1.14.1

Parsing PEM will now error for PEM sections larger than 256 MB in size, to avoid running out of memory during parsing. The limit was chosen based on historical data from large certificate revocation lists from the web PKI.

What's Changed

• Remove mention of rustls-pemfile from docs by @ranile in #103
• Update ECH reference to RFC9849 by @ctz in #104
• pem: error for sections that are too large by @djc in #106
• Update ECH reference to RFC 9849 by @ctz in #107
• Adjust PEM size limit to account for huge CRLs by @ctz in #108

1.14.0

What's Changed

• Add FipsStatus enum by @djc in #102

1.13.3

Fuse PEM iterators as soon as an IO error is seen. This ensures errors are returned when decoding multiple PEM items from an std::io::Read which permanently returns errors. This includes use of pem_file_iter() and pem_reader_iter() against directories. Fixes #98.

What's Changed

• pem: fuse ReadIter on I/O errors by @djc in #100
• Prepare 1.13.3 by @ctz in #101

Full Changelog: v/1.13.2...v/1.13.3

1.13.2

What's Changed

• Add algorithm id for ECDSA with secp256k1 curve by @mkmks in #96

1.13.1

What's Changed

• Exclude test keys from published package by @weiznich in #92
• Fix docs.rs build by @djc in #94

1.13.0

What's Changed

• Add From<DnsName<'a>> for ServerName<'a> by @stormshield-gt in #82
• Mark all possible functions const by @ctz in #81
• pem: avoid some allocations by @djc in #83
• ci: take updated nightly for cargo-check-external-types by @cpu in #85
• add ed448 support by @stevefan1999-personal in #87
• Add From<[u8; 4]> for Ipv4Addr by @xyzzyz in #90
• 1.13.0: impl Hash for a bunch of types by @ctz in #91

1.12.0

• Implement Zeroize for private key types
• Add algorithm identifiers for ML-DSA signing algorithms

What's Changed

• Add support for the zeroize crate by @jarhodes314 in #71
• rustfmt: style_edition 2024 by @ctz in #74
• Add cargo deny check in CI by @djc in #76
• Add AlgorithmIdentifiers for ML-DSA variants by @djc in #78
• Check external types in public API by @ctz in #80
• Prepare 1.12.0 release by @djc in #79

1.11.0

What's Changed

• feat: add const try_from_str constructor to DnsName type. by @DSharifi in #69
• Move AlgorithmIdentifier values to here from rustls-webpki by @ctz in #67

New Contributors

• @DSharifi made their first contribution in #69

Full Changelog: v/1.10.1...v/1.11.0

1.10.1

Fixed an issue where we failed to read PEM objects from slices without trailing newline. This failed in the PEM decoder introduced in rustls-pki-types 1.9.0 whereas it worked in rustls-pemfile 2.12.0. We now include a test to make sure this case doesn't regress again.

What's Changed

• fix misc. clippy findings by @cpu in #65
• Fix reading PEM from slices without trailing newline by @djc in #66

1.10.0

In 1.9.0 we forgot to implement std::error::Error for the new pem::Error type. Add it.

What's Changed

• Implement std::error::Error for pem::Error by @djc in #63