David Horstmann

I have rebased on top of development - of the 3 arrays, 2 were deprecated and have since been removed, so only 1 remains.

DCO is failing due to having a signature that doesn't match the PR author.

Can you please share a summary of your code so that we can try to reproduce the issue? Which Java library are you using to compute shared secrets?

Hi @Kabbah, thanks for your contribution! Would you be able to rebase your first 2 commits on top of the `development` branch to avoid having merge commits in this PR?

@gilles-peskine-arm an omission on my part. I agree this needs a backport - it could conceivably break scripts that parse the output of `programs/cert_app` but it would be unlikely to...

@Kabbah that's correct, please open a new PR on top of `mbedtls-2.28` (usually we use the same name with "[Backport 2.28]" in front) then link to it from here.

Commenting to update PR

Can you please give a summary of the Python code you're using to generate the signature and the C code you're using to verify it so that we can try...

Thanks for flagging this up! I've done some preliminary investigation and I can confirm that there seems to be improper handling of escaped special characters in `mbedtls_x509_string_to_names()`. I can reproduce...

@mman thanks for the extra info, it looks like special characters are only singly-escaped, which is a relief. As you've correctly identified, there's an asymmetry between the characters we escape...