Now that we have BoringSSL uniformly available, some of the activities that we let minica.py deal with can potentially be rewritten in C++ using BoringSSL's routines (including CBS)
This would also allow us to move away from the hardcoded-as-hex-in-Python key and root files, and closer to something that uses //net/test/data/ssl/certificates for the root and key.
The core thing to support is to make sure that the OS APIs would be able to reach back to the ETS (i.e. it needs to actually bind to a local port), but this will almost certainly be easier to maintain long-term.
This would also particularly help the testing story on Android and Fuschia, where the SpawnedTestServer is... less than ideal.
Comment 1 by marcuskoehler@chromium.org
, Jan 15