mukrop
commented
1 year ago Thanks, that was a very fast reply!
The issues I reported by email seem to be fixed.
On a clean clone, however, there are some troublesome cases (bc-path-len-exceeded and unhandled-critical-extension in my build). However, these seem to pass on a repeated build (so they are probably Heisenbugs). I'm merging as is, thanks.
I updated the Python TLS server according to the most recent example from Python docs. This fixes the issue of the server crashing on some certificate chains.
The same server also started failing on the
duplicate-bc-extensionchain (possibly a new check added to the Python ssl library), so I changed the configuration of the chain such that it is handled by the Botan server (which is the default option).