David Benjamin

Something to look into: doing terrible things with postdated tickets.

> would you consider filing an issue against https://github.com/jethrogb/rust-cexpr? Looks like this never happened, but someone later filed a bug about this here: https://github.com/jethrogb/rust-cexpr/issues/16

Though given this crate is also used to evaluate expressions, there's probably a deeper flaw here that bindgen does not correctly incorporate types when evaluating these. (This then opens a...

All that did was switch the hardcoded types from `c_uint` to `u32`, right? I.e. `bindgen` is still failing to consume C APIs correctly. It's just doing it differently incorrectly.

This assumes that there are no other uses of `u32` in there. A C header may quite reasonably have constants of different types. Ultimately the problem here is that bindgen...

> We could delay sending the tickets until SSL_write() is called on the server (which might be never for some applications). If we went this route I'd suggest making it...

We discard `SSL_shutdown` tickets to avoid confusing callers with unexpected callback calls. The only code I've ever seen do bidi shutdown (it's kinda pointless and the API is awful) does...

I'm not sure that quite does it since the server still needs to know the client will be blocking its write on that read. But that turns our nice 1-RTT...

@njsmith Not quite. The server doesn't send tickets until it receives the client Finished flight. This is necessary for the tickets to, e.g, incorporate any client certificates. That is, the...

Most implementations are not going to send the NewSessionTicket early, even in those cases. It's not just that the NewSessionTicket is deferred. The resumption secret is a function of the...