Matt Caswell

> A while back in the issue discussion #14748 you pointed out HPKE has things in common with https://www.openssl.org/docs/manmaster/man3/EVP_SealInit.html (and I guess EVP_OpenInit as well). That seems accurate still and...

I actually wonder whether the EVP_PKEY_encrypt API is a better fit of HPKE. At the API level it is very simple: ```` int EVP_PKEY_encrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_encrypt(EVP_PKEY_CTX...

I suppose a lot depends on how we view HPKE. Is it itself a cryptographic operation (built from other even lower level primitives) that is fully fetchable and may at...

> It looks like the client is rejecting the certificate sent by the server as not being trusted. It's actually the other way around. Its the server that is rejecting...

Use the `-trace` argument to `s_client` and it will dump out verbose information on the handshake messages it is sending. Compare the first message ("ClientHello") for the working and non-working...

> @mattcaswell Is this still relevant or is it superceded by your new fixes? It needs updating in light of the new fixes

> It's always been explicitly intended that we support an application using a memory buffer BIO, hence the work on BIO_dgram_pair. This is not yet supported in this PR but...

Fixed a memleak showing in the CIs.

Fixups pushed addressing feedback. @t8m please take another look. @hlandau - please reconfirm

Ping for second review?