Fix #2825 by allowing P256+SHA512 and P384-SHA512 signatures in certificate chains.

What's Changed

• 0.23.36: Support P256+SHA512 and P384+SHA512 signatures in certificates by @ctz in #2828

Full Changelog: v/0.23.35...v/0.23.36

There was a regression in 0.23.23 and later where an empty value passed in ConfigBuilder::with_single_cert_with_ocsp() resulted in sending an empty OCSP value (instead of not sending anything). Thanks to @vuongDang for reporting and fixing.

What's Changed

• Backport empty OCSP fix for 0.23.35 by @djc in #2734

Fix docs.rs build after doc_auto_cfg stabilization.

What's Changed

• Privatise docsrs cfg flag by @cpu in #2718

• New feature: foundational support for QUIC multipath draft - #2706 thanks to @flub and @divagant-martian
• Bug fix: avoid long-running TLS1.3 connections from eventually failing with PeerMisbehaved::TooManyKeyUpdateRequests - #2709

What's Changed

• Support encryption for QUIC multipath by @flub in #2706
• Prepare 0.23.33 by @ctz in #2711

New Contributors

• @flub made their first contribution in #2706

Full Changelog: v/0.23.32...v/0.23.33

Support using ML-DSA keys for signing when the aws-lc-rs-unstable feature is enabled.

What's Changed

• ML-DSA signing keys by @djc in #2579

New feature: support verification of P256+SHA512 and P384-SHA512 ECDSA signatures with aws-lc-rs. This is not a recommended combination, but such signatures exist in the wild. Fixes #2661 and #2477.

What's Changed

• Fix docs link errors by @ctz in #2590
• Prepare 0.23.32 by @ctz in #2663

Full Changelog: v/0.23.31...v/0.23.32

• Fixes #2584 -- complete_io() not making progress when used with non-blocking IO. This was a regression in 0.23.30 (now yanked).

What's Changed

• Prepare 0.23.31 by @ctz in #2587

Full Changelog: v/0.23.30...v/0.23.31

• Fixes a bug with the unbuffered connection API that could result in deframing junk data after a close notify alert was received.
• Updates Connection::complete_io() to yield a WouldBlock error when both read/write operations are blocked.

What's Changed

• Clarify the ambiguous process-level CryptoProvider error by @cpu in #2561
• 0.23: cherry-pick of fixes to complete_io() with non-blocking transport by @ctz in #2578
• sign: make public_key_to_spki() public by @djc in #2580
• 0.23.30 release prep & 2575 backport by @cpu in #2576

Full Changelog: v/0.23.29...v/0.23.30

Add unstable support for verifying experimental post-quantum ML-DSA signature schemes.

What's Changed

• post-quantum: add unstable ML-DSA support by @djc in #2550

• Improved errors for invalid signature algorithms; added variants to both CertificateError and CertRevocationError to replace the UnsupportedSignatureAlgorithm variant (now deprecated) in order to provide more context.
• Improved extension representation to increase handshake efficiency.

What's Changed

• Delete unusable no-std ticketer code by @ctz in #2500
• Support _ABSENT_PARAMS PKCS#1 signature algorithms by @ctz in #2505
• Rework representation of extensions in ClientHello by @ctz in #2502
• Rework representation of extensions in server messages by @ctz in #2508
• Reduce small Vec<Enum> uses in extensions by @ctz in #2509
• client: refactor in preparation for PSK support by @djc in #2516
• client: pass all of ClientHelloInput into tls12 handle_server_hello() by @djc in #2518
• client: refactor client handshake some more by @djc in #2521
• Simplify the simpleserver example by using rustls::Stream by @Ten0 in #2522
• Add SignatureSchemes for ML-DSA by @djc in #2532
• add From<Arc<CertifiedKey>> for SingleCertAndKey by @stormshield-gt in #2535
• Memoise computation of empty hash by @ctz in #2538
• Correct calculation of ServerHello ECH confirmation by @ctz in #2545
• Improve compactness of Debug impl for extensions by @ctz in #2546
• Do not retain master secret during terminal key schedule state by @ctz in #2540
• Adopt webpki 0.103.4 by @djc in #2531