I am trying to build a Caddy configuration that can cater to multiple environments (production, staging, local development).
To achieve this, I want to use environment variables for the base host names/urls, via the {env.*} placeholder. This works great in addresses, route matches and upstream reverse-proxy configuration.

Unfortunately, using the same approach does currently not work when

The app_get0_propq (from apps/lib/apps.c) is used throughout many openssl apps to define propq used to fetch the algorithms. Currently, it just returns NULL and its comment says "TODO(3.0): Make this an environment variable if required".
If a provider is used that does not implement all algorithms (e.g. reuses STORE from the default one) the propq needs to be defined to fetch the right implemen

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Is your feature request related to a problem? Please describe.
At cert-manager 1.0, there is ServiceMonitor to scrape certs metrics, but there is no alert(s) on certs renew failures to cluster operator.

Describe the solution you'd like
PrometheusRule object with alerting rules about expiring certs. Plus, ability to extend/override default rules via helm values.

/kind feature

There's little information about what keys and values are in the output, what it means and how they are related to the screen output. In general that needs to be added. (special topics see #1675, #1674)

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

We should review the codebase & docs for alienating language, along the lines of https://www.eetimes.com/its-time-for-ieee-to-retire-master-slave/ . There's some Arm-internal discussion here: https://confluence.arm.com/display/DIVINC/Arm+Progressive+Terminology+Group

Description

• Type: Enhancement

"master" occurs commonly in "pre-master secret" which probably should remain while it's t

What would you like to be added

Add support for a DynamoDB storage backend. Although MySQL is available, it would require to run a RDS Instance for it. Extra costs, backup considerations, etc. Even with Aurora Serverless.

DynamoDB is just there, scales as needed with OnDemand pricing and has fine backup capabilities.

Why this is needed

We plan to run step-ca in AWS ECS on Farga