I’m trying to script setup and configuration of caddy server based on a custom download that includes additional plugins (caddy-auth-portal, caddy-auth-jwt, caddy-trace, and various caddy-dns modules ).

During setup, the caddy unit file is configured to run caddy as a non priveledged user (by design).

To get certificates configured properly we are attempting to use the caddy trust command

Just for RSA. Do encrypt and decrypt. Include a bold comment that this should not be used for bulk encryption.

It should be the current best practice (fetch), have proper error handling and resource allocation/deallocation and be in the style of a known answer test.

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

The E2E tests sometimes fail during setup with the message:

 ERROR: 1 setup jobs failed. Check logs above for details. 

-- https://prow.build-infra.jetstack.net/view/gcs/jetstack-logs/pr-logs/pull/jetstack_cert-manager/3647/pull-cert-manager-e2e-v1-20/1359494849920765955#1:build-log.txt%3A668 (thanks @irbekrm )

The setup jobs are launched as background shell jobs:

• https://gi

There's little information about what keys and values are in the output, what it means and how they are related to the screen output. In general that needs to be added. (special topics see #1675, #1674)

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

What would you like to be added

Add support for a DynamoDB storage backend. Although MySQL is available, it would require to run a RDS Instance for it. Extra costs, backup considerations, etc. Even with Aurora Serverless.

DynamoDB is just there, scales as needed with OnDemand pricing and has fine backup capabilities.

Why this is needed

We plan to run step-ca in AWS ECS on Farga

In crypto_sizes.h we rely on the fact that the largest block size is a multiple of all possible block sizes when we compute maximum output lengths by rounding up to a multiple of the maximum block size. (This would not be correct if the largest block size was not a multiple of the others: for example if 8, 12 and 16 are possible block sizes the length to round up is say 13, then the maximum will