Would it make more sense to leave the cert out? Seems like state we should collect in script land instead of passing it through from the core each time.
.Seth
The “cert” only is a record in the events. So - the only thing that is passed around is a ref-counted
pointer. The actual certificate string is not passed to script land anymore (when I am finished you
will be able to get it if you really want to, but it will not be exposed by default).
An opaque type is passed around - this makes certificate verification possible without having to re-parse
them with OpenSSL.
I thought that that is ok. Or are you meaning something else?
Johanna
Followup - Seth convinced me that I am doing it wrong 
The record will disappear from the extension
events.
Johanna
Just to record it, we talked through this and it only seems like the right thing to do at the moment because we're using openssl underneath for parsing but eventually we won't and this results in a situation where the core is required to store state even if the user doesn't necessarily want the state. We also have mechanisms in script land now (record redefining) that make storing the state on-demand easy.
.Seth