In May 2025, Jan Larisch enhanced certificate verification workflows in the cloudflare/boring repository by extending the X509_STORE_CTX API. He introduced new interfaces in C and Rust bindings to provide direct access to the current certificate, improve visibility into untrusted certificates, and allow programmatic configuration of verification parameters. These targeted changes addressed the need for more robust PKI verification, enabling developers to inspect certificate chains and fine-tune verification settings for diverse security requirements. By focusing on certificate verification, cryptography, and SSL/TLS, Jan’s work improved both the reliability and flexibility of certificate handling, laying groundwork for future policy-driven enhancements.