Rich Salz
I suggest you read the whole thing and RFC 5280. I'm not going to give subsections; if you're proposing to change things you should have a good background.
The code in verify options should be refactored to an `opt_oid` function like `opt_md` etc. The void cast at line 600 goes against common style; use `__owur` for places where...
> Good question - so far I only see pretty simple use cases, Have you looked at IPsec? If not, you should. (And no, I don't have a summary/reading list.)
I understand that you are doing things on your spare time and thanks. But if you are doing things that don't actually help, based on your limited knowledge and understanding,...
>your comments in particular this thread sound like you believe you have superior knowledge, understanding, and experience. - I know what I don't know. - Previous comments I've made on...
Your wording implies that it's done, and will soon be a standard. It's not done, it's going to be changing, and yes OpenSSL should support it once it gets finalized.
Leave off the trailing -XX part and you always get the latest version.
For those who don't know, Stephen is a former IETF Security AD and a member of the Internet Architecture Board. Trust that he (and the project) will do the right...
ESNI has evolved and has become EncryptedClientHello, ECH. ECH is still being developed. I know @sftcd (who did the initial ESNI implementation) is very involved with ECH. Your pessimism is...
*The specification is not done.*