Re: Directly trusted self-issued end-entity certs - Re: How to rotate cert when only first matching cert been verified

@David von Oheimb Thank you so much for your deep investigation! With subjectKeyIdentifier and authorityKeyIdentifier extensions, it works like a charm! So, the former statements I found on this page only applies to

Re: Failing unit tests after adding public key check to pkey_ec_derive()

After looking at the HRR issue a little bit deeper, I think I'm running into an issue that was fixed by this commit ( 166c0b98fd6e8b1bb341397642527a9396468f6c): Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. tls_parse_stoc_key_share was generating a new EVP_PKEY