• Improved errors for invalid signature algorithms; added variants to both CertificateError and CertRevocationError to replace the UnsupportedSignatureAlgorithm variant (now deprecated) in order to provide more context.
• Improved extension representation to increase handshake efficiency.

What's Changed

• Delete unusable no-std ticketer code by @ctz in #2500
• Support _ABSENT_PARAMS PKCS#1 signature algorithms by @ctz in #2505
• Rework representation of extensions in ClientHello by @ctz in #2502
• Rework representation of extensions in server messages by @ctz in #2508
• Reduce small Vec<Enum> uses in extensions by @ctz in #2509
• client: refactor in preparation for PSK support by @djc in #2516
• client: pass all of ClientHelloInput into tls12 handle_server_hello() by @djc in #2518
• client: refactor client handshake some more by @djc in #2521
• Simplify the simpleserver example by using rustls::Stream by @Ten0 in #2522
• Add SignatureSchemes for ML-DSA by @djc in #2532
• add From<Arc<CertifiedKey>> for SingleCertAndKey by @stormshield-gt in #2535
• Memoise computation of empty hash by @ctz in #2538
• Correct calculation of ServerHello ECH confirmation by @ctz in #2545
• Improve compactness of Debug impl for extensions by @ctz in #2546
• Do not retain master secret during terminal key schedule state by @ctz in #2540
• Adopt webpki 0.103.4 by @djc in #2531