Cipher::rc2_cbc and Cipher::rc2_40_cbc.ssl::select_next_proto that allowed a use after free.SslMethod::dtls_client and SslMethod::dtls_server.openssl-macros.SslContextBuilder::load_verify_locations.Hasher::squeeze_xof.SslContextBuilder::set_alpn_select_callback support for boringssl.argon2idMdCtxRef::digest_verify_final could leave an error on the stack.RsaRef::check_key could leave an errror on the stack.openssl is now a 2021 edition crateCargo.tomlMemBio::get_buf when the resulting buffer had a length of 0.MessageDigest::from_nid, Md::from_nid, Md::fetchSslContextBuilder::set_keylog_callback on BoringSSLPkeyCtxRef::{nonce_type, set_nonce_type}.X509Ref::alias.Pkcs7Ref::{type_,signed}.Pkcs7SignedRef::certificates.Cipher::{aes_256_xts,des_ede3_ecb,des_ede3_cfb8,des_ede3_ofb,camellia128_ofb,camellia192_ofb,camellia256_ofb,cast5_ofb,idea_ofb}PKey::from_dhxPKey::{public_key_from_pem_passphrase,public_key_from_pem_callback}.Cipher::aes_128_ofb is now available on BoringSSLNid::{BRAINPOOL_P256R1,BRAINPOOL_P320R1,BRAINPOOL_P384R1,BRAINPOOL_P512R1} are now available on LibreSSL.Nid::BRAINPOOL_P320R1rand_priv_bytesSslStream now uses SSL_read_ex, SSL_write_ex, and SSL_peek_ex when availableSslStream::{read_uninit, ssl_read_uninit}.X509StoreRef::objects. It is unsound. All callers should migrate to using X509StoreRef::all_certificates instead.SslContextBuilder::set_ex_data and SslRef::set_ex_data multiple times with the same index.X509StoreRef::all_certificatescipher::Cipher::{camellia128_cbc,camellia192_cbc,camellia256_cbc,cast5_cbc,idea_cbc}symm::Cipher::{des_ede3_ecb,des_ede3_cfb8,des_ede3_ofb,camellia_128_ecb,camellia_128_ofb,camellia_128_cfb128,camellia_192_ecb,camellia_192_ofb,camellia_192_cfb128,camellia_256_ecb,camellia_256_ofb,camellia_256_cfb128,cast5_ecb,cast5_ofb,cast5_cfb64,idea_ecb,idea_ofb,idea_cfb64}Crypter::update_uncheckedSslRef::{peer_tmp_key,tmp_key}cipher::Cipher::chacha20 is now available on LibreSSLsymm::Cipher::chacha20 is now available on LibreSSLNid::CHACHA20_POLY1305Id::RSA_PSS on OpenSSLId::{RSA_PSS,DHX} constantsSslContextBuilder::set_security_levelSslContextRef::security_levelSslRef::set_security_level, SslRef::security_levelCipher::{camellia_128_cbc, camellia_192_cbc, camellia_256_cbc, cast5_cbc, idea_cbc}X509CrlRef::extensionX509PurposeId::CODE_SIGNPkey HKDF functionality now works on LibreSSLBigNum::mod_sqrt is now available on all OpenSSLsMessageDigest::sha3* are now available on LibreSSLX509VerifyParam::set_emailCipher::chacha20_poly1305 is now available on LibreSSLCipherCtx::copybitflags dependecy to the 2.x seriesBigNumRef::mod_sqrt.PkeyCtxRef::set_signature_md and PkeyCtxRef::set_rsa_pss_saltlen.PkeyCtxRef::verify_recover_init and PkeyCtxRef::verify_recover.BigNumRef::is_even and BigNumRef::is_odd.EcPointRef::to_hex_str and EcPoint::from_hex_str.OPENSSL_NO_OCB.X509VerifyParamRef::set_host when called with an empty string.Deriver::set_peer_ex.EcGroupRef::asn1_flag.EcPointRef::affine_coordinates on BoringSSL and LibreSSL.Nid::SM2 and Id::SM2PKey::private_key_to_pkcs8_passphrase no longer panics if a passphrase contains a NUL byte.Dsa::from_pqg, Dsa::generate_key, and Dsa::generate_params.SslRef::bytes_to_cipher_list.SubjectAlternativeName::other_name2DhRef::check_key.Id::POLY1305.X509Ref::subject_key_id, X509Ref::authority_key_id, X509Ref::authority_issuer, and X509Ref::authority_serial.X509RevokedRef::issuer_name and X509RevokedRef::reason_code.Dh::set_key and Dh::set_public_keyAsn1OctetString and Asn1OctetStringRef1X509Extension::new_from_derX509Extension::new and X509Extension::new_nid in favor of X509Extension::new_from_der and the extensions module.X509Extension::add_alias, it is not required with new_from_der or the extensions module.CipherCtxRef::cipher_update_inplace.SslConnector no longer sets the SNI extension when connecting to an IP address.Ord, PartialOrd, Eq, and PartialEq for Asn1Integer and Asn1IntegerRef.X509Ref::crl_distribution_points, and DistPoint.x509::extension::SubjectAlternativeName and x509::extension::ExtendedKeyUsage. The mini-language can read arbitrary files amongst other things.SubjectAlternativeName::dir_name and SubjectAlternativeName::other_name are deprecated and their implementations always panic!. If you have a use case for these, please file an issue.x509::X509Extension::new and x509::X509Extension::new_nid. Note that these methods still accept OpenSSL's configuration mini-language, and therefore should not be used with untrusted data.x509::X509Name that are created with x509::X509NameBuilder and then used concurrently.Error::library_code and Error::reason_code.no-cast.GeneralName.PKcs12Ref::parse in favor of Pkcs12Ref::parse2.ParsedPkcs12 in favor of ParsedPkcs12_2.Pkcs12Builder::build in favor of Pkcs12Builder::build2.X509VerifyParamRef::set_auth_level, X509VerifyParamRef::auth_level, and X509VerifyParamRef::set_purpose.X509PurposeId and X509Purpose.X509NameBuilder::append_entry.PKeyRef::private_key_to_pkcs8.X509LookupRef::load_crl_file.Pkcs12Builder::name, Pkcs12Builder::pkey, and Pkcs12Builder::cert.SslRef::set_method, SslRef::set_private_key_file, SslRef::set_private_key, SslRef::set_certificate, SslRef::set_certificate_chain_file, SslRef::add_client_ca, SslRef::set_client_ca_list, SslRef::set_min_proto_version, SslREf::set_max_proto_version, SslRef::set_ciphersuites, SslRef::set_cipher_list, SslRef::set_verify_cert_store.X509NameRef::to_owned.SslContextBuilder::set_num_tickets, SslContextRef::num_tickets, SslRef::set_num_tickets, and SslRef::num_tickets.CmsContentInfo::verify.CipherCtxRef::minimal_output_size method, which did not work properly.NO_DEPRECATED_3_0 cfg checks for more APIs.SslRef::add_chain_cert.PKeyRef::security_bits.Provider::set_default_search_path.CipherCtxRef::cipher_final_unchecked.CipherCtxRef::num, CipherCtxRef::minimal_output_size, and CipherCtxRef::cipher_update_unchecked.CipherCtxRef::cipher_update.X509Lookup::file and X509LookupRef::load_cert_file.Nid::BRAINPOOL_P256R1, Nid::BRAINPOOL_P384R1, Nid::BRAINPOOL_P512R1.BigNumRef::copy_from_slice.Cipher constructors for Camellia, CAST5, and IDEA ciphers.DsaSig.X509StoreBuilderRef::set_param.X509VerifyParam::new, X509VerifyParamRef::set_time, and X509VerifyParamRef::set_depth.SslRef::psk_identity_hint and SslRef::psk_identity.Nid.SslOptions::PRIORITIZE_CHACHA.X509ReqRef::to_text.MdCtxRef::size.X509NameRef::try_cmp.MdCtxRef::reset.MdCtxRef::digest_verify_init to support PKeys with only public components.Error::function and Error::file with OpenSSL 3.x.MessageDigest::block_size and MdRef::block_size.Ord and Eq for X509 and X509Ref.X509Extension::add_alias.EcGroup::from_components EcGropuRef::set_generator, and EcPointRef::set_affine_coordinates_gfp.SslContextBuilder::set_tmp_ecdh_callback and SslRef::set_tmp_ecdh_callback.SslRef::extms_support.Nid::create.CipherCtx, which exposes a more direct interface to EVP_CIPHER_CTX.PkeyCtx, which exposes a more direct interface to EVP_PKEY_CTX.MdCtx, which exposes a more direct interface to EVP_MD_CTX.Pkcs12Builder::mac_md.Provider.X509Ref::issuer_name_hash.Decrypter::set_rsa_oaep_label.X509Ref::to_text.Pkey::ec_gen.no-chacha.BigNumRef::to_vec_padded.X509Name::from_der and X509NameRef::to_der.BigNum::new_secure, BigNumReef::set_const_time, BigNumref::is_const_time, and BigNumRef::is_secure.Asn1Object::as_slice.PKeyRef::{raw_public_key, raw_private_key, private_key_to_pkcs8_passphrase} and PKey::{private_key_from_raw_bytes, public_key_from_raw_bytes}.Cipher::{seed_cbc, seed_cfb128, seed_ecb, seed_ofb}.Deriver.SslStream::peek.Dh::set_private_key and DhRef::private_key.EcPointRef::affine_coordinates.TryFrom implementations to convert between PKey and specific key types.X509StoreBuilderRef::set_flags.Dh::generate_params now uses DH_generate_params_ex rather than the deprecated DH_generated_params function.Asn1Type.CmsContentInfoRef::decrypt_without_cert_check.EcPointRef::{is_infinity, is_on_curve}.Encrypter::set_rsa_oaep_label.MessageDigest::sm3.Pkcs7Ref::signers.Cipher::nid.X509Ref::authority_info and AccessDescription::{method, location}.X509NameBuilder::{append_entry_by_text_with_type, append_entry_by_nid_with_type}.Ssl::new to take a &SslContextRef rather than &SslContext.encrypt module to support asymmetric encryption and decryption with PKeys.MessageDigest::from_name.ConnectConfiguration::into_ssl.SslStreams directly from an Ssl and transport stream without performing any part of the handshake with SslStream::new.SslStream::{read_early_data, write_early_data, connect, accept, do_handshake, stateless}.ToOwned for SslContextRef.SslRef::{set_connect_state, set_accept_state}.SslStream::from_raw_parts in favor of Ssl::from_ptr and SslStream::new.SslStreamBuilder in favor of methods on Ssl and SslStream.Asn1Object::from_str.Dh::from_pgq, DhRef::prime_p, DhRef::prime_q, DhRef::generator, DhRef::generate_params, DhRef::generate_key, DhRef::public_key, and DhRef::compute_key.Pkcs7::from_der and Pkcs7Ref::to_der.Id::X25519, Id::X448, PKey::generate_x25519, and PKey::generate_x448.SrtpProfileId::SRTP_AEAD_AES_128_GCM and SrtpProfileId::SRTP_AEAD_AES_256_GCM.SslContextBuilder::verify_param and SslContextBuilder::verify_param_mut.X509Ref::subject_name_hash and X509Ref::version.X509StoreBuilderRef::add_lookup, and the X509Lookup type.X509VerifyFlags, X509VerifyParamRef::set_flags, X509VerifyParamRef::clear_flags X509VerifyParamRef::get_flags.DsaRef::private_key_to_pem can no longer be called without a private key.Debug implementations of many types.is_empty implementations for Asn1StringRef and Asn1BitStringRef.EcPointRef::{to_pem, to_dir} and EcKeyRef::{public_key_from_pem, public_key_from_der}.Default implementations for many types.Debug implementations for many types.SslStream::from_raw_parts.SslRef::set_mtu.Cipher::{aes_128_ocb, aes_192_ocb, aes_256_ocb}.SslStreamBuilder::set_dtls_mtu_size in favor of SslRef::set_mtu.X509Builder::append_extension.SslConnector::into_context and SslConnector::context.SslAcceptor::into_context and SslAcceptor::context.SslMethod::tls_client and SslMethod::tls_server.SslContextBuilder::set_cert_store.SslContextRef::verify_mode and SslRef::verify_mode.SslRef::is_init_finished.X509Object.X509StoreRef::objects.Signer::sign_oneshot and Verifier::verify_oneshot. This is unfortunately a breaking change, but a necessary soundness fix.MessageDigest::null.PKey::private_key_from_pkcs8.SslOptions::NO_RENEGOTIATION.SslStreamBuilder::set_dtls_mtu_size.envelope::{Seal, Unseal}.Asn1TimeRef::{diff, compare}.Asn1Time::from_unix.PartialEq and PartialOrd implementations for Asn1Time and Asn1TimeRef.base64::{encode_block, decode_block}.EcGroupRef::order_bits.Clone implementations for Sha1, Sha224, Sha256, Sha384, and Sha512.SslContextBuilder::{set_sigalgs_list, set_groups_list}.EcdsaSig::from_private_components when using OpenSSL 1.0.x.ToOwned for PKeyRef and Clone for PKey.SSL_set_app_data.aes::{wrap_key, unwrap_key}.CmsContentInfoRef::to_pem and CmsContentInfo::from_pem.DsaRef::private_key_to_pem.EcGroupRef::{cofactor, generator}.EcPointRef::to_owned.Debug implementation for EcKey.SslAcceptor::{mozilla_intermediate_v5, mozilla_modern_v5}.Cipher::{aes_128_ofb, aes_192_ecb, aes_192_cbc, aes_192_ctr, aes_192_cfb1, aes_192_cfb128, aes_192_cfb8, aes_192_gcm, aes_192_ccm, aes_192_ofb, aes_256_ofb}.Ssl's context is replaced.SslContextBuilder::add_client_ca.Crypter when using stream ciphers.PkeyRef::size.CmsContentInfo::from_der and CmsContentInfo::encrypt.X509Ref::verify and X509ReqRef::verify.PartialEq and Eq for MessageDigest.MessageDigest::type_ and EcGroupRef::curve_name.ERR_PACK to openssl-sys.ERR_* functions in openssl-sys are const functions when building against newer Rust versions.Clone for Dsa.SslContextRef::add_session and SslContextRef::remove_session.SslSessionRef::time, SslSessionRef::timeout, and SslSessionRef::protocol_version.SslContextBuilder::set_session_cache_size and SslContextRef::session_cache_size.ssl::cipher_name.AsRef<str> and AsRef<[u8]> for OpenSslString.Asn1Integer::from_bn.RsaRef::check_key.Asn1Time::from_str and Asn1Time::from_str_x509.Rsa::generate_with_e.Cipher::des_ede3_cfb64.SslCipherRef::standard_name and ssl::cipher_name.MessageDigest.rand::keep_random_devices_open.DoubleEndedIterator for stack iterators.vendored feature has been upgraded from 1.1.0 to 1.1.1.SslContextBuilder::set_get_session_callback API.SslContextBuilder::set_client_hello_callback.EcdsaSig::from_der and EcdsaSig::to_der.SslRef::get_shutdown and SslRef::set_shutdown.vendored cargo feature will cause openssl-sys to compile and statically link to a vendored copy of OpenSSL.SslContextBuilder::set_psk_server_callback.DsaRef::pub_key and DsaRef::priv_key.Dsa::from_private_components and Dsa::from_public_components.X509NameRef::entries.SslContextBuilder::set_psk_callback has been renamed to SslContextBuilder::set_psk_client_callback and deprecated.SslRef::set_alpn_protos.SslContextBuilder::set_ciphersuites.CmsContentInfo::sign.SslRef::servername now returns None rather than panicking on a non-UTF8 name.MessageDigest::from_nid.Nid::signature_algorithms, Nid::long_name, and Nid::short_name.SslRef::verified_chain.SslRef::servername_raw which returns a &[u8] rather than &str.SslRef::finished and SslRef::peer_finished.X509Ref::digest to replace X509Ref::fingerprint.X509StoreBuilder and X509Store now implement Sync and Send.X509Ref::fingerprint has been deprecated in favor of X509Ref::digest.openssl-sys will now detect Homebrew-installed OpenSSL when installed to a non-default directory.X509_V_ERR_INVALID_CALL, X509_V_ERR_STORE_LOOKUP, and X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION constants in openssl-sys are now only present when building against 1.1.0g and up rather than 1.1.0.SslContextBuilder::max_proto_version and SslContextBuilder::min_proto_version are only present when building against 1.1.0g and up rather than 1.1.0.CmsContentInfo::sign.Clone and ToOwned implementations to Rsa and RsaRef respectively.min_proto_version and max_proto_version methods are available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.X509VerifyParam is available when linking against LibreSSL 2.6.1 and up in addition to OpenSSL.Stack and StackRef are now Sync and Send.X509Req::public_key and X509Req::extensions.RsaPrivateKeyBuilder to allow control over initialization of optional components of an RSA private key.SslSession.DEP_OPENSSL_VERSION_NUMBER and DEP_OPENSSL_LIBRESSL_VERSION_NUMBER environment variables to downstream build scripts which contains the hex-encoded version number of the OpenSSL or LibreSSL distribution being built against. The other variables are deprecated.SslOptions::ENABLE_MIDDLEBOX_COMPAT.Sync and Send implementations.PKeyRef::id.Padding::PKCS1_PSS.Signer::set_rsa_pss_saltlen, Signer::set_rsa_mgf1_md, Signer::set_rsa_pss_saltlen, and Signer::set_rsa_mgf1_mdX509StoreContextRef::verify to directly verify certificates.EcKey::from_private_components.X509Ref::serial_number.Asn1IntegerRef::to_bn.PKey::private_key_from_der to return a PKey<Private> rather than a PKey<Public>. This is technically a breaking change but the function was pretty useless previously.X509CheckFlags::FLAG_NO_WILDCARDS has been renamed to X509CheckFlags::NO_WILDCARDS and the old name deprecated.ErrorStack's Display implementation no longer writes an empty string if it contains no errors.SslRef::version2.Cipher::des_ede3_cbc.SslRef::export_keying_material.Error or ErrorStack back onto OpenSSL's error stack. Various callback bindings use this to propagate errors properly.SslContextBuilder::set_cookie_generate_cb and SslContextBuilder::set_cookie_verify_cb.SslContextBuilder::set_max_proto_version, SslContextBuilder::set_min_proto_version, SslContextBuilder::max_proto_version, and SslContextBuilder::min_proto_version.SslConnector‘s default cipher list to match Python’s.SslRef::version has been deprecated. Use SslRef::version_str instead.Rsa::public_key_from_pem_pkcs1.SslOptions::NO_TLSV1_3. (OpenSSL 1.1.1 only)SslVersion.SslSessionCacheMode and SslContextBuilder::set_session_cache_mode.SslContextBuilder::set_new_session_callback, SslContextBuilder::set_remove_session_callback, and SslContextBuilder::set_get_session_callback.SslContextBuilder::set_keylog_callback. (OpenSSL 1.1.1 only)SslRef::client_random and SslRef::server_random. (OpenSSL 1.1.0+ only)SslAcceptorBuilder::mozilla_modern constructor now disables TLSv1.0 and TLSv1.1 in accordance with Mozilla's recommendations.GeneralName accessors for rfc822Name and uri variants.X509StoreBuilder::add_cert.ConnectConfiguration::set_use_server_name_indication and ConnectConfiguration::set_verify_hostname for use in contexts where you don't have ownership of the ConnectConfiguration.From<ErrorStack> for ssl::Error implementation.ssl::select_next_proto function can be used to easily implement the ALPN selection callback in a “standard” way.fips module.X509VerifyResult can now be set in the certificate verification callback via X509StoreContextRef::set_error.All constants have been moved to associated constants of their type. For example, bn::MSB_ONE is now bn::MsbOption::ONE.
Asymmetric key types are now parameterized over what they contain. In OpenSSL, the same type is used for key parameters, public keys, and private keys. Unfortunately, some APIs simply assume that certain components are present and will segfault trying to use things that aren't there.
The pkey module contains new tag types named Params, Public, and Private, and the Dh, Dsa, EcKey, Rsa, and PKey have a type parameter set to one of those values. This allows the Signer constructor to indicate that it requires a private key at compile time for example. Previously, Signer would simply segfault if provided a key without private components.
ALPN support has been changed to more directly model OpenSSL's own APIs. Instead of a single method used for both the server and client sides which performed everything automatically, the SslContextBuilder::set_alpn_protos and SslContextBuilder::set_alpn_select_callback handle the client and server sides respectively.
SslConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication has been removed in favor of new methods which provide more control. The ConnectConfiguration::use_server_name_indication method controls the use of Server Name Indication (SNI), and the ConnectConfiguration::verify_hostname method controls the use of hostname verification. These can be controlled independently, and if both are disabled, the domain argument to ConnectConfiguration::connect is ignored.
Shared secret derivation is now handled by the new derive::Deriver type rather than pkey::PKeyContext, which has been removed.
ssl::Error is now no longer an enum, and provides more direct access to the relevant state.
SslConnectorBuilder::new has been moved and renamed to SslConnector::builder.
SslAcceptorBuilder::mozilla_intermediate and SslAcceptorBuilder::mozilla_modern have been moved to SslAcceptor and no longer take the private key and certificate chain. Install those manually after creating the builder.
X509VerifyError is now X509VerifyResult and can now have the “ok” value in addition to error values.
x509::X509FileType is now ssl::SslFiletype.
Asymmetric key serialization and deserialization methods now document the formats that they correspond to, and some have been renamed to better indicate that.
SslRef::compression has been removed.ssl::SslOptions flags have been removed as they no longer do anything.Look at the release tags for information about older releases.