Christopher Schultz

Using an external library (bouncycastle) or another class is not really necessary at all to read a PEM file. It's like 2 lines of Java code: ``` import java.security.cert.Certificate; import...

Honestly, I think it makes more sense to support something like `signWith(Certificate)` for token-generation and `setSigningKey(Certificate)` for token-validation for starters. Then a future improvement could be `useSigningKeyFromToken(true)` or something to...

> `signWith(Certificate)` for token-generation 🤦‍♂️ Of course, you can't sign with a Certificate, since the Certificate class doesn't expose the private key. But maybe something like `signWith(Certificate, PrivateKey)` where the...

Thank you for your contribution. I have a few comments: 1. The javadoc was copy/pasted and inaccurate: both classes claim to serve JSPs for errors, and neither of them do...

> Writing an HTTP proxy is non-trivial. I am going to need a LOT of convincing that the proxy Valve is both safe and compliant with the relevant RFCs. I'd...

Gary Gregory requested in https://issues.apache.org/jira/browse/CODEC-239 that I create a PR for this. I finally got around to doing it.

> My main reasons are that libressl has a better track record with security Really? Mostly what they did was discard old garbage from OpenSSL that may have had bugs...

> > there would need to be an appropriate Panama module > > What exactly is this? The plan is to migrate to Panama to avoid having to ship libtcnative...

> I still don't understand how it is going to solve `#ifdef` if you need conditional compilation... I'm not sure I understand. All the native code does away, so the...

I'm trying to decide if I want to merge this. In general, I like the idea. On the other hand, it's quite arbitrary what that feedback limit is... you want...