Security issue notifications

If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.

Problem:

The existing (unstable) s2n_cert_validation_callback should be exposed in the Rust bindings in order to permit customers using those to use the callback to perform additional validation. This will be used with the upcoming addition of supporting custom extra critical OIDs in certificates to actually perform the validation those require.

Need By Date:

~Q3 2025, to provide time for usage by end of year.

Solution:

The existing API looks sufficiently usable, just needs to be exposed.

• Does this change what S2N sends over the wire? no
• Does this change any public APIs? yes (in Rust)
• Which versions of TLS will this impact? ~all

Requirements / Acceptance Criteria:

What must a solution address in order to solve the problem? How do we know the solution is complete?

• RFC links: n/a
• Related Issues: n/a
• Will the Usage Guide or other documentation need to be updated? Rust documentation only
• Testing:
  • Will this change trigger SAW changes? No.
  • Should this change be fuzz tested? No.

Out of scope:

No.