> On 22 Sep 2021, at 20:59, Andrew Dunstan <and...@dunslane.net> wrote:
> I think we need to be consistent on this. NSS builds and OpenSSL builds > should act the same, mutatis mutandis. I 100% agree. Different TLS backends should be able use different truststores etc but once the server is running they must be identical in terms of how they interact with a connecting client. I've tried hard to match our OpenSSL implementation when hacking on the NSS support, but no doubt I've slipped up somewhere so indepth reviews like what Jacob et.al have done is needed (and very welcome). -- Daniel Gustafsson https://vmware.com/
