Colin Taylor

No worries! I know that everyone is busy and it takes time to sort these things out. I appreciate the merge; I want to promote shiv's usage but that's a...

I've updated this PR to reflect changes in the most recent release to use the resource name instead of the path name. Using `path.name` as in the original implementation defeats...

> To clarify, you have set a custom CA bundle like this: https://www.pantsbuild.org/docs/proxies#setting-up-a-certificate-authority but those aren't working because of the subjectAltName issue? Yes I have, and no, it doesn't fix...

> To clarify, you have set a custom CA bundle like this: https://www.pantsbuild.org/docs/proxies#setting-up-a-certificate-authority but those aren't working because of the subjectAltName issue? Oops, forgot one last detail. The python that...

> How sure are we that the crux is "commonName set without subjectAltName"? We're not. As a rust novice, I'm just entirely going off of what @tdyas was suggesting in...

> There is some code linked from the rustls issue that may solve the issue by supplying a custom certificate verification step to rustls. [paritytech/x509-signature#4 (comment)](https://github.com/paritytech/x509-signature/issues/4#issuecomment-691729509) While this is helpful...

> I'm pushing up against my limited knowledge of TLS here, but isn't subjectAltName relevant only to the end-entity cert? I'm even less knowledgeable than you, but that's what I...

Well...I spoke too soon. It's only half working. My company (for reasons I won't get into) hard cuts our internet mainline every night so there are limits on the testing...

> -ltrace would be another way to enable trace-level logging but would do so for all log targets and so would be very verbose I suspected this might work and...

More details to share. I did a bit more digging and I found something interesting. As mentioned, when `-ltrace` is enabled, `rustls` dumps the certificates it receives to the log...