swift-certificates

SemVer Minor

• Add bridge between Certificate and Security.SecCertificate (#182, patch credit to @aryan-25)

SemVer Patch

• Adds support for including signing time in signedAttrs for CMS signing. (#176, patch credit to @R4N)
• add support for riscv64 (#179, patch credit to @futurejones)
• Add missing import statement for Windows. (#180, patch credit to @p-lenart)

Other Changes

• Update swift-syntax link to swiftlang/swift-syntax (#181, patch credit to @ahoppen)

SemVer Minor

• Allow OneOfPolicies and AllOfPolicies to take throwing policy builders, to match Verifier (#173)

SemVer Patch

• Use case-insensitive comparison when validating cert domain name (#175, patch credit to @baarde)

Other Changes

• Our perf thresholds have changed (#178)

SemVer Minor

• Raise minimum Swift version to 5.8 (#164)
• Add support for validating server hostnames and IP addresses (#171)
• Add OneOfPolicies and AllOfPolicies (#172)

SemVer Patch

• CountryName should be a PrintableString RDNA (#165)
• Fix Sendable warnings from latest main compiler (#166)

Other Changes

• build: add support to vendor dependencies (#158, patch credit to @compnerd)
• Add missing availability guards in tests (#159)
• Remove now-breaking test vector test (#167)
• Make testCertificateDescription independent of system date formatting settings (#170)

SemVer Minor

• Move ExpressibleByArrayLiteral conformance of _TinyArray to the declaring module (#157)

SemVer Patch

• Simplify the internal representation of RDN.Attribute.Value (#156)

SemVer Minor

• Add Expanded CMS Support (#151, patch credit to @davidzech)
• Support loading trust root CAs on Linux (#136)
• Support converting RDNAttribute values into Strings (#154)

Other Changes

• build: simplify build rules (NFC) (#152, patch credit to @compnerd)
• build: support building in Debug mode on Windows (#153, patch credit to @compnerd)
• Add CI pipeline for Swift 5.10 (#145)
• Remove note from README about API instability (#149)
• Align swift-format configuration with other projects (#150)

This fixes failing checkouts on Windows due to a colon in one of the filenames in this repository.

SemVer Patch

• Rename TinyArray.append benchmark (#142)

This is the first major release and marks the time swift-certificates enters API stability! You can learn more about it in the announcement forums post.

SemVer Minor

• Add the diagnosticCallback to CMS.isValidSignature (#135)
• Update to swift-asn1 1.0.0 (#140)

SemVer Patch

• Update allowed swift-crypto version range to 2.5.0..<4.0.0 (#137)

Other Changes

• Fix typos in Sources and Tests (#133, patch credit to @Sajjon)
• Adopt package-benchmark (#125)
• Parse all WebPKI trust roots in Benchmarks (#138)
• Update swift-format to 509.0.0 (#139)
• Remove Xcode specific benchmark documentation (#141)

Thank you very much to everyone who contributed to this release and everyone who tested it!

SemVer Minor

• Added subjectPublicKeyInfoBytes to public keys (#100, patch credit to @Tyler-Keith-Thompson)
• Police uniqueness of Certificate.Extensions (#84)
• Remove the "from parts" Certificate constructor. (#88)
• Police uniqueness of ExtendedKeyUsage (#90)
• Implement remove for RelativeDistinguishedName (#92)
• Implement property setters of NameConstraints (#94)
• Do not allocate for RelativeDistinguishedNames with just a single attribute (#101)
• Use #if canImport(Darwin) where possible (#102)
• Add support for Musl libc (#103)
• Store String in RelativeDistinguishedName.Attribute instead of ASN1Any if possible (#104)
• Conform AuthorityInformationAccess to RangeReplaceableCollection (#105)
• Add integer initialisers on Certificate.SerialNumber (#106)
• Update to swift-asn1 0.10.0 (#107)
• Allow OCSPRequester to fail OCSPVerifierPolicy (#108)
• Add optional diagnostic information to Verifier (#113)
• Add custom String representation to Certificate and related types (#116)
• Adopt apple/swift-format (#121)
• Allow RelativeDistinguishedNameConvertible to fail gracefully (#122)
• Remove deprecated API (#123)
• Add PolicyFailureReason to support lazy failure reason string interpolation (#126)
• Use beta release of swift-asn1 (#131)

SemVer Patch

• Make expiry checking cheaper. (#85)
• We aren't supporting PSS for now. (#93)
• Limit the number elements in Extensions and ExtendedKeyUsage (#95)
• Make hashing a RDN.Attribute.Value.utf8String not allocate (#112)
• Make debugDescription work well as part of a structural display (#115)
• Reject v1 Certificates with extensions (#118)
• Do not count self-issued certificates against maxPathLength (#119)
• Fix preference of root certificates (#127)
• Refactor ASN1UTF8StringView to ASN1TaggedStringView and use it for printable strings (#128)
• Add Certificate.PrivateKey description (#132)

Other Changes

• Actually validate we can parse the signature. (#82)
• [README] Add a leading dot to upToNextMinor (#83)
• Make constructing Dates cheaper (#86)
• Don't rely on having a SEP present (#87)
• Remove unnecessary TODO (#89)
• Setup allocation test framework (#96)
• Add allocation test that parses all WebPKI roots (#97)
• Implement TinyArray (#98)
• Remove unused test key (#109)
• Remove unused import (#110)
• Add Verifier allocation tests (#111)
• Use Certificate.description instead of dump for debugging flaky tests (#117)
• Use valid ASN1ObjectIdentifier in tests with at least two components (#124)

SemVer Minor

• Implement Certificate Signing Request support (#59)
• Add Policy Builder for constructing verifier policies (#79)
• Gracefully fail Extension serialization (#80)

SemVer Patch

• Fix signature construction (#77)

Other Changes

• Fix OCSP serialisation and parsing tests (#81)

SemVer Minor

• Support PEM serialisation and parsing of Certificate, Certificate.PublicKey and Certificate.PrivateKey (#71)

Other Changes

• Fixed various typos in documentation (#73, #74, #75, #75, patch credit to @robo-fish)

SemVer Patch

• Fix windows build (#72, patch credit to @compnerd)

Other Changes

• Fix wrong variable in documentation (#70, patch credit to @LukasReschke)
• Clean up the upToNextMinor (#69)

SemVer Minor

• Fix SecureEnclave issue in cmake build (#67, #68)

SemVer Minor

• Add support for using SecureEnclave.P256 (#55, patch credit to @jschlesser)
• Add support for unwrapping public keys. (#60)
• OCSP soft failure mode (#61)
• Add API to construct a SubjectKeyIdentifier by hashing a Certificate.PublicKey (#64)

SemVer Patch

• Tweak the ECDSA signature representation (#50)
• Fix name constraints parsing (#52)
• Tolerate v1 certs without basic constraints (#53)
• Add SPI support for disabling expiry checking in RFC5280Policy. (#54)
• Fix Sendable warning in OCSPVerifierPolicy.chainMeetsPolicyRequirementsWithoutDeadline (#62)
• Expose a CMSSignature type (#65)

Other Changes

• Documentation - Typos (#56, patch credit to @joey-gm)
• Add docker-compose file for Swift 5.9 (#63)

SemVer Minor

• Follow casing from Swift API Design Guidelines (#46)
• Add support for policing critical extensions (#47)

SemVer Patch

• Add BasicConstraints enforcement to RF5280Policy (#36)
• Add support for handling domain name constraints. (#37)
• Add support for IP address constraints. (#38)
• Update Swift Crypto and fix RSA keys (#39)
• Fix Certificate.SerialNumber.init() (#40)
• Improve our handling of trailing periods. (#41)
• Add support for name constraints on URIs (#42)
• Build OCSP Response certificate chain and verify signature (#43)
• Add directory name constraints. (#44)
• Produce functional NameConstraints (#45)
• Add leeway to the OCSP time verification (#48)

Other Changes

• Parallelise test cases (#49)

Initial 0.1.0 release