Jacob Hoffman-Andrews
Jacob Hoffman-Andrews
Yep, I'll work on that tomorrow. Thanks for the ping!
Finished reviewing. Two last thoughts: - I think the test matrix should include a case that builds both ring and aws-lc-rs into the same binary, since that's supported. - Ideally...
> we don't support builds w/ both providers. That's great, I support that. This makes me realize we need an update to the README discussing building with ring. That could...
> @jsha Did you want to give any of these updates another pass or is this safe to merge/release? Please go ahead without waiting for further reviews from me -...
Have we done any profiling of what takes time when parsing large numbers of renewal configs? I don't have the numbers, but based on reports of how long it takes...
@jvanasco in #10246 you mentioned that starting up and checking renewal takes a long time. I tried to reproduce locally. I followed the instructions from https://eff-certbot.readthedocs.io/en/latest/contributing.html#running-a-local-copy-of-the-client to set up a...
I did another test with the nginx configurator at 1000 lineages, and `certbot renew` (with none needing renewal) took 2 minutes. Pretty reasonable. That makes sense - I'm pretty sure...
> As for using 2048 instead of smaller certs...I'm not sure I see the rationale. To match what's actually used in practice as closely as possible? It couldn't hurt, but...
Fixed a fun little bug in the first push of this PR: I had deleted `cert_512_bad.pem` and tests passed; but in fact it is still used. It's just that the...
Your analysis makes sense. The difference between those two timestamps is 20ms, which is on the order of thread scheduling overhead. The unwritten(?) assumption of crl-updater is that it is...