How to test

Caddyfile

http://{$BASE_URL} {
    log

    handle {
        root * /usr/share/caddy/html
        try_files {path} /index.html
        file_server
    }
}

test1.env

BASE_URL="test.com"

test2.env

BASE_URL=test.com

Run command

caddy run --config /etc/caddy/Caddyfile --adapter caddyfile --envfile /etc/caddy/.env

Possib

The documentation for X509_NAME_print says:

X509_NAME_print() prints out name to bp indenting each line by obase characters. Multiple lines are used if the output (including indent) exceeds 80 characters.
https://github.com/openssl/openssl/blob/master/doc/man3/X509_NAME_print_ex.pod

However, the implementation does not actually do this. obase and 80 figure into l, but l is decreme

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

In #4808 more functionality was added to runScheduler function and I think we should add a unit test for it.

This function is run periodically to add 'Processing' status to unprocessed challenges. This mechanism allows us to limit the number of challen

Which version are you referring to
3.1dev

We list not all RFCs in ~/doc/ which we refer to in testssl.sh.

List used RFCs: grep RFC -w ./testssl.sh | grep -v TLS_CIPHER | grep RFC | sed 's/^.*RFC/RFC/' | sort -u
List RFCs referred to: grep -w RFC doc/testssl.1

The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

Mbed TLS only supports 12-byte nonces for PSA_ALG_STREAM_CIPHER with PSA_KEY_TYPE_CHACHA20 and for PSA_ALG_CHACHA20_POLY1305. The PSA Crypto specification allows both 12-byte and 8-byte nonces