Joe Birr-Pixton
Joe Birr-Pixton
Here's a patch to this repo's client example that demonstrates how to fragment the clienthello: ```patch diff --git a/examples/client.rs b/examples/client.rs index 347a827..03664af 100644 --- a/examples/client.rs +++ b/examples/client.rs @@ -51,9 +51,10...
> * It should be straightforwardly possible to adapt for use with essentially any TLS provider (with the possible exception of rustls, which might need some additional FFI routines to...
I think it's fair to say we understand the general utility of early data exporters. Generally we don't add features unless motivated by a specific downstream usage (in other words,...
I think the main thing to do here is (aside from removing ED25519 from the windows verifier's list) is to test a chain on each platform for each item in...
> [@ctz](https://github.com/ctz) I would appreciate some clarification on the ways `rustls` itself uses `supported_verify_schemes` since I'm not an expert on the TLS protocol side, if you don't mind. > >...
I would kind of expect `IdentityDer` to contain a certificate chain, not just an end-entity cert? That would make the invalid state of RPK + "intermediate" X509 certs unrepresentable at...
I think we have a preference on the shape that was proposed in #2560 and will bring forward some changes along those lines (see, eg groundwork in #2614)
I don't think we want to take a `rustls::RootCertStore` here, because that means we cannot actually pass certificates to the verifier on platforms with a "real" platform verifier (these need...
Seems this doesn't work? ``` + CERT_HASH=D69B561148F01C77C54578C10926DF5B856976AD + security delete-certificate -Z D69B561148F01C77C[54](https://github.com/rustls/rustls-native-certs/actions/runs/15778295489/job/44477614779#step:11:55)578C10926DF5B856976AD /Library/Keychains/System.keychain Unable to delete certificate matching "D69B561148F01C77C54578C10926DF5B856976AD"+ true ``` (Also surely "remove-trusted-cert" is the inverse of "add-trusted-cert"?)
Thanks for the report -- there are a couple of differences here that are worth eliminating first. The failing case is offering X25519MLKEM768, but since the Android Auto side seems...