Release: v1.3.45

Weekly release for June 01 2023

What's Changed

• Dashboard stale by @dougch in #3947
• ci: nix devShell simplification by @dougch in #3964
• Print Wire Bytes In and Out for s2nc by @alexw91 in #3986
• chore: bindings release 0.0.31 by @WesleyRosenblum in #3997
• ci: enable ossl3 tls13 tests by @jmayclin in #3992
• test: add more x509 OCSP tests by @jmayclin in #3970
• Update FAQ + add s2n_negotiate example to Usage Guide by @lrstewart in #3984
• bindings: Add option to disable loading system certs by @goatgoose in #3985
• docs: add notes on s2nc and s2nd usage by @WesleyRosenblum in #4003
• Quoting RFC-4492 to verify behavior when supported_groups extension is not sent by @aditishri18 in #3998
• Upgrade OpenSSL module for CBMC proofs by @feliperodri in #3978
• nix devShell with openssl3 by @dougch in #3993
• fix(s2nd): parse psk given to s2nd non-destructively by @WesleyRosenblum in #4006
• style: simplfy api for test utility by @jmayclin in #4008
• nix: add a LibreSSL nix devShell by @dougch in #4010
• nix: Use nixpkgs gnutls instead by @dougch in #4013
• Add the libcrypto random generation implementation by @goatgoose in #4004
• X509 asn1 refactor by @jmayclin in #4011
• fix: open files with the O_CLOEXEC flag by @toidiu in #3989
• test(bindings/s2n-tls-tokio): fix tokio bindings close test by @jmayclin in #4007
• fix(api/unstable): make all api methods visible by @jmayclin in #4015
• nix: add an Openssl102 nix devShell by @dougch in #4014
• Fix s2n_error_get_type mistake in usage guide by @lrstewart in #4022
• Publish minimal s2n_config APIs and add documentation by @goatgoose in #3972
• Only call getenv for integ test marker in s2n_init by @lrstewart in #4025
• Disable retry client random validation outside of tests by @lrstewart in #4023
• fix: improve compatibility with old Linux versions by @camshaft in #4027

Full Changelog: v1.3.44...v1.3.45

Release: v1.3.44

Weekly release for May 09 2023

What's Changed

• Fix end-of-data behavior by @lrstewart in #3945
• Add logging for failed CRT tests by @lrstewart in #3962
• Cover more situations where no close_notify is sent/received by @lrstewart in #3957
• chore[bindings]: release 0.0.30 by @toidiu in #3956
• chore: remove module.modulemap by @toidiu in #3961
• Add API to create s2n_configs without loading system certs by @goatgoose in #3950
• Add new API to perform half-close by @lrstewart in #3952
• Add test for cipher selection with dh params by @lrstewart in #3974
• style: clean up fuzz corpus by @jmayclin in #3971
• Only Rust LTO with GCC by @justsmth in #3968
• docs: update clang-format and gdb documentation by @jmayclin in #3967
• s2n_rand_cleanup: be sure to unregister s2n RAND engine from libcrypto by @riverszhang89 in #3966
• Use custom library context for rc4 instead of global default context by @lrstewart in #3980
• Add 32 bit buildspec by @jmayclin in #3977
• test: fix session-ticket, non-blocking-io tests on 32 bit by @jmayclin in #3969

New Contributors

• @riverszhang89 made their first contribution in #3966

Full Changelog: v1.3.43...v1.3.44

Release: v1.3.43

Weekly release for April 27 2023

What's Changed

• docs: add compliance notes for RFC 6125 by @camshaft in #3915
• test: add retry logic for well-known endpoints by @camshaft in #3918
• chore(bindings): release 0.0.29 by @camshaft in #3919
• test: Bump nix devShell python to 3.10 by @dougch in #3914
• Attempts to fix flakiness in session_ticket_test by @maddeleine in #3913
• Create new PQ TLS Policies with minimum of TLSv1.2 by @alexw91 in #3927
• doc: Flesh out steps in nix readme. by @dougch in #3923
• Add note about server_name spec requirements by @lrstewart in #3930
• ci: Update AWSLC test dependency to v1.8.0 by @goatgoose in #3938
• Adds FAQ doc by @maddeleine in #3920
• Remove unnecessary flush by @lrstewart in #3940
• update security policy and rust binding documentation by @jmayclin in #3906
• ci: Add github stale action by @goatgoose in #3929
• Add test to verify TLS1.2 downgrade by @aditishri18 in #3939
• Reinstate Kyber KEM check by @WillChilds-Klein in #3905
• Don't send close_notify after an alert by @lrstewart in #3942
• Update IO section of Usage Guide by @lrstewart in #3917
• Add basic half-close TLS1.3 behavior by @lrstewart in #3932
• bindings: add verify_host_callback to the connection by @toidiu in #3925
• ci: Add AWSLC-FIPS 2022 to CI by @goatgoose in #3943
• add 32 bit cross-compile toolchain by @jmayclin in #3924
• ci: Disable automatically closing stale PRs by @goatgoose in #3946
• Fix expected negotiated version in client auth downgrade test by @goatgoose in #3951

Full Changelog: v1.3.42...v1.3.43

Release: v1.3.42

Weekly release for April 04 2023

What's Changed

• test: Nix s3 cache by @dougch in #3904
• chore: bump rust bindings by @toidiu in #3909
• Appends S2N_API to APIs that were missing the attribute by @maddeleine in #3910
• Move secret type out of tls12/tls13 union by @lrstewart in #3908
• Expose curve details on rust bindings by @shraddha-1508 in #3912
• Don't set actual_protocol_version early when resuming a session by @lrstewart in #3907
• CI: Restrict Nix integ test to 1 job by @dougch in #3897

New Contributors

• @shraddha-1508 made their first contribution in #3912

Full Changelog: v1.3.41...v1.3.42

Release: v1.3.41

Weekly release for March 23 2023

What's Changed

• fix: remove broken check in test by @toidiu in #3901

Full Changelog: v1.3.40...v1.3.41

Release: v1.3.39

Weekly release for March 13 2023

What's Changed

• Removed codecov github status badge. by @amazonKamath in #3859
• Add Rust bindings method to create certs without private keys by @lrstewart in #3860
• Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC by @alexw91 in #3800
• chore: bump rust bindings version; crates msrv to 1.63.0 by @dougch in #3863
• ci: Check for msrv match between rust-toolchain an crates by @dougch in #3866
• fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_load_cns by @WesleyRosenblum in #3870
• tests: add checks for LTO+interning compatibility by @camshaft in #3839
• Enforce that ENSURE and GUARD_OSSL use valid error codes by @lrstewart in #3873

New Contributors

• @amazonKamath made their first contribution in #3859

Full Changelog: v1.3.38...v1.3.39

Release: v1.3.38

Weekly release for March 01 2023

What's Changed

• Add CMake targets for integration tests and switch CI to use them by @harrisonkaiser in #3776
• ci: reduce the number of BSD artifacts by @camshaft in #3837
• Enable -Wsign-Compare-check_v2-tests/unit by @aditishri18 in #3827
• Add github trigger event for merge queue by @lrstewart in #3836
• Prevent auto-enabling OCSP requests for servers by @goatgoose in #3830
• Enable -Wsign-Compare-check_v3-tests/unit/ by @aditishri18 in #3828
• Enable -Wsign-Compare-check_bin/_crypto/_stuffer/_utils/ by @aditishri18 in #3825
• Enable -Wsign-Compare-check_v1-tests/ by @aditishri18 in #3826
• Update s2n_libcrypto_validate_name_prefix to only check the prefix of the libcrypto name by @andrewhop in #3779
• Enable -Wsign-Compare-check_tls/ by @aditishri18 in #3829
• Add OCSP stapling for client auth by @goatgoose in #3770
• Enable -Wsign-Compare-check_CMakeLists by @aditishri18 in #3842
• CI: pin AWS-LC versions by @WesleyRosenblum in #3846
• [bindings] Generalize async in preparation for pkey offloading by @lrstewart in #3844
• fix: use actual_protocol_version for session ID by @WesleyRosenblum in #3845
• Add JA3 to s2nd by @lrstewart in #3838
• Filter do_not_merge label from Ready to merge in Dashboard by @WesleyRosenblum in #3849
• Remove unused s2n_config_client_hello_cb_enable_poll by @lrstewart in #3850
• Run integv2 tests with nix by @harrisonkaiser in #3824
• ci: nix action by @dougch in #3834
• Add CBMC proof-running GitHub Action by @karkhaz in #3840
• Upgrade OpenSSL model for CBMC proofs by @feliperodri in #3857
• Rust bindings issue with openssl-src by @dougch in #3858
• Handle ASN.1 type detection errors by @lrstewart in #3855
• [bindings] Add private key callback by @lrstewart in #3847

Full Changelog: v1.3.37...v1.3.38

Release: v1.3.37

Weekly release for February 15 2023

What's Changed

• Add stuffer helper method for standard init process by @lrstewart in #3814
• Bump rust bindings for 1.3.36 release by @goatgoose in #3818
• Clarify SSLv2 ClientHellos by @lrstewart in #3815
• Add unit test to check that the build's libcrypto reflects the CI's intended libcrypto by @harrisonkaiser in #3774
• Clarify that AWS-LC is also supported by @torben-hansen in #3821
• Add JA3 fingerprinting by @lrstewart in #3817
• Criterion delta by @dougch in #3811
• bindings(rust): bump MSRV to 1.60.0 by @camshaft in #3833
• Clean up thread-local memory by @maddeleine in #3771
• Make unstable fingerprint methods accessible by @lrstewart in #3823

Full Changelog: v1.3.36...v1.3.37

Release: v1.3.36

Weekly release for February 08 2023

What's Changed

• Blob Initialization fix-Test_1 by @aditishri18 in #3790
• Integration test to check default signature algorithm behavior by @aditishri18 in #3719
• Adds client hello section to usage guide by @maddeleine in #3757
• Update omnibus fuzz images by @dougch in #3796
• Bump rust bindings for 1.3.35 release by @maddeleine in #3802
• s2n-tls nix flake by @dougch in #3794
• Update OpenBSD's MEM_PER_CONNECTION, based on error message by @harrisonkaiser in #3791
• ktls: s2n_ktls_mode and building blocks by @toidiu in #3797
• Make test_install_shared_and_static easier to debug by @maddeleine in #3804
• ktls: add ktls_supported field to s2n_cipher by @toidiu in #3806
• ktls: rm kTLS request field on config by @toidiu in #3816

Full Changelog: v1.3.35...v1.3.36

Release: v1.3.35

Weekly release for January 31 2023

What's Changed

• Add min supported rust version for clippy by @lrstewart in #3785
• s2n_shutdown should ignore unread messages by @lrstewart in #3769
• Blob Initialization fix-Test by @aditishri18 in #3780
• Enforce that clippy msrv matches rust-toolchain by @lrstewart in #3787
• Enable CTEST_OUTPUT_ON_FAILURE on all targets by @harrisonkaiser in #3789
• add code coverage support by @jmayclin in #3759
• fix: pass an empty string to host verify without usable identifiers by @camshaft in #3793

Full Changelog: v1.3.34...v1.3.35