tls

It would be a nice addition to integrate Minimal windows service stub in Caddy (built for Windows).

At the moment, it is necessary to use for example NSSM to install Caddy as a service on Windows.

See how it becomes much more natural to [install the service and remove it in the case of another project (Gitea) with the Windows tools](https:

The documentation for X509_NAME_print says:

X509_NAME_print() prints out name to bp indenting each line by obase characters. Multiple lines are used if the output (including indent) exceeds 80 characters.
https://github.com/openssl/openssl/blob/master/doc/man3/X509_NAME_print_ex.pod

However, the implementation does not actually do this. obase and 80 figure into l, but l is decreme

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Describe the bug:

Which version are you referring to
3.1dev

We list not all RFCs in ~/doc/ which we refer to in testssl.sh.

List used RFCs: grep RFC -w ./testssl.sh | grep -v TLS_CIPHER | grep RFC | sed 's/^.*RFC/RFC/' | sort -u
List RFCs referred to: grep -w RFC doc/testssl.1

The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi

Problem:

Currently the s2n_connection->cookie_stuffer is used to track bytes related to the cookie value received in a HRR (HelloRetryRequest). This mean a growable stuffer is allocated and then resized based on the length of the cookie value.

Solution:

While the above works, it should be possible to simplify the code by instantiating the memory in the s2n_cookie_recv method.

Currently the function ssl_tls13_parse_certificate_verify() depends on MD in order to compute the expected salt size, by using mbedtls_md_info_from_type() then mbedtls_md_get_size(). Now that all the hashing operations in TLS 1.3 are done without MD_C, it is desirable to also be able to do the non-crypto bits without MD_C.

This task use PSA APIs instead. It should be possible to get t