Releases: rustls/webpki
0.103.12
This release fixes two bugs in name constraint enforcement:
- GHSA-965h-392x-2mh5: name constraints for URI names were ignored and therefore accepted. URI name constraints are now rejected unconditionally. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.
- GHSA-xgp8-3hg3-c2mh: permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of
accept.example.com,*.example.comcould feasibly allow a name ofreject.example.comwhich is outside the constraint. This is very similar to CVE-2025-61727.
Since name constraints are restrictions on otherwise properly-issued certificates, these bugs are reachable only after signature verification and require misissuance to exploit.
What's Changed
Full Changelog: v/0.103.11...v/0.103.12
0.103.11
djc
Dirkjan Ochtman
In response to #464, we've slightly relaxed requirements for anchor_from_trust_cert() to ignore unknown extensions even if they're marked as critical. This only affects parsing a TrustAnchor from DER, for which most extensions are ignored anyway.
What's Changed
0.103.10
Correct selection of candidate CRLs by Distribution Point and Issuing Distribution Point. If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored.
The impact was that correctly provided CRLs would not be consulted to check revocation. With UnknownStatusPolicy::Deny (the default) this would lead to incorrect but safe Error::UnknownRevocationStatus. With UnknownStatusPolicy::Allow this would lead to inappropriate acceptance of revoked certificates.
This vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.)
More likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential.
This vulnerability is identified by GHSA-pwjx-qhcg-rvj4. Thank you to @1seal for the report.
What's Changed
Full Changelog: v/0.103.9...v/0.103.10
Contributors
Assets 2
0.104.0-alpha.5
Correct selection of candidate CRLs by Distribution Point and Issuing Distribution Point. If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored.
The impact was that correct provided CRLs would not be consulted to check revocation. With UnknownStatusPolicy::Deny (the default) this would lead to incorrect but safe Error::UnknownRevocationStatus. With UnknownStatusPolicy::Allow this would lead to inappropriate acceptance of revoked certificates.
This vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.)
More likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential.
This vulnerability is identified by GHSA-pwjx-qhcg-rvj4. Thank you to @1seal for the report.
What's Changed
- Take semver-compatible dependency updates by @djc in #448
- fix rust 1.94 ambiguous panic macro warnings by @cpu in #449
- avoid std::prelude imports by @cpu in #450
- Take semver-compatible dependency updates by @djc in #451
- Tweak SECURITY.md to provide guidance to sloperators by @djc in #454
- Fix formatting by @ctz in #456
- Take semver-compatible updates by @ctz in #459
- Prepare 0.104.0-alpha.5 by @ctz in #457
Full Changelog: v/0.104.0-alpha.4...v/0.104.0-alpha.5
Contributors
Assets 2
0.104.0-alpha.4
0.104.0-alpha.3
What's Changed
- build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #415
- Skip over issuerUniqueID and subjectUniqueID by @ctz in #419
- Align lints with rustls by @djc in #424
- ci: sync cargo-check-external-types nightly by @cpu in #425
- build(deps): bump taiki-e/cache-cargo-install-action from 2 to 3 by @dependabot[bot] in #430
- tests: port tls_server_certs tests to Rust by @djc in #434
- Tie lifetime of valid_dns_names/valid_uri_names to struct lifetime by @alex in #435
- generate.py: reformat for black 2026.1.0 by @ctz in #438
- tests: port signature tests to Rust by @djc in #440
- tests: group signature tests by algorithm by @djc in #441
- Start basic SCT support by @djc in #423
Full Changelog: v/0.104.0-alpha.2...v/0.104.0-alpha.3
Contributors
Assets 2
0.103.9
0.104.0-alpha.2
What's Changed
- Move verify_signed_data() to SignedData::verify() by @djc in #397
- Correct
OidDecoderoutput; test signature algorithm IDs by @ctz in #401 - impl
Hashfor revocation types by @ctz in #406 - Refactoring of parsing/matching extension identifiers by @ctz in #407
- Add valid_uri_names() method to Cert by @alex in #404
- Prepare 0.104.0-alpha.2 by @ctz in #409
Full Changelog: v/0.104.0-alpha.1...v/0.104.0-alpha.2
Contributors
Assets 2
0.103.8
What's Changed
Full Changelog: v/0.103.7...v/0.103.8
Contributors
Assets 2
0.104.0-alpha.1
djc
Dirkjan Ochtman