ssl

Checklist

• Dependencies installed
• No typos
• Searched existing issues and docs

Issue Description

When using the RateLimiter Middleware with a rate between 0 and 1 all events will be rejected instead of applying the specified rate. E.g.: e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(0.5)))

I am not saying that it is a common use case to have

Using OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)

Issue Description

I assume either REQ is not designed to sign a certificate using only the CA Key but reading the code it looks like it was intended to do so but the error "Must provide a signature key using -key" is returned.
CA and CA Key are set and -in is csr so pkey == NULL is true but shouldn't it be as I a

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disa

Context and Description

The READMEs and any example code in all projects should be updated to reflect the move from the IBM-Swift organization to the Kitura organization.

If anyone wants to take on all or part of this, please comment here so other's know what you're working on and submit PR's. :-)

Thanks!

Which version are you referring to
3.1dev

We list not all RFCs in ~/doc/ which we refer to in testssl.sh.

List used RFCs: grep RFC -w ./testssl.sh | grep -v TLS_CIPHER | grep RFC | sed 's/^.*RFC/RFC/' | sort -u
List RFCs referred to: grep -w RFC doc/testssl.1

When the service being proxied takes too long to reply, the request is cancelled and the client receives a 502

Expected Behavior

You should be able to configure a timeout for the proxied service.

Current Behavior

A request that takes over 30 seconds for a reply fails with 502 and you see the following in the logs:

2019/07/22 22:40:42 http: proxy error: context canceled

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

Suggested enhancement

Either a direct accessor function to retrieve the public component of an mbedtls_ecp_keypair, or a function to write out the public key to a binary buffer. Similarly, a way to create an mbedtls_ecp_keypair structure containing only the public part of the key.

Justification

Mbed TLS needs this because the public key component was made private.