0.23.5
- This release corrects a denial-of-service condition in
rustls::ConnectionCommon::complete_io()
, reachable via network input. If aclose_notify
alert is received during a handshake,complete_io()
did not terminate. Callers which do not callcomplete_io()
are not affected. - Add an API (
handshake_kind()
) for learning whether a handshake was resumed or not. no-std
support has been extended, allowing use ofLimitedCache
,ResolvesServerCertUsingSni
,ServerSessionMemoryCache
,ClientSessionStore
,TicketSwitcher
and the aws-lc-rs/ringTicketer
when thehashbrown
feature is enabled and a compatibleno-std
Mutex
implementation provided.- The server name indication (SNI) client extension is now ignored when it contains an out-of-specification IP address value.
What's Changed
- Cargo.lock: update semver compatible deps by @cpu in #1874
- quic: make Suite Copy by @djc in #1879
- no-std support phase II by @pvdrz in #1688
- Relax
server_name
extension validation by @ctz in #1881 - Correct references to
VerifierBuilderError
by @ctz in #1884 - connect-tests: ignore rsa8192.badssl.com by @cpu in #1886
- deps: update semver compatible deps by @cpu in #1885
- deps: aws-lc-rs 1.6.2 -> 1.6.4 by @cpu in #1888
- build(deps): bump h2 from 0.3.24 to 0.3.26 by @dependabot in #1889
- deps: update cargo semver compatible deps by @cpu in #1892
- replace build-a-pki.sh with Rust+rcgen, rcgen 0.13 by @cpu in #1852
- docs: update ROADMAP post-quantum kex item by @cpu in #1894
- deps: update cargo semver compatible deps by @cpu in #1897
- Expose connection resumption details by @ctz in #1899
- Return
Option
fromhandshake_kind()
by @ctz in #1900 - docs: update SECURITY example by @cpu in #1903
- Correct
complete_io
behaviour whenclose_notify
alert is received by @ctz in #1905
Full Changelog: v/0.23.4...v/0.23.5