Skip to content

Releases: trailofbits/rfc3161-client

v1.0.6

08 Apr 14:10
@DarkaMaul DarkaMaul
Immutable release. Only release title and notes can be modified.
v1.0.6
4ca88c2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.6 Latest
Latest

[1.0.6] - 2026-04-08

Fixed

  • Fixed a bug where the verification incorrectly picked the leaf certificate. This
    allowed an attacker who could modify a timestamp response to make a
    legitimately-signed timestamp from TSA-A pass verification as if it came from
    TSA-B.
Assets 3
Loading

v1.0.5

23 Sep 10:43
@facutuesca facutuesca
v1.0.5
9b90ecf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.5

[1.0.5] - 2025-09-23

Changed

  • Bump pyca/cryptography dependency upper bound to version 47
Loading

v1.0.4

11 Aug 09:02
@facutuesca facutuesca
v1.0.4
c0619c7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.4

[1.0.4] - 2025-08-11

Changed

  • Timestamps are now verified with the timestamp time as reference time like the RFC
    says: this means that the certificate chain no longer needs to be valid at current
    time, it is enough for it to have been valid at timestamp time
    (#174)
Loading

v1.0.3

20 Jun 15:58
@woodruffw woodruffw
v1.0.3
a9a5588
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.3

[1.0.3] - 2025-06-20

Fixed

  • Exposed verify_message in the actual Verify interface, not just the implementation
    (#153)

  • Fixed a bug where verification performed insufficient signature checks on
    the timestamp response itself, rather than the response's certificate chain

Loading

v1.0.2

19 May 20:54
@woodruffw woodruffw
v1.0.2
577e8c5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.2

Changed

  • Added HashAlgorithm to exports of the base package module (#143)

  • Added verify_message method to Verifier class (#144)

  • Slight refactoring of the tests to ease how to test with multiple TSA (#145)

  • Changed return value of VerifierBuilder.build() from _Verifier to Verifier: This is technically
    an API change but should have minimal user impact. (#147)

Fixed

  • Fixed spelling of hash_algorithm parameter in TimestampRequestBuilder class (#131)
Loading

v1.0.1

26 Mar 08:12
@DarkaMaul DarkaMaul
v1.0.1
a6da007
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.1

What's changed?

Fixed

  • The Verifier now enforces that the EKU (Extended Key Usage) explicitly includes the id-kp-timeStamping OID (#120)

  • The Verifier now searches for the leaf certificate in the Timestamp Response instead of using the first one provided (#121)

New Contributors

Full Changelog: v1.0.0...v1.0.1

Contributors

pjrobertson
Loading

v1.0.0 - First release

31 Dec 08:42
@DarkaMaul DarkaMaul
v1.0.0
8b2c176
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.0 - First release

What's Changed

  • TimestampRequest now accepts setting the hash algorithm to SHA256 (in addition to SHA512) (#93)

Full Changelog: v0.1.2...v1.0.0

Loading

v0.1.2

11 Dec 18:59
@woodruffw woodruffw
v0.1.2
9530092
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.2

Changed

  • Moved maturin dependency from main project dependencies to development dependencies
    since it's only needed for development tasks (88)

  • Relax cryptography version requirement (91)

Loading

v0.1.1

10 Dec 15:42
@DarkaMaul DarkaMaul
v0.1.1
cc26c8a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.1

What's Changed

Changed

  • rfc3161-client release 0.1.0 was previously published and yanked on PyPI, preventing republication (#85)
Loading

v0.1.0

10 Dec 12:54
@DarkaMaul DarkaMaul
v0.1.0
b491b11
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.0

What's Changed

  • rfc3161-client is now in beta (#82).
Loading