tls

Context: https://caddy.community/t/including-files-scripts/15050/4

Right now, the templates module is inflexible in that only functions the functions registered by Caddy itself are available.

A good refactor would be to make it possible to pass an optional array of modules in the http.handlers.templates.functions.* namespace which get invoked at Provision() time to register additional

Using OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)

Issue Description

I assume either REQ is not designed to sign a certificate using only the CA Key but reading the code it looks like it was intended to do so but the error "Must provide a signature key using -key" is returned.
CA and CA Key are set and -in is csr so pkey == NULL is true but shouldn't it be as I a

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Describe the bug:

At the moment our e2e conformance tests create Issuers/ClusterIssuers for each type

Which version are you referring to
3.1dev

We list not all RFCs in ~/doc/ which we refer to in testssl.sh.

List used RFCs: grep RFC -w ./testssl.sh | grep -v TLS_CIPHER | grep RFC | sed 's/^.*RFC/RFC/' | sort -u
List RFCs referred to: grep -w RFC doc/testssl.1

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi

Suggested enhancement

Either a direct accessor function to retrieve the public component of an mbedtls_ecp_keypair, or a function to write out the public key to a binary buffer. Similarly, a way to create an mbedtls_ecp_keypair structure containing only the public part of the key.

Justification

Mbed TLS needs this because the public key component was made private.