeb
Fix building with BORING_BSSL_PATH / BORING_BSSL_FIPS_PATH
...
When passing BORING_BSSL_FIPS_PATH, you need to add /lib/ to the search
path, and when passing BORING_BSSL_PATH you need to add /crypto/ and
/ssl/ to the search path.
2024-02-02 10:23:41 -08:00
5aed467dcb
Fix building with non bazel commits of boringssl
...
We need to add `/build/crypto` and `/build/ssl` to the library search
path to handle the case where we pass `BORING_BSSL_SOURCE_PATH` when
building without enabling any fips features. Otherwise, non bazel
commits will not work because `/build/` itself will not contain any
crypto libraries to link with
2024-02-02 14:56:55 +00:00
3cf8bc445a
Release 4.4.0
2024-01-17 17:58:57 +01:00
e370083af5
Expose `set_compliance_policy` and `get_ciphers`
2024-01-17 17:57:47 +01:00
0f5731b1d8
Expose SSL_get_error
2024-01-09 16:42:58 +01:00
20f9991c18
Fix support for fips-link-precompiled
...
This feature expects a recent boringssl checkout (such as the one
found in boring-sys/deps/boringssl), so it should not be using
the same bindings as the fips feature, which are based on
boring-sys/deps/boringssl-fips, which is older and with a different
API.
2024-01-08 14:37:55 +01:00
f9dfd2c47e
Release 4.3.0
2024-01-03 19:39:59 +01:00
dfd49f4fef
Introduce X509Flags
...
For now it has a single associated constant, X509Flags::TRUSTED_FIRST.
2024-01-03 19:37:59 +01:00
94457340ac
Move x509 tests to a subdirectory
2024-01-03 19:37:59 +01:00
1321ded678
Rearrange imports in x509 module
2024-01-03 19:37:59 +01:00
3637bfed2f
Introduce HttpsLayer::set_ssl_callback
...
This lets us customize the Ssl of each connection,
like set_callback which lets us customize the ConnectConfiguration
a step earlier.
2024-01-03 15:43:52 +01:00
9b0e422c8d
Don't use self-signed certs in hyper-boring tests
2024-01-03 15:43:52 +01:00
a8dea4a22c
Introduce X509CheckFlags::UNDERSCORE_WILDCARDS
2024-01-02 15:37:36 +01:00
3df405443a
Release 4.2.0
2023-12-14 16:35:54 +01:00
72f4bf5724
Introduce set_custom_verify_callback and set_async_custom_verify_callback
2023-12-14 16:31:09 +01:00
b97446a3c9
Restore rpk feature in tokio-boring
...
It serves no purpose as there is no additional API in tokio-boring when
this feature is enabled, but there is a test gated by it and it can't
be conditionnally enabled only when boring's feature is enabled.
2023-12-14 16:30:49 +01:00
6f5f59d7a9
Remove rpk from hyper docsrs features
...
The feature doesn't exist anymore.
2023-12-14 16:30:49 +01:00
446b65550a
Introduce tokio_boring::SslStreamBuilder
2023-12-14 16:05:09 +01:00
dd281f6ab6
Swap build and run order; always build
2023-12-14 13:25:47 +01:00
Ivan Nikulin