tls

I have modified the default file_server browse template to integrate it with a website, by using httpInclude to load blocks of HTML containing the header, footer and theme. These files are hosted on the same Caddy instance, and it works well provided that compression is not enabled. When compression is enabled, the file_server browser becomes garbage: it appears that raw compressed data is inc

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Is your feature request related to a problem? Please describe.

jetstack/cert-manager#3607 implies that certificates are not re-issued if key usages change. This behaviour should be documented and tested with an appropriate conformance test.

https://cert-manager.io/docs/usage/certificate/ should be updated as well

Additional context
https://github.com/jets

There's little information about what keys and values are in the output, what it means and how they are related to the screen output. In general that needs to be added. (special topics see #1675, #1674)

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

What would you like to be added

We can't query smallstep for anything related to certs because the only thing in the DB is the bytes of the cert. Storing the cert alongside more columns like the common name, not after date, and more, would let us enable more complex queries, and optimize performance for future use cases.

Why this is needed

Enable searching of Certificates signed by attrib

Suggested enhancement

When MBEDTLS_USE_PSA_CRYPTO is enabled, a new API function, mbedtls_pk_setup_opaque() is made available to allow the user to wrap a private key held by PSA into a PK context - this allows passing the PSA-held key to existing TLS and X.509 APIs that expect a private key (as a PK context, not a PSA key identifier) without modifying those APIs.

That feature current