0.12.1

Bug Fixes

• rtr: Corrected the PDU type of the Cache Reset PDU from 7 to 8. (#151)

0.12.0

New

• Added a simple XML writer. (#144)
• Added the ability to create and write the various RRDP files. (#144)
• Add uri::Https::{path, canonical_authority, as_slice}. (#147)

Bug Fixes

• Accept empty <publish> elements in RRDP snapshot and delta files. While publishing empty files doesn’t make all that much sense, the standard formally allows it, so we shouldn’t reject updates because of it. ([#148)]

0.11.1

This release was yanked due to it containing breaking changes.

0.11.0

Breaking

• Restructured content by moving all modules related to processing RPKI repository objects to a new repository module. (#119)
• Introduced features for selecting which parts of the crate are required. For the content previously included, these are: repository for
  processing of RPKI repository objects, rrdp for RRDP support, and serde for adding serde support to repository objects. (#119)
• Restructured handling of rsync URIs: There is now only a single type uri::Rsync for both rsync module URIs and URIs below module level. The type uri::RsyncModule has been dropped. Instead, uri::Rsync now allows access to the URI’s content as a single bytes slice. (#124)
• The rrdp module now provides access to object content via a reader rather then decoding it into a vec. In addition, rrdp::DigestHex has been renamed to the more clear rrdp::Hash and turned into a wrapper around a fixed-size array. (#129)
• SignedObject::process and Roa::process now also return the EE certificate on success. (#131)
• RoaIpAddress and FriendlyRoaIpAddress are now Copy. (#131)
• Upgrade bytes and tokio to 1.0. (#121)
• The minimum required Rust version is now 1.43. (#121)

New

• New module rtr, enabled via the feature rtr that contains what was previously available via the separated rpki-rtr crate. (#120)
• ManifestHash now allows access to its components via the algorithm and as_slice methods. (#126) It also implements Hash, PartialEq, and Eq. (#128)
• DigestAlgorithm instances can now be created for the SHA-256 algorithm and values can be checked whether they in fact represent the SHA-256 algorithm. Values now also provide the associated digest length via the new digest_len method. (#126)
• Certificate and signed object validation (strictly speaking: inspection) now follow OpenSSL’s practice of refusing certificates with mismatching encoding of the signature algorithm inside and outside the signed portion. ([#130])

Bug Fixes

• Validity::from_duration now correctly deals with negative durations. (#131)

0.10.1

New

• resources::AsBlocks::difference and resources::IpBlocks::difference.
  (#138)

0.10.0

Breaking

• crypto::key::PublicKeyFormat has been changed into an enum in order to be able to deal with two different possible public key algorithms. It and crypto::key::PublicKey also received functions to determine whether the algorithms and keys are allowed in regular RPKI certificates or router certificates. (#113)
• The type for RRDP serial numbers has been changed to u64 from usize. This affects the various traits in the rrdp module. (#111)
• crl::CrlStore has been deprecated. The new rules for manifest handling have clarified that there must only ever be one CRL for each CA. The CrlStore was designed to make it easier to deal with cases where there are multiple CRLs and is therefore not necessary any more. (#112)
• The minimum required Rust version is now 1.42. (#108)

New

• cert::Cert can now decode, inspect, and verify BGPSec router certificates. (#113)
• Module rta for handling Resource Tagged Assertions. (#108)
• crypto::DigestAlgorithm::digest_file allows calculating the digest value of an entire file. (#108)
• IpBlock can now be displayed via helper types to select IPv4 or IPv6. (#108)
• SignedObject::process to validate generic signed objects and return their content on success. (#108)
• The various steps in certificate validation are now available as separate methods. (#108)
• New methods:
  • resources::AsBlock::is_whole_range ([#110)]
  • resources::IpBlock::is_slash_zero ([#110)]
  • resources::IpBlocks::contains_block and intersects_block ([#110)]
  • roa::FriendlyRoaIpAddress::prefix and is_v4 ([#110)]

Bug Fixes

• Don’t refuse an rpkiNotify SIA in EE certificates in strict validation mode. The spec is somewhat contradictory on whether they are allowed or now, so we should allow them. (#105)
• Do not include a parameter to the algorithm identifier of the SHA-256 digest algorithm. (#109)

0.9.2

New

• The new method Tal::prefer_https reorders the URIs of a TAL so that the HTTPS URIs appear first. (#106)

0.9.1

New

• Tals can now be created with an explicit name for their TalInfo instead of deriving the name from the path. ([#102)]
• All types from the uri module now have a authority method that provides access to the authority portion of the URI (a.k.a., the hostname). [(#103)]
• All types from the uri module now have a method unshare that causes to value to use its own memory, possibly freeing up the shared memory block they were taken out of earlier and saving memory. [(#103)]

Dependencies

• Update base64 to 0.12. (#101)
• Dropped dependency on unwrap and derive_more. (#101)

0.9.0

Breaking

• The minimum supported Rust version is now 1.40.0. (#96)
• The crate now requires ring 0.16. (#96)

Bug Fixes

• Fix Time::years_from_now to work on February 29. (#95, thanks to @dadepo).

Dependencies

• Upgrade to bytes 0.5 and bcder 0.5. (#99)

0.8.3

Bug Fixes

• Fix an issue in resource range calculation that could result in a range added in parts being encoded in multiple ranges. (#93)