Joe Birr-Pixton

> @[ctz](https://github.com/ctz) moved this from In Progress to Done in [v0.21 release](https://github.com/orgs/rustls/projects/2) [on Feb 4, 2023](https://github.com/rustls/rustls/issues/466#event-03dc31a7-26b2-5b03-882a-f8745e0d8016)

You may also find https://docs.rs/rustls/0.13.0/rustls/sign/struct.CertifiedKey.html#method.cross_check_end_entity_cert to be useful.

Given #1918, I'm going to close this as complete.

> i test that when given 10 intermidiates certs, the build_chain_inner function will be called 2060312 times and elp 22s to end , could you clarify exactly what this test...

Possible investigation ideas: - add ECDSA or ED25519 support to the openssl-bench tool, and use that to see if it boils down to RSA signing performance, or something else. -...

Had a brief look at this just now: boringssl and aws-lc have a RSA performance deficit to openssl: ``` $ openssl version OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13...

Thanks for the report. Yes, the current API treats a half-close as a full-close. I think we should add additional `ConnectionState`s so the server in your example can finish its...

> The current setup breaks feature additivity which is a bit of a pain. That proposal also breaks feature additivity: if you carefully arrange to enable only the `ring` feature...

I think this is likely a similar cause to #1762 -- would be good to have a repro case for this (I expect if that points to a bug anywhere,...

> What is the right fix and why didn't you submit that? 😉 1) build a time machine, travel back and tell the tlswg that they shouldn't change the semantics...