David Benjamin
David Benjamin
(BTW, I tried to flag this several months ago in https://github.com/openssl/openssl/pull/23041#issuecomment-2057230250, but it doesn't look like there was a response.)
I mean, the request is that you all participate actively in the effort to fix the protocol definition, as would normally be expected of a protocol that isn't quite set...
The reason for there being both `algor1` and `algor2` is just because an X.509 certificate has two copies of the signature algorithm, one inside the TBSCertificate and one outside. And...
> BoringSSL still maintains support for explicit curves, with a comment that OpenSSL sometimes generates keys using it Small drive-by footnote: BoringSSL supports it when parsing private keys, but not...
> I was hoping we could use https://infra.spec.whatwg.org/#isomorphic-encode, but unfortunately that would not match what you are seeing. Hrm, yeah it seems the URL parser would need to be aware...
In a lot cases, I suspect it's the same both ways, since the URL parser also percent-escapes some stuff. Either way such bytes will be percent-escaped. Non-ASCII bytes, however, run...
WPT test in https://chromium-review.googlesource.com/c/chromium/src/+/1532901.
Huh, interesting. I'll see about mimicking those, though it may be a bit. (Heading out to IETF 104.)
Oh, interesting. `HttpResponseHeaders::IsRedirect` still believes it's possible. I guess we missed updating that comment. Although I see that this check is implemented in the HTTP/1.1 parser (which makes some sense...
Arguably everything discussed in this issue falls under that undefined behavior umbrella. Of course, that's not good enough from the web's perspective and we need to write down the full...