Daniel McCarney

This issue is fixed in `main`. Thanks everyone! I expect we'll cut a 0.102.7 release with the fix after #275 is merged.

As part of the work required for landing CRL distribution point extension support I updated webpki to recognize URI type general names: https://github.com/rustls/webpki/blob/01c0e3ee24075e28e7aedd089e49e5ae5015701d/src/subject_name/verify.rs#L408 I think we mostly need to wire...

> (Are you using webpki directly or only via rustls?) There's also a matching issue on the Rustls repo where I left some questions trying to understand the use-case better:...

> It will take some care to be able to meet this requirement outside the context of building and verifying the path used to validate an end entity certificate. [A...

EKU params are being passed into CSRs as of https://github.com/rustls/rcgen/pull/264 We can leave this open for a more general solution but I thought it would be helpful for you to...

Just leaving a note that I'll be travelling for the next week and probably won't have a chance to review this before then.

Thanks for reporting back. Is this something that could be tested in CI as a way of adding something approaching documentation that won't fall out of date accidentally?

I personally think this makes sense to implement and see #208 and https://github.com/rustls/rcgen/pull/223 as steps in that general direction. I think there are some other old issues that would benefit...

> It seems reasonable to offer some API that lets you pass a source of randomness similar to the ring API Agreed, there's also precedent with the Golang X.509 package...

> IDK IIRC rustls only exposes custom TLS cert verification if you enable a cargo feature. For what it's worth, that's true for the released crates but the next release...