ssl

Checklist

• Dependencies installed
• No typos
• Searched existing issues and docs

Issue Description

When using the RateLimiter Middleware with a rate between 0 and 1 all events will be rejected instead of applying the specified rate. E.g.: e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(0.5)))

I am not saying that it is a common use case to have

Currently the PKCS12_parse() fails if it is called on mac-less PKCS12 files. Given the KDF used with the MAC algorithm in PKCS12 is not FIPS compliant it would be desirable to allow mac-less PKCS12 files.

The PR would need to include some tests for PKCS12_parse API as there are currently none.

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disa

Context and Description

The READMEs and any example code in all projects should be updated to reflect the move from the IBM-Swift organization to the Kitura organization.

If anyone wants to take on all or part of this, please comment here so other's know what you're working on and submit PR's. :-)

Thanks!

Which version are you referring to
3.1dev

We list not all RFCs in ~/doc/ which we refer to in testssl.sh.

List used RFCs: grep RFC -w ./testssl.sh | grep -v TLS_CIPHER | grep RFC | sed 's/^.*RFC/RFC/' | sort -u
List RFCs referred to: grep -w RFC doc/testssl.1

We are using oauth2-proxy in a airgapped enviroment and the login page is missing its stylesheet.
We upgrade oauth proxy from version v7.1.3 to v.7.2.0
But the new version nolonger has its own stylesheet.
It is now downling this from cdn.jsdelivr.net.
We cannot reach this domain from our server.
It is possible to include the stylesheet in the application itself rather then relaying on a 3rth

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

Suggested enhancement

Either a direct accessor function to retrieve the public component of an mbedtls_ecp_keypair, or a function to write out the public key to a binary buffer. Similarly, a way to create an mbedtls_ecp_keypair structure containing only the public part of the key.

Justification

Mbed TLS needs this because the public key component was made private.