What's Changed

• Fix incorrect identifier for ML-DSA signature algorithms by @DarkmatterVale in #412
• Upgrade yasna to 0.6 by @djc in #419
• Add support for is_ca in CSR Params by @5Dev24 in #420
• Add support for serializing BasicConstraints in CSR's by @5Dev24 in #422
• update key_pair to signing_key in README.md by @fakelozic in #427
• Fix encoding of directoryName constraints by @sfackler in #429

Contributors

• @djc
• @sfackler
• @DarkmatterVale
• @5Dev24
• @fakelozic

What's Changed

• Implement From<KeyPair> for PrivateKeyDer<'static> by @LebedevRI in #403
• update copyright year in LICENSE by @jasmyhigh in #407
• Add P521-SHA256 and P521-SHA384 signing algorithms by @djc in #408

Contributors

• @LebedevRI
• @djc
• @jasmyhigh

What's Changed

• Use private cfg for docs.rs-like builds by @ctz in #384
• Expand rustdoc for CertificateSigningRequestParams::from_der by @dwhjames in #386
• Group imports by @iamjpotts in #381
• examples: add signing new cert using existing ca pem files by @iamjpotts in #379
• Tweak CSR parsing errors/documentation by @djc in #390
• Rename invalid CSR signature error variant by @djc in #393
• chore: fix some typos in comments by @black5box in #395
• ci: sync cargo-check-external-types nightly by @cpu in #399
• Forward selected crypto backend to x509-parser by @djc in #398

Contributors

• @djc
• @cpu
• @dwhjames
• @ctz
• @iamjpotts
• @black5box

Implement SigningKey for &impl SigningKey to make Issuer more broadly useful.

What's Changed

• Forward signing and public key data through references by @djc in #380

Contributors

• @djc

What's Changed

• Upgrade botan to 0.12 by @djc in #377
• Upgrade x509-parser to 0.18 by @djc in #376
• Add unstable support for ML-DSA algorithms by @djc in #374

Contributors

• @djc

What's Changed

• docs: fix typo in PKCS_RSA_SHA384 doc comment by @Bravo555 in #367
• Fix regression in key usage purpose encoding by @djc in #369

Contributors

• @djc
• @Bravo555

• Add a CertifiedIssuer type (see #363)

What's changed

• Add a CertifiedIssuer by @djc in #363
• Provide a non-owning constructor for Issuer by @p-avital in #362
• Allow access to the CertifiedIssuer's Certificate by @djc in #364

Contributors

• @djc
• @p-avital

Declare 1.71 rust-version and check MSRV in CI.

What's Changed

• Check MSRV in CI by @djc in #361

Contributors

• @djc

0.14.0 contains a number of potentially breaking API changes, though hopefully the rate of API change should slow down after this. Here is a summary of the most noticeable changes you might run into:

• signed_by() methods now take a reference to an &Issuer type that contains both the issuer's relevant certificate parameters and the signing key (see #356). The from_ca_cert_der() and from_ca_cert_pem() constructors that were previously attached to CertificateParams are now attached to Issuer instead, removing a number of documented caveats.
• The RemoteKeyPair trait is now called SigningKey and instead of KeyPair being an enum that contains a Remote variant, that variant has been removed in favor of KeyPair implementing the trait (see #328). To align with this change, the CertifiedKey::key_pair field is now called signing_key, and CertifiedKey is generic over the signing key type.
• The KeyPair::public_key_der() method has moved to PublicKeyData::subject_public_key_info() (see #328).
• Output types like Certificate no longer contain their originating CertificateParams. Instead, signed_by() and self_signed() now take &self, allowing the caller to retain access to the input parameters (see #328). In order to make this possible, Certificate::key_identifier() can now be accessed via CertificateParams directly.
• String types have been moved into a module (see #329).

What's Changed

• Revert impl AsRef issuer by @audunhalland in #325
• Move string types to separate module by @est31 in #329
• Unbundle params from output types by @djc in #328
• Deduplicate Issuer construction by @djc in #332
• Extract write_extensions() method, reducing rightward drift by @djc in #333
• Update 0.12-to-0.13.md by @Alirexaa in #338
• Distribute methods for parsing params elements from x509 by @djc in #336
• Eagerly derive Clone, Copy, where possible by @lvkv in #341
• Updated .gitignore to be more specific by @Rynibami in #342
• Eagerly implemented Debug trait by @Rynibami in #343
• Minor tweaks to Debug impls and other style improvements by @djc in #348
• tests: only test against openssl on Unix by @djc in #350
• Eagerly implemented PartialEq and Eq traits by @Rynibami in #344
• Use Issuer directly in the public API by @djc in #356
• Tweak docstring for PublicKeyData::subject_public_key_info() by @djc in #358

Contributors

• @djc
• @audunhalland
• @est31
• @lvkv
• @Rynibami
• @Alirexaa

Adopt rcgen 0.14.0.