0.23.5

• This release corrects a denial-of-service condition in rustls::ConnectionCommon::complete_io(), reachable via network input. If a close_notify alert is received during a handshake, complete_io() did not terminate. Callers which do not call complete_io() are not affected.
• Add an API (handshake_kind()) for learning whether a handshake was resumed or not.
• no-std support has been extended, allowing use of LimitedCache, ResolvesServerCertUsingSni, ServerSessionMemoryCache, ClientSessionStore, TicketSwitcher and the aws-lc-rs/ring Ticketer when the hashbrown feature is enabled and a compatible no-std Mutex implementation provided.
• The server name indication (SNI) client extension is now ignored when it contains an out-of-specification IP address value.

What's Changed

• Cargo.lock: update semver compatible deps by @cpu in #1874
• quic: make Suite Copy by @djc in #1879
• no-std support phase II by @pvdrz in #1688
• Relax server_name extension validation by @ctz in #1881
• Correct references to VerifierBuilderError by @ctz in #1884
• connect-tests: ignore rsa8192.badssl.com by @cpu in #1886
• deps: update semver compatible deps by @cpu in #1885
• deps: aws-lc-rs 1.6.2 -> 1.6.4 by @cpu in #1888
• build(deps): bump h2 from 0.3.24 to 0.3.26 by @dependabot in #1889
• deps: update cargo semver compatible deps by @cpu in #1892
• replace build-a-pki.sh with Rust+rcgen, rcgen 0.13 by @cpu in #1852
• docs: update ROADMAP post-quantum kex item by @cpu in #1894
• deps: update cargo semver compatible deps by @cpu in #1897
• Expose connection resumption details by @ctz in #1899
• Return Option from handshake_kind() by @ctz in #1900
• docs: update SECURITY example by @cpu in #1903
• Correct complete_io behaviour when close_notify alert is received by @ctz in #1905

Full Changelog: v/0.23.4...v/0.23.5