(Feature request out of https://caddy.community/t/use-placeholders-in-templates/7697)

I would like to see the ability of using placeholders like {http.error.status_code} in templates. This would allow us, for example, to create a single custom error page in nginx style. For now we have to create a page for every status code we would like to support (maybe using respond with include and ar

Filippo, as we discussed as GothamGo, using mkcert as an infrastructure CA to secure internal service-to-service http calls is probably a use case falls within the mission of mkcert. The readme provides enough detail on how to do this manually, but it warns against "production" use. Please clarify that this use case is not discouraged. Thanks.

Problem Description

The option --set doesn't work

Steps to reproduce the behavior:

1. The command mitmdump.exe -p 8088 --set ssl_version_client=all --set ssl_version_server=all doesn't change configuration

2. mitmdump.exe -p 8088 --options doesn't show changes

3. mitmdump.exe --options returns Error starting proxy server: OSError(98, 'Address already in use')

4. A default co

Can you add Blake3 support to openssl? It's over 10x faster than sha2 and will probably be widely adopted.

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Is your feature request related to a problem? Please describe.

This way we can ensure cert-manager certs can't be used to create intermediates

Describe the solution you'd like

Add to CertificateSpec struct.

Describe alternatives you've considered

Manually creating a CA cert.

/kind feature

there was an issue discussed in the #ponzu slack channel where knowing the order in which content type's item.Hookable methods are executed may have helped a lot. this helps users determine the state of the database and what is available at what time.

documentation would be great to mention this order (note the hook invocations):
https://github.com/ponzu-cms/ponzu/blob/ec7b5b2bab2cad13db

Currently, testssl prints a big red warning when a server has no server preferred cipher order.

Mozilla recently relaxed their recommendations regarding cipher order. If only strong cipher suites are supported anyway, why not deciding according to the client's preferences. Maybe it's a phone that wants to optimize for performance on low hardware. Additionally, often browsers are better maintain

Hi,
not a big issue but as you asked to contribute to the documentation with an CLI example I thought it's worth sharing mine here so one of you with permissions could update the page https://go-acme.github.io/lego/dns/dode/:

export DODE=1234567890abcdefghij lego -d myserver.mydomain.com -a --dns dode --email its.me@yahoo.com run

In case the local DNS server (e.g. 10.1.1.1) is not rea

Problem:

When you initialize a stuffer with an existing blob, the typical pattern is to write

struct s2n_blob blob;
struct s2n_stuffer stuffer;

GUARD(s2n_stuffer_init(&stuffer, &blob));
GUARD(s2n_stuffer_write(&stuffer, &blob));

This causes a memcpy to write to overlapping pages, which is undefined behavior. A workaround is to use s2n_stuffer_raw_write, but this st

Preface: I am not an expert in encryption, so sorry for any inaccuracies with how I am describing the issue here.

In the documentation, it states:

// Note: CBC and ECB modes use PKCS#7 padding as default

Is it possible to configure what padding is used? I am working with a system where they are not expecting padding. Is that something that even makes sense/is possible?

At https://github.com/letsencrypt/boulder/blob/97390560a3bf1f68404087c7011752cf1e4bc302/va/va.go#L421, we log when an RPC to a remote VA failed (e.g. due to network timeout or connection refused). However, we don't currently have a stat that shows just that number (as opposed to overall validation failures, which includes cases where we got, e.g., and invalid challenge token). We should add a stat

A Spring Boot user has reported a problem with Spring Boot's reference documentation linking to Jetty's documentation. Spring Boot's reference documentation links to the Jetty documentation for the specific version of Jetty that it built against. For example, the documentation for Spring Boot 2.2.4 links to https://www.eclipse.org/jet

https://www.boost.org/doc/libs/1_71_0/libs/beast/doc/html/beast/using_websocket/timeouts.html says

The timeout features of the TCP or basic stream should not be used when working with a websocket stream.

and

`The timeouts on the websocket stream are incompatible with the timeouts used in the tcp_stream. When constructing a websocket stream from a tcp stream that has timeouts enabled, th

Description

• Type: Bug
• Priority: Minor

Bug

This document should be updated and/or renamed now that mbed-crypto has been merged back in mbedtls.

What would you like to be added

I would love to have a MongoDB database connector.

Why this is needed

All our other services use MongoDB and I would love to keep everything unified in one database system.

Failing that, is it possible to provide a pluggable webhook that we can have and then enter into our own database?

I find the current implementation of get_peer_certificates to be limiting in several ways:

1. #169 lacks documentation
2. The current implementation (basically still ctz/rustls@7b73a0b) is far from being as performant as it could be:
   • The returned Vec is initialized without capacity, hence reallocated multiple times.
   • This

it got updated to use only use TLS 1.3, but currently mozilla-modern.badssl.com only use tls 1.2 so it clearly not set to current version of 'modern' configuration. so it need to updated.
actually, it looks like pushed though a level down ( old modern-> intermediate, old intermediate -> now old )
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

我按照http://gmssl.org/docs/quickstart.html 上的步骤在Ubuntu 16.04LTS上安装GmSSL，出现了以下错误：

Makefile:6850: recipe for target 'engines/sdf_dummy.o' failed
make[1]: *** [engines/sdf_dummy.o] Error 1
make[1]: Leaving directory 'home/usr/Downloads/GmSSL-master'
Makefile:128: recipe for target 'all' failed
make: *** [all] Error 2

请问一下我该如何解决这个错误呢？

This basically the same as certbot/certbot#1215 but for acmetool. I want to change the contact e-mail for accounts created by acmetool.

I just tried to "import" the acmetool account to certbot but failed doing it. Is there any documentation on how to do this? Is it even possible?