0.14.5

Implement SigningKey for &impl SigningKey to make Issuer more broadly useful.

What's Changed

• Forward signing and public key data through references by @djc in #380

0.14.4

What's Changed

• Upgrade botan to 0.12 by @djc in #377
• Upgrade x509-parser to 0.18 by @djc in #376
• Add unstable support for ML-DSA algorithms by @djc in #374

0.14.3

What's Changed

• docs: fix typo in PKCS_RSA_SHA384 doc comment by @Bravo555 in #367
• Fix regression in key usage purpose encoding by @djc in #369

0.14.2

• Add a CertifiedIssuer type (see #363)

What's changed

• Add a CertifiedIssuer by @djc in #363
• Provide a non-owning constructor for Issuer by @p-avital in #362
• Allow access to the CertifiedIssuer's Certificate by @djc in #364

0.14.1

Declare 1.71 rust-version and check MSRV in CI.

What's Changed

• Check MSRV in CI by @djc in #361

0.14.0

0.14.0 contains a number of potentially breaking API changes, though hopefully the rate of API change should slow down after this. Here is a summary of the most noticeable changes you might run into:

• signed_by() methods now take a reference to an &Issuer type that contains both the issuer's relevant certificate parameters and the signing key (see #356). The from_ca_cert_der() and from_ca_cert_pem() constructors that were previously attached to CertificateParams are now attached to Issuer instead, removing a number of documented caveats.
• The RemoteKeyPair trait is now called SigningKey and instead of KeyPair being an enum that contains a Remote variant, that variant has been removed in favor of KeyPair implementing the trait (see #328). To align with this change, the CertifiedKey::key_pair field is now called signing_key, and CertifiedKey is generic over the signing key type.
• The KeyPair::public_key_der() method has moved to PublicKeyData::subject_public_key_info() (see #328).
• Output types like Certificate no longer contain their originating CertificateParams. Instead, signed_by() and self_signed() now take &self, allowing the caller to retain access to the input parameters (see #328). In order to make this possible, Certificate::key_identifier() can now be accessed via CertificateParams directly.
• String types have been moved into a module (see #329).

What's Changed

• Revert impl AsRef issuer by @audunhalland in #325
• Move string types to separate module by @est31 in #329
• Unbundle params from output types by @djc in #328
• Deduplicate Issuer construction by @djc in #332
• Extract write_extensions() method, reducing rightward drift by @djc in #333
• Update 0.12-to-0.13.md by @Alirexaa in #338
• Distribute methods for parsing params elements from x509 by @djc in #336
• Eagerly derive Clone, Copy, where possible by @lvkv in #341
• Updated .gitignore to be more specific by @Rynibami in #342
• Eagerly implemented Debug trait by @Rynibami in #343
• Minor tweaks to Debug impls and other style improvements by @djc in #348
• tests: only test against openssl on Unix by @djc in #350
• Eagerly implemented PartialEq and Eq traits by @Rynibami in #344
• Use Issuer directly in the public API by @djc in #356
• Tweak docstring for PublicKeyData::subject_public_key_info() by @djc in #358

rustls-cert-gen 0.2.0

Adopt rcgen 0.14.0.

0.13.3

This release was yanked due to #324

What's Changed

• Update dependencies by @djc in #305
• Add link to GitHub releases by @djc in #304
• change signature of signed_by to accept &impl AsRef issuer by @audunhalland in #307
• Clarify CertificateParams::signed_by() docs by @djc in #308
• refactor: Generalize csr/crl signed_by to take &impl AsRef issuer by @audunhalland in #312
• Fix: mark SAN as critical when subject is empty by @howardjohn in #311
• Elide private key in KeyPair Debug impl by @lvkv in #314
• derive Debug for non-sensitive struct types by @cpu in #316
• update LICENSE by @jasmyhigh in #318
• Make Certificate cloneable (derive Clone) by @MadLittleMods in #319
• Update dependencies by @djc in #321

0.13.2

Several improvements to the capabilities available when working with certificate signing requests.

What's Changed

• Clarify internal data dependencies for signing APIs by @djc in #269
• error: feature-gate ExternalError by @cpu in #271
• Pass extended key usage parameters when importing CertificateSigningRequestParams by @uglyoldbob in #264
• ci: update cargo-check-external-types toolchain, fix build by @cpu in #276
• Revert "ci: temp. pin nightly to avoid ICE" by @cpu in #277
• Expose algorithm field on PublicKey by @rickvanprim in #281
• Update semver-compatible dependencies by @djc in #283
• crl: avoid markdown footnotes by @cpu in #284
• Disable default features for aws-lc-rs by @daxpedda in #286
• Add KeyUsage support to CSR generation by @lvkv in #287
• Fix compilation issues of OpenSSL tests on 32-bit architectures by @decathorpe in #290
• Enable signing without private key by @djc in #291
• Clarify CSR signing docs by @lvkv in #295
• ci: adjust nightly for cargo-check-external-types by @cpu in #297
• Add PKCS#10 attributes to CSR serializer by @lvkv in #296
• Bump codecov/codecov-action from 4 to 5 by @dependabot in #299
• Update README.md example to match what's in lib.rs by @ghenry in #298
• rcgen: 0.13.1 -> 0.13.2 by @lvkv in #303

0.13.1

Fixed incorrect usage of the subject certificate's parameter's key identifier method when computing the key identifier of the issuer for the subject's authority key identifier (AKI) extension.

What's Changed

• Fix reference in changelog about RSA key generation by @djc in #258
• Set library version for CLI crate by @djc in #257
• cli: add more Cargo metadata by @djc in #259
• examples: sign-leaf-with-ca uses ca key for signing end entity cert by @markdingram in #263
• cert: use key_identifier_method of issuer for AKI by @cpu in #262