What's Changed
- Apply additional X509 validation checks on certificates sourced from trust store by @skmcgrail in #2230
- Reorganizing compatability tests, rework certificates for better groking by @skmcgrail in #2305
- Additional X.509 Behavior Compatability Tests by @skmcgrail in #2312
- Merge main into x509 by @skmcgrail in #2351
- Add Support for IPv4 and IPv6 X.509 Certificate Name Constraints by @skmcgrail in #2340
- Merge main to x509 by @skmcgrail in #2390
- Reintroduce support for validating DNS commonName subjects when name constraints are present. by @skmcgrail in #2376
- Support client-side hostname checks with leading . by @skmcgrail in #2403
- Verify leaf certificate public key rather then leaving it to the caller by @skmcgrail in #2438
- Merge main into x509 by @skmcgrail in #2613
- Support for explicit curve parameter on EC public keys where parameters match supported curves by @skmcgrail in #2642
- Add x86 Keccak implementation by @manastasova in #2619
- Gate EC explicit curve parameters for X.509 behind flag by @skmcgrail in #2648
- Update CPU Jitter Entropy dependency to version 3.6.3 by @torben-hansen in #2654
- Fix benchmarking issues with FIPS main by @samuel40791765 in #2655
- Add standalone MLKEM supported groups by @alexw91 in #2589
- Merge main into x509 by @skmcgrail in #2657
- Document and statically assert counters can't overflow by @torben-hansen in #2658
- TLS Transfer Serialization Improvements by @skmcgrail in #2616
- Fix ternary operator in github workflow by @torben-hansen in #2653
- Merge x509 branch into main by @skmcgrail in #2660
- Address clang-ci comments on new x509 code by @skmcgrail in #2662
- Implement snapsafe fallback entropy source by @torben-hansen in #2651
- Rand small fixes by @torben-hansen in #2664
- Import s2n-bignum 2025-09-05-04 by @dkostic in #2667
- Refactor iOS CI script by @justsmth in #2637
- Re-import mlkem-native for addition of CFI directives by @hanno-becker in #2659
- Fix typo in ssl_transfer_asn1 by @samuel40791765 in #2665
- Fix for zig build by @justsmth in #2668
- Update SSLProxy patch by @skmcgrail in #2663
- ML-DSA service indicator by @jakemas in #2666
- Add aes-xts AArch64 implementation that will eventually be imported from s2n-bignum. by @nebeid in #2632
- Fix Keccak MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX flag by @manastasova in #2670
- Increase SSLBuffer size to INT_MAX by @samuel40791765 in #2673
- Wrap compiler when FIPS w/ clang v20+ by @justsmth in #2671
- Test ACCP in FIPS mode as well as non-FIPS by @WillChilds-Klein in #2669
- fix: Allow zero-length passwords in PEM key decryption by @kingstjo in #2677
- Use CheckCCompilerFlag to test -Wno-cast-function-type by @justsmth in #2678
- Make X509 CodeBuild webhook more resilient by @skmcgrail in #2680
- Prepare AWS-LC v1.61.0 by @justsmth in #2681
Full Changelog: v1.60.0...v1.61.0