Prepare 0.15.1 release

[djc]

Fixes #632.

[ctz]

Update CHANGELOG.md/release notes?

[djc]

Update CHANGELOG.md/release notes?

Added an edited version of the auto-generated release notes in CHANGELOG.md.

[cpu]

I don't love these auto-generated changelog notes compared to the previous ones. For example, changes in CI are not meaningful to end users.

It also doesn't match the format that was used for the previous releases (added, changed, removed, etc)

[djc]

I'm happy to review more lines. I kept this in because I thought it was relevant (see discussion in the PR about the minimum usable glibc version), but happy to remove it.

I don't think there's anything remaining in this list that's particularly worth calling out or explaining in more detail?

[cpu]

Did you verify main has no breaking changes? I think 0b3478c is breaking for example.

In either case, I think we should maintain the added/changed/removed format that was used previously, with auto-generated changelog in the GitHub release for the full set of commits and the top-level release notes and CHANGELOG.md used for curated highlights.

I don't think there's anything remaining in this list that's particularly worth calling out or explaining in more detail?

There were a few functions added in the diff since last release and we've typically listed those explicitly:

• d595fb7
• 7068342

I think new error variants were also listed explicitly in 0.15.0 and previous, and there were a couple of those.

This change also feels worth an explicit "changed" mention:

• 1098495

And probably this deprecation:

• abb1e40

[djc]

Did you verify main has no breaking changes? I think 0b3478c is breaking for example.

Why do you think that's breaking? It doesn't look breaking to me.

[ctz]

Here's a claude-assisted changelog:

---

This is a minor release, updating rustls to 0.23.37 and improving documentation tooling.

Added

• Version detection macros in the C header:

  • RUSTLS_VERSION_MAJOR, RUSTLS_VERSION_MINOR, RUSTLS_VERSION_PATCH - individual version components as integers.
  • RUSTLS_VERSION_NUMBER - a single number encoding the version (major << 16 | minor << 8 | patch), similar to OpenSSL's versioning scheme.
  • rustls_version_match() test function verifies the defines match the actual library version.

• New error variants:

  • RUSTLS_RESULT_CERT_REVOCATION_LIST_UNSUPPORTED_SIGNATURE_ALGORITHM - for CRL signature algorithm errors.
  • RUSTLS_RESULT_CERT_UNSUPPORTED_SIGNATURE_ALGORITHM - for certificate signature algorithm errors.

• New API functions:

  • rustls_platform_server_cert_verifier_try_with_provider() - safer alternative to rustls_platform_server_cert_verifier_with_provider with better error reporting. The older function is now deprecated.
  • rustls_connection_get_tls13_tickets_received() - returns the number of TLS 1.3 tickets received by a client connection. This is FFI for ClientConnection::tls13_tickets_received().
  • rustls_client_connection_new_alpn() - constructs a client rustls_connection with custom ALPN protocol support that differs from the base rustls_client_config.

• Additional fields exposed in rustls_client_hello:

  • named_groups - the supported key exchange groups advertised by the client.

• Website documentation improvements:

  • Deprecated functions are now visually annotated on the documentation website.
  • The docgen tool now parses and includes deprecation messages in api.json.

Changed

• Updated rustls from 0.23.31 to 0.23.37.

• Updated rustls-platform-verifier from 0.5.3 to 0.6.2.

  • Platform server cert verifier creation is now fallible and must be handled appropriately.
  • Note: rustls_platform_server_cert_verifier_with_provider() is now deprecated in favor of rustls_platform_server_cert_verifier_try_with_provider().

• Post-quantum key exchange (X25519MLKEM768) is now preferred by default (matches upstream rustls 0.23.27).

• Bumped minimum supported Rust version (MSRV) to 1.73.

• Updated to toml 0.9.

• Various dependency updates (libc, serde, serde_json, hickory-resolver, etc.).

• CI improvements:

  • Removed dependency on nightly Rust toolchain for cbindgen. The u32_enum_builder and castable macros were replaced with simpler implementations that don't require macro expansion.
  • Better handling of PowerShell errors in Windows CI.
  • macOS artifact builds now use macos-15-intel and updated ARM64 runners.
  • Added check for uncommitted website/static/api.json diffs to ensure generated documentation is up-to-date.

• Internal improvements:

  • Replaced macros with declarative + procedural macro approach for error enum u32 mapping.
  • Simplified various internal implementations.

[djc]

That looks pretty nice -- can you get it to add references to the relevant PRs?

[cpu]

Those auto-gen'd changelog notes look reasonable 👍 I still suspect we either need to call this 0.16 (I think I'd prefer not to do that) or to make a rel-0.15 branch and use that instead because of 0b3478c

[djc]

Those auto-gen'd changelog notes look reasonable 👍 I still suspect we either need to call this 0.16 (I think I'd prefer not to do that) or to make a rel-0.15 branch and use that instead because of 0b3478c

Yeah, I don't think we should release a 0.16.0 (now) that's still based on rustls 0.23.

[ctz]

Those auto-gen'd changelog notes look reasonable 👍 I still suspect we either need to call this 0.16 (I think I'd prefer not to do that) or to make a rel-0.15 branch and use that instead because of 0b3478c

Oh, yes, that's dead-on breaking. Hmm

[cpu]

Oh, yes, that's dead-on breaking. Hmm

It's in a part of the API we've called experimental, so I suppose we could just say it's fine...

EXPERIMENTAL: this feature of rustls-ffi is likely to change in the future, as the rustls library is re-evaluating their current approach to client hello handling.