tls

1. Environment

1a. Operating system and version

Manjaro 21.1.0 Pahvo (x86_64 Linux 5.4.135-1-MANJARO)

1b. Caddy version (run caddy version or paste commit SHA)

2.4.3

1c. Go version (if building Caddy from source; run go version)

1.16.6

2. Description

data race found

Caddy config:

{
	"admin": {
		"config":

I know this is going to sound trivial... but hopefully it's *SO* trivial that it's easy to implement! «grin»

I was using openssl s_client to debug an issue that turned out to be the result of having multiple DNS (round-robin) 'A' records defined...

It would have helped tremendously if s_client had logged the IP address to which it actually connected at the top. (And running {dig/

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Is your feature request related to a problem? Please describe.

While less common, some users would like to set different passwords for the unlocking a Java keystore and the private key contained within.

Requested in jetstack/cert-manager#4186.

Describe the solution you'd like
Upgrade https://github.com/pavel-v-chernykh/keystore-go to v4.
Add support f

Can somebody give a hand here?

I am referring to this line in the readme: [![Travis CI Status](https://travis-ci.org/drwetter/testssl.sh.svg?branch=3.1dev)](https://travis-ci.org/drwetter/testssl.sh)

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

What would you like to be added

I'd like to have the option to not have the HSM pin stored in a configuration file, but instead be required to be entered manually by an operator each time the CA is started.

Why this is needed

Having HSM pins sitting on the file system weakens the security in cases of hardware being stolen.

In theory if the PIN is not known then stealing a server a

The definition and the comment about PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE in include/psa/crypto_sizes.h apply to Weierstrass curves only: 0x04, x, y. This happens to work for Montgomery and Edwards curves as well (because those only use one coordinates, which takes less room), so it's no big deal, but the documentation there is misleading and the definition is suboptimal.

The goal of this