deps: bump the rustls-ecosystem group across 1 directory with 3 updates

[dependabot]

Bumps the rustls-ecosystem group with 3 updates in the / directory: rustls, rustls-platform-verifier and rustls-webpki.

Updates rustls from 0.23.31 to 0.23.32

Commits

• 6a188a7 Take semver-compatible updates
• 5abe33e Prepare 0.23.32
• d3c502e Improve compatibility of TLS1.2 with ECDSA+SHA512
• ef7063d take webpki 0.103.5
• 77a0148 ci-bench: RUSTSEC-2025-0057 fxhash -> rustc-hash
• 1492c95 Fix clippy::needless_borrows_for_generic_args
• e029d31 cargo-check-external-types: take updated nightly
• 2d03fa7 Remove test of async-std example
• 20f548a Withdraw use of async-std in example code
• 0cb4244 Track 1.89 lint changes
• Additional commits viewable in compare view

Updates rustls-platform-verifier from 0.3.4 to 0.6.1

Release notes

Sourced from rustls-platform-verifier's releases.

0.6.1

This version should fix the docs.rs build -- see #181.

What's Changed

• Add Kotlin Gradle script example to Android README section by @​complexspaces in rustls/rustls-platform-verifier#167
• Fix docs build for 0.6.0 by @​ctz in rustls/rustls-platform-verifier#182

Full Changelog: rustls/rustls-platform-verifier@v/0.6.0...v/0.6.1

0.6.0

• Avoid implicit reliance on the default crypto provider
• Eagerly create the verifier on miscellaneous Unix platforms (including Linux) to avoid swallowing errors

What's Changed

• Update real world test certificates by @​djc in rustls/rustls-platform-verifier#177
• Eagerly build root store on miscellaneous Unix platforms by @​djc in rustls/rustls-platform-verifier#171
• Upgrade to webpki-root-certs 1 by @​djc in rustls/rustls-platform-verifier#176

0.5.3

• Adapt to changes in rustls error API.

What's Changed

• Fix typo in Verifier::{with_provider, get_provider} docs by @​paolobarbolini in rustls/rustls-platform-verifier#173
• Refine CI workflow triggers by @​djc in rustls/rustls-platform-verifier#174
• Adapt to changing rustls error API by @​djc in rustls/rustls-platform-verifier#168

0.5.2

The headline of this release is server compatibility improvements.

It removes an edge case where a failure to load any certificates on Linux/BSD platforms would result in silently turning the lack of certificate roots into "no signature algorithms". During the initialization of a TLS session with a server this caused rustls to send an empty supported signature list in the ClientHello.

What's Changed

• Remove signature list failure case in other Verifier by @​complexspaces in rustls/rustls-platform-verifier#169

Full Changelog: rustls/rustls-platform-verifier@v/0.5.1...v/0.5.2

0.5.1

Change the way we interact with the rustls API to avoid semver hazards: unfortunately changes in rustls 0.23.24 broke older rustls-platform-verifier releases due to downcasting of a no-longer compatible error wrapper. rustls 0.23.25 now exposes the required variant directly, which should avoid similar issues in the future. (For more details, see #163.)

What's Changed

• Update the crate version in README by @​1hakusai1 in rustls/rustls-platform-verifier#155
• Update CI for Febuary 2025 by @​complexspaces in rustls/rustls-platform-verifier#156
• fix 'environment' typo in android docs by @​mcginty in rustls/rustls-platform-verifier#158
• Refactor Android init methods for more flexibility by @​mcginty in rustls/rustls-platform-verifier#159
• Allow modern range of windows-sys versions by @​complexspaces in rustls/rustls-platform-verifier#161
• Fix audit by @​djc in rustls/rustls-platform-verifier#162

... (truncated)

Commits

• eb80998 Prepare 0.6.1
• 4d29dd1 ci: align with docs.rs for documentation
• 841383e Ensure once_cell is available for docs generation
• 363817b Add Kotlin Gradle script example to Android README section
• c72d9dc Drop conditional dependency on webpki-root-certs
• f664e88 Upgrade to webpki-root-certs 1
• 694e914 Bump version to 0.6.0
• 85cf196 Forward errors from parsing extra roots
• 1589a63 Eagerly build root store on miscellaneous Unix platforms
• ff3c6c6 Drop deprecated API entry points
• Additional commits viewable in compare view

Updates rustls-webpki from 0.102.8 to 0.103.5

Release notes

Sourced from rustls-webpki's releases.

0.103.5

• New feature: support verification of P256+SHA512 and P384-SHA512 ECDSA signatures with aws-lc-rs. This is not a recommended combination, but such signatures exist in the wild.

What's Changed

• Leverage extended API from rcgen 0.14.2 by @​djc in rustls/webpki#366
• Update semver-compatible dependencies by @​djc in rustls/webpki#369
• ci: take updated nightly for cargo-check-external-types by @​cpu in rustls/webpki#370
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in rustls/webpki#371
• build(deps): bump serde_json from 1.0.142 to 1.0.143 in the crates-io group by @​dependabot[bot] in rustls/webpki#374
• Clarify docs on Cert methods by @​ctz in rustls/webpki#375
• Extract trait for ExtendedKeyUsage validation by @​djc in rustls/webpki#376
• build(deps): bump actions/setup-python from 5 to 6 by @​dependabot[bot] in rustls/webpki#378
• 0.103.5: support P256+SHA512 and P384+SHA512 by @​ctz in rustls/webpki#379

Full Changelog: rustls/webpki@v/0.103.4...v/0.103.5

0.103.4

• Add unstable support for the post-quantum ML-DSA signature algorithms when using aws-lc-rs. Enable the aws-lc-rs-unstable feature to expose these algorithms (only works when aws-lc-rs-fips is not enabled).
• Use new UnsupportedSignatureAlgorithmContext, UnsupportedCrlSignatureAlgorithmContext, UnsupportedSignatureAlgorithmForPublicKeyContext and UnsupportedCrlSignatureAlgorithmForPublicKeyContext error variants which contain additional context about the error condition. The related contextless variants have been deprecated.

What's Changed

• Do not include bettertls README file in published crates by @​decathorpe in rustls/webpki#351
• deps: Update aws-lc-rs in lockfile by @​ognevny in rustls/webpki#355
• Inline signature verifications test macros by @​djc in rustls/webpki#358
• ci: test more feature flag combinations by @​djc in rustls/webpki#359
• Add unstable support for ML-DSA signature algorithms by @​djc in rustls/webpki#348
• Add context to signature-related errors by @​djc in rustls/webpki#357
• Upgrade to rcgen 0.14 by @​djc in rustls/webpki#363
• Declare ML-DSA as not FIPS approved in the API by @​ctz in rustls/webpki#364
• Bump version to 0.103.4 by @​djc in rustls/webpki#361

0.103.3

Add support for RSA signature algorithms that don't include parameters. Per RFC 4055 section 5, implementations of the SHA-1/SHA-2 one-way hash functions "MUST accept the parameters being absent as well as present".

What's Changed

• Support RSA PKCS#1 signatures with absent parameters by @​ctz in rustls/webpki#346

0.103.2

• Maintain context for key usage mismatch errors in order to make them easier to interpret.
• Accept certificates with an empty extension sequence.

What's Changed

• Fix CI build failures, tidy cargo-deny config by @​cpu in rustls/webpki#339
• Update semver-compatible dependencies by @​djc in rustls/webpki#341
• Remove tests from package that is published by @​SwishSwushPow in rustls/webpki#340
• Allow x509v3 empty extensions (redux) by @​ctz in rustls/webpki#342

... (truncated)

Commits

• 064a68b Prepare 0.103.5
• f6fbb2a Support P256+SHA512 and P384+SHA512
• 41cc1fc Take aws-lc-rs 1.14.0
• ac0500d build(deps): bump actions/setup-python from 5 to 6
• 57fa975 Extract trait for ExtendedKeyUsage validation
• 6700208 Move ExtendedKeyUsage::check() to KeyUsage
• 260cb69 Extract KeyPurposeId iteration from ExtendedKeyUsage::check()
• 3ed145a Simplify KeyPurposeId comparison
• b20354a Clarify docs on Cert methods
• 0616ac9 build(deps): bump serde_json in the crates-io group
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[kmesh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hzxuzhonghu for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment