Joe Birr-Pixton

So there are two things: SCT stapling (not widely used, we're dropping it) and OCSP stapling (we support that for servers and clients at a TLS level). But: to underline,...

We don't implement RFC6066 `max_fragment_size` negotiation (reasons here: https://github.com/rustls/rustls/issues/585#issuecomment-803130069); instead we just have a control for the size of fragments we produce. The goal for that feature is that applications...

#1579 is relevant to this

Going to close this. We have some follow-on work in other issues, but the initial version of this was delivered in 0.23.

Would you be able to post a packet capture of this failure happening, and/or warn-level logs emitted from the rustls client? (`RUST_LOG=warn` if your process incorporates `env_logger`).

> > Would you be able to post a packet capture of this failure happening, and/or warn-level logs emitted from the rustls client? (`RUST_LOG=warn` if your process incorporates `env_logger`). >...

So, getting to the bottom of the cause of this on discord with @cpu : In rustls 0.22 we removed the default function definition for `ServerCertVerifier::supported_verify_schemes`. In eb94f26919e881177ad3d9cd172f47d1a8263799 (contained in...

Fix for this is in: - https://crates.io/crates/rustls/0.23.4 - https://crates.io/crates/rustls/0.22.3

Yeah we probably should. That would involve reading in files named in the `openssl rehash` or `certctl rehash` style (hopefully the same -- needs a little research). Working through _both_...

> Can I assume the goal here is that rustls-native-certs is designed to be a OpenSSL drop-in replacement? No, merely enough to obtain certificates for a variety of operating systems....