Skip to content

Bump trillium-rustls from 0.9.0 to 0.11.3#4660

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/main/trillium-rustls-0.11.3
Open

Bump trillium-rustls from 0.9.0 to 0.11.3#4660
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/main/trillium-rustls-0.11.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps trillium-rustls from 0.9.0 to 0.11.3.

Release notes

Sourced from trillium-rustls's releases.

trillium-rustls-v0.11.3

Added

  • The connector now implements Connector::connect_to (new in trillium-server-common): the pre-resolved addresses carried in the Destination are forwarded to the inner connector for the TCP dial, while the TLS server name still comes from the destination host — so address-pinned dialing works over TLS without affecting certificate validation.
  • A non-empty per-connection ALPN list (Destination::alpn) overrides the configured ALPN protocol list for that single connection; an empty list (the default) leaves the connector's configured ALPN in place.

trillium-rustls-v0.11.2

Added

  • RustlsClientConfig::from_root_cert_pem(pem) — build a client config that trusts exactly the certificate(s) in the provided PEM (ignoring platform/webpki defaults) while keeping certificate verification intact. Useful for connecting to a service with a private or self-signed certificate without reconstructing the crate's provider/ALPN defaults by hand.
  • RustlsClientConfig is now re-exported from the crate root.
  • dangerous cargo feature, gating RustlsClientConfig::dangerously_accept_any_cert() — a client config that disables server authentication entirely.

Fixed

  • Connecting over TLS to a host given as an IP address (e.g. https://127.0.0.1) failed with a missing domain transport error; only DNS hostnames worked. IP-address hosts now connect, validated against the certificate's IP SAN (no SNI is sent for them, per the TLS spec).

trillium-rustls-v0.11.1

Fixed

  • Bump trillium-server-common dependency specifier to 0.7 to match the 1.1 release; 0.11.0 was published with a stale 0.6 spec.

trillium-rustls-v0.11.0

Changed

  • TLS now advertises h2 and http/1.1 in ALPN by default. RustlsConfig::without_http2() opts back out for HTTP/1.1-only deployments.

Added

  • RustlsConfig::without_http2() — drop h2 from the advertised ALPN list
  • RustlsAcceptor::from_single_cert_no_h2(cert, key) — convenience constructor for HTTP/1.1-only TLS, equivalent to from_single_cert(cert, key).without_http2()
  • RustlsClientTransport::negotiated_alpn() / RustlsServerTransport::negotiated_alpn() — exposes the ALPN result for runtime/client dispatch
Commits
  • 2dfdfe7 docs(client): dns guide
  • e0021dc feat(client): distinguish between version hint and default state
  • 3e8eec7 feat(client): encrypted dns
  • 12df68c refactor(redirect): use followup model
  • 1762c07 feat(http): adopt some more http/1.x SHOULD behavior
  • 1f9189f fix(websockets): Increase strictness and conformance of handshake
  • 1fa2be6 feat(router): return 204 instead of 200 for OPTIONS handling
  • 3462038 chore(deps): update codecov/codecov-action action to v7
  • a4b2078 docs: further case fixes identified by #882
  • 46b1ffe docs: fix two more capitalization mistakes in guide docs
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jun 24, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 24, 2026 19:24
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jun 24, 2026

@divviup-github-automation divviup-github-automation left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approving dependabot PR.

@divviup-github-automation divviup-github-automation enabled auto-merge (squash) June 24, 2026 19:24
@dependabot dependabot Bot force-pushed the dependabot/cargo/main/trillium-rustls-0.11.3 branch from 6558ed3 to e0fc08f Compare June 25, 2026 18:45
Bumps [trillium-rustls](https://github.com/trillium-rs/trillium) from 0.9.0 to 0.11.3.
- [Release notes](https://github.com/trillium-rs/trillium/releases)
- [Commits](trillium-rs/trillium@trillium-rustls-v0.9.0...trillium-rustls-v0.11.3)

---
updated-dependencies:
- dependency-name: trillium-rustls
  dependency-version: 0.11.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/main/trillium-rustls-0.11.3 branch from e0fc08f to 5484aad Compare June 25, 2026 20:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant