tls

I’m trying to script setup and configuration of caddy server based on a custom download that includes additional plugins (caddy-auth-portal, caddy-auth-jwt, caddy-trace, and various caddy-dns modules ).

During setup, the caddy unit file is configured to run caddy as a non priveledged user (by design).

To get certificates configured properly we are attempting to use the caddy trust command

I know this is going to sound trivial... but hopefully it's *SO* trivial that it's easy to implement! «grin»

I was using openssl s_client to debug an issue that turned out to be the result of having multiple DNS (round-robin) 'A' records defined...

It would have helped tremendously if s_client had logged the IP address to which it actually connected at the top. (And running {dig/

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Is your feature request related to a problem? Please describe.

While less common, some users would like to set different passwords for the unlocking a Java keystore and the private key contained within.

Requested in jetstack/cert-manager#4186.

Describe the solution you'd like
Upgrade https://github.com/pavel-v-chernykh/keystore-go to v4.
Add support f

Can somebody give a hand here?

I am referring to this line in the readme: [![Travis CI Status](https://travis-ci.org/drwetter/testssl.sh.svg?branch=3.1dev)](https://travis-ci.org/drwetter/testssl.sh)

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

Description

If a user using an OIDC provisioner has the email configured as myUser@domain.com, and the user signs as myuser@domain.com, step-ca will return an error because the principals passed by the cli do not match the expected ones:

# client
step ssh login --force --provisioner "Office 365" myuser@domain.com

# server
authority.SignSSH: ssh certificate principals does not

The definition and the comment about PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE in include/psa/crypto_sizes.h apply to Weierstrass curves only: 0x04, x, y. This happens to work for Montgomery and Edwards curves as well (because those only use one coordinates, which takes less room), so it's no big deal, but the documentation there is misleading and the definition is suboptimal.

The goal of this