In rustls/rustls-native-certs#25 we discussed the desirability of using the platform verifier on macOS and Windows instead of trying to extract a set of roots, because distrust of certain roots is implemented in the platform verifier.

The platform verifiers perform blocking I/O, so the current ServerCertVerifier interface is not appropriate, since it is likely to be called on a thread doing async I/O, where we don't want to block the whole thread.

#787 is an example of solving a similar problem for the server side, but that has the advantage that accepting a ClientHello can happen before any TLS work is done. Server certificate verifier happens in the middle of the handshake.

Here's a list of related places where we have the same problem to solve, hoisted from ctz's comment below:

• asynchronous server certificate validation by client (the primary problem)
• asynchronous client certificate validation by server (Allow validating the client certificate with an async function #468)
• asynchronous handshake authentication signature by server (mention in passing in Delegating crypto to a RustCrypto traits implementation #390)
• asynchronous handshake authentication signature by client (ditto)
• asynchronous session storage (Asynchronous StoresServerSessions #264 -- though i'm not totally convinced, i would expect any scalable distributed session storage implementation would serve from a complete store in memory, with a weakly consistent cache coherence protocol underneath?)