René Meusel

> `ExternalPrivateKey` would be a completely new root class and not directly integrate with the existing hierarchy. Wouldn't that exclude the convenience of using those external private keys for existing...

In our mental model the `__ExtPrivateKey` classes would have been internal implementation detail anyway. Only the new classes `ExternalPrivateKey` and `_ExternalPrivateKey` would be part of the user-facing API. Just to...

Seems that the `http_client` cannot clean up properly if it is instantiated in global scope (and hence destructed after `main()` finished). If I run the following, it doesn't crash: ```C++...

> This seems really complicated tbh. Yeah, I felt the same way. Your suggestion to allow providing the signature either at the very beginning or the very end makes sense...

You probably want to override the method [`Credentials_Manager::find_cert_chain()`](https://botan.randombit.net/doxygen/classBotan_1_1Credentials__Manager.html#aa01ef27a0e5927cdde6602a8806fc5f4). That method returns a `std::vector` which should contain the certificate chain ordered from leaf to root. (Usually, root can be left out.)

AppVeyor doesn't seem to find a `python3` binary. I guess we can ignore that and later see how [GitHub Actions](https://github.com/randombit/botan/pull/3007) fares with that. Also the emscripten target fails, [that's handled...

> At least configure.py, test_cli.py, and botan2.py have a number of conditional jumps based on sys.version_info to handle Python2 vs Python3 differences, which should be removed. Deleting code! ❤️

This works, now. Though it breaks the build on AppVeyor. `master` won't build once this is merged. .. Instead, lets hold on until [the switch to GitHub Actions (Windows)](https://github.com/randombit/botan/pull/3007#discussion_r970662405) is...

We should probably remove: ``` PublicKey* X509_Certificate::subject_public_key() ``` ... it returns a raw pointer and documentation claims that the caller is responsible for the object. New code shall use `load_subject_public_key()`...

I just recreated this integration based on the current master (containing the basic TLS 1.3 client implementation).