Daniel McCarney
Daniel McCarney
@Rynibami @lvkv Thanks to both of you for your work here. I'll close this as completed.
> djc marked this pull request as draft 3 days ago Did you want me to hold off reviewing this for now?
> Seeing if this helps the aws-lc-rs build failures in CI. I tried this the other day and eventually concluded it was OpenSSL related, not aws-lc-rs. Unfortunately bumping the openssl-sys...
Thanks for getting the ball rolling here. I suspect I won't have time to give this any substantial review for some time given the hours I have to allot to...
> does MUST mean the server has to verify? Yes, that would be my reading.
Out of curiosity, have you done any interop testing with different ECH compatible clients and a Rustls server? I suspect Chrome and Firefox are the most interesting interop targets but...
> also isn't this the whole point of bogo? The bogo ECH implementation != the Go stdlib implementation. The former was implemented before the later and is specifically geared for...
> Go works > Firefox works > Chrome I found a GREASE issue and now works Nice, that's great :-) > cURL I was getting some kind of weird issue...
I'm going to close this for now based on the conclusions we reached in the previous comments. Thanks again,
@vdudouyt See https://github.com/rustls/rustls/issues/2364 Your client certificate was generated incorrectly and the best resolution would be to have it recreated as a version 3 (0x02) certificate. If that isn't possible, there's...