ssl

Checklist

• Dependencies installed
• No typos
• Searched existing issues and docs

Issue Description

When using the RateLimiter Middleware with a rate between 0 and 1 all events will be rejected instead of applying the specified rate. E.g.: e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(0.5)))

I am not saying that it is a common use case to have

The documentation for X509_NAME_print says:

X509_NAME_print() prints out name to bp indenting each line by obase characters. Multiple lines are used if the output (including indent) exceeds 80 characters.
https://github.com/openssl/openssl/blob/master/doc/man3/X509_NAME_print_ex.pod

However, the implementation does not actually do this. obase and 80 figure into l, but l is decreme

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disa

Context and Description

The READMEs and any example code in all projects should be updated to reflect the move from the IBM-Swift organization to the Kitura organization.

If anyone wants to take on all or part of this, please comment here so other's know what you're working on and submit PR's. :-)

Thanks!

Which version are you referring to
3.1dev

We list not all RFCs in ~/doc/ which we refer to in testssl.sh.

List used RFCs: grep RFC -w ./testssl.sh | grep -v TLS_CIPHER | grep RFC | sed 's/^.*RFC/RFC/' | sort -u
List RFCs referred to: grep -w RFC doc/testssl.1

Expected Behavior

rewriteTarget should work identical for websocket connections and none websocket connections

Current Behavior

For websocket connections, oauth2proxy does not seem to rewrite the request path before sending it to the upstream server.

Example:

...
server:
  BindAddress: 0.0.0.0:8081
  SecureBindAddress: ""
  TLS: null
upstreamConfig:
  upstreams:

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

Currently the function ssl_tls13_parse_certificate_verify() depends on MD in order to compute the expected salt size, by using mbedtls_md_info_from_type() then mbedtls_md_get_size(). Now that all the hashing operations in TLS 1.3 are done without MD_C, it is desirable to also be able to do the non-crypto bits without MD_C.

This task use PSA APIs instead. It should be possible to get t